merge-fix-again

Author: shlipsey3

articles/active-directory/reports-monitoring/howto-access-activity-logs.md

@@ -45,6 +45,14 @@ The required roles and licenses may vary based on the report. Global Administrat
 
 Activity reports are available for features that you've licensed. To access the sign-ins activity logs, your tenant must have an Azure AD Premium license associated with it.
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
+1. Sign in to the [Azure portal](https://portal.azure.com) using one of the required roles.
+1. Go to **Azure AD** and select **Audit logs**, **Sign-in logs**, or **Provisioning logs**.
+1. Adjust the filter according to your needs.
+    - For more information on the filter options for audit logs, see [Azure AD audit log categories and activities](reference-audit-activities.md). 
+    - For more information on the sign-in logs, see [Basic info in the Azure AD sign-in logs](reference-basic-info-sign-in-logs.md).
+
 ## Stream logs to an event hub to integrate with SIEM tools
 
 Streaming your activity logs to an event hub is required to integrate your activity logs with Security Information and Event Management (SIEM) tools, such as Splunk and SumoLogic. Before you can stream logs to an event hub, you need to [set up an Event Hubs namespace and an event hub](../../event-hubs/event-hubs-create.md) in your Azure subscription. 
@@ -221,4 +229,3 @@ Use the following basic steps to archive or download your activity logs.
 - [Archive logs to a storage account](quickstart-azure-monitor-route-logs-to-storage-account.md)
 - [Integrate logs with Azure Monitor logs](howto-integrate-activity-logs-with-log-analytics.md)
 
-

articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md

@@ -46,6 +46,10 @@ Looking for how to set up a Log Analytics workspace for Azure resources outside
 
 Once you have a Log Analytics workspace created, follow the steps below to send logs from Azure Active Directory to that workspace. 
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
+Follow the steps below to send logs from Azure Active Directory to Azure Monitor. Looking for how to set up Log Analytics workspace for Azure resources outside of Azure AD? Check out the [Collect and view resource logs for Azure Monitor](../../azure-monitor/essentials/diagnostic-settings.md) article.
+
 1. Sign in to the [Azure portal](https://portal.azure.com) as a **Security Administrator**.
 
 1. Go to **Azure Active Directory** > **Diagnostic settings**. You can also select **Export Settings** from the Audit logs or Sign-in logs.

articles/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account.md

@@ -55,6 +55,10 @@ To use this feature, you need:
 
     ![Diagnostics settings](./media/quickstart-azure-monitor-route-logs-to-storage-account/DiagnosticSettings.png)
 
+9. In the **Retention days** field, enter the number of days of retention you need of your log data. By default, this value is *0*, which means that logs are retained in the storage account indefinitely. If you set a different value, events older than the number of days selected are automatically cleaned up.
+ 
+10. Select **Save**.
+
 9. After the categories have been selected, in the **Retention days** field, type in the number of days of retention you need of your log data. By default, this value is *0*, which means that logs are retained in the storage account indefinitely. If you set a different value, events older than the number of days selected are automatically cleaned up.
 
 > [!NOTE]