updates

guywi-ms · guywi-ms · commit f3a818c7dddd · 2024-03-24T11:16:08.000+02:00
diff --git a/articles/azure-monitor/includes/waf-logs-security.md b/articles/azure-monitor/includes/waf-logs-security.md
@@ -32,5 +32,4 @@ ms.date: 08/24/2023
 | Configure log query auditing to track which users are running queries. | [Log query auditing](../logs/query-audit.md) records the details for each query that's run in a workspace. Treat this audit data as security data and secure the [LAQueryLogs](/azure/azure-monitor/reference/tables/laquerylogs) table appropriately. Configure the audit logs for each workspace to be sent to the local workspace, or consolidate in a dedicated security workspace if you separate your operational and security data. Use [Log Analytics workspace insights](../logs/log-analytics-workspace-insights-overview.md) to periodically review this data and consider creating log search alert rules to proactively notify you if unauthorized users are attempting to run queries. |
 | Determine a strategy to filter or obfuscate sensitive data in your workspace. | You might be collecting data that includes [sensitive information](../logs/personal-data-mgmt.md). Filter records that shouldn't be collected using the configuration for the particular data source. Use a [transformation](../essentials/data-collection-transformations.md) if only particular columns in the data should be removed or obfuscated.<br><br>If you have standards that require the original data to be unmodified, then you can use the ['h' literal](/azure/data-explorer/kusto/query/scalar-data-types/string#obfuscated-string-literals) in KQL queries to obfuscate query results displayed in workbooks. |
 | Purge sensitive data that was accidentally collected. | Check periodically for private data that might have been accidentally collected in your workspace and use [data purge](../logs/personal-data-mgmt.md#exporting-and-deleting-personal-data) to remove it. |
-|Enable Customer Lockbox for Microsoft Azure to approve or reject Microsoft data access requests.|[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides you with an interface to review and approve or reject customer data access requests. It's used in cases where a Microsoft engineer needs to access customer data, whether in response to a customer-initiated support ticket or a problem identified by Microsoft.|
-
+|Enable Customer Lockbox for Microsoft Azure to approve or reject Microsoft data access requests.|[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides you with an interface to review and approve or reject customer data access requests. It's used in cases where a Microsoft engineer needs to access customer data, whether in response to a customer-initiated support ticket or a problem identified by Microsoft. To enable Customer Lockbox, you need a [dedicated cluster](../logs/logs-dedicated-clusters.md).|
diff --git a/articles/azure-monitor/logs/data-security.md b/articles/azure-monitor/logs/data-security.md
@@ -184,7 +184,7 @@ Azure Monitor Logs relies on Azure Storage in specific scenarios. Use [private/c
 
 ## Customer Lockbox for Microsoft Azure
 
-[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides an interface for customers to review and approve or reject customer data access requests. It's used in cases where a Microsoft engineer needs to access customer data during a support request.
+[Customer Lockbox for Microsoft Azure](../../security/fundamentals/customer-lockbox-overview.md) provides you with an interface to review and approve or reject customer data access requests. It's used when a Microsoft engineer needs to access customer data, whether in response to a customer-initiated support ticket or a problem identified by Microsoft. To enable Customer Lockbox, you need a [dedicated cluster](../logs/logs-dedicated-clusters.md).
 
 ## Tamper-proofing and immutability 
 
