MicrosoftDocs
diff --git a/‎articles/active-directory/fundamentals/scenario-azure-first-sap-identity-integration.md
Lines changed: 7 additions & 2 deletions b/‎articles/active-directory/fundamentals/scenario-azure-first-sap-identity-integration.md
Lines changed: 7 additions & 2 deletions
diff --git a/‎articles/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial.md
Lines changed: 5 additions & 0 deletions b/‎articles/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/azure-monitor/alerts/alerts-logic-apps.md
Lines changed: 65 additions & 33 deletions b/‎articles/azure-monitor/alerts/alerts-logic-apps.md
Lines changed: 65 additions & 33 deletions
diff --git a/‎articles/azure-monitor/alerts/media/alerts-logic-apps/initialize-variable.png
49.4 KB b/‎articles/azure-monitor/alerts/media/alerts-logic-apps/initialize-variable.png
49.4 KB
diff --git a/‎articles/azure-monitor/autoscale/autoscale-overview.md
Lines changed: 4 additions & 2 deletions b/‎articles/azure-monitor/autoscale/autoscale-overview.md
Lines changed: 4 additions & 2 deletions
@@ -17,7 +17,7 @@ ms.collection:
 
 # Scenario - Using Azure Active Directory to secure access to SAP platforms and applications
 
-This document provides advice on the technical design and configuration of SAP platforms and applications when using Azure Active Directory as the primary user authentication service.
+This document provides advice on the **technical design and configuration** of SAP platforms and applications when using Azure Active Directory as the primary user authentication service. Learn more about the initial setup in [this tutorial](../saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial.md).
 
 ## Terminology used in this guide
 
@@ -246,7 +246,7 @@ As discussed before, we recommend setting up a trust configuration in BTP toward
 
 ![Rolling over SAML Signing Certs](./media/scenario-azure-first-sap-identity-integration/sap-rollover-saml-signing-certs.png)
 
-SAP has example implementations for client certificate notifications with SAP Cloud Platform Integration [here](https://blogs.sap.com/2017/12/06/sap-cloud-platform-integration-automated-notification-of-keystore-entries-reaching-expiry/) and [here](https://blogs.sap.com/2019/03/01/sap-cloud-platform-integration-automated-notification-for-client-certificates-reaching-expiry/). This could be adapted with Azure Integration Services or PowerAutomate. However, they would need to be adapted to work with server certificates. Such approach requires a custom implementation.
+SAP has example implementations for [client certificate notifications](https://blogs.sap.com/2017/12/06/sap-cloud-platform-integration-automated-notification-of-keystore-entries-reaching-expiry/) with SAP Cloud Integration and [near-expiry handling](https://blogs.sap.com/2019/03/01/sap-cloud-platform-integration-automated-notification-for-client-certificates-reaching-expiry/). Find another example focusing on the SAP BTP trust store and Azure Key Vault [here](https://blogs.sap.com/2022/12/02/automatic-sap-btp-trust-store-certificate-renewal-with-azure-key-vault-or-how-to-stop-thinking-about-expiry-dates-once-and-for-all/). This could be adapted with Azure Integration Services or PowerAutomate. However, they would need to be adapted to work with server certificates. Such approach requires a custom implementation.
 
 #### Why this recommendation?
 
@@ -273,3 +273,8 @@ Azure AD B2C doesn't natively support the use of groups to create collections of
 Fortunately, Azure AD B2C is highly customizable, so you can configure the SAML tokens it sends to IAS to include any custom information. For various options on supporting authorization claims, see the documentation accompanying the [Azure AD B2C App Roles sample](https://github.com/azure-ad-b2c/api-connector-samples/tree/main/Authorization-AppRoles), but in summary: through its [API Connector](../../active-directory-b2c/api-connectors-overview.md) extensibility mechanism you can optionally still use groups, app roles, or even a custom database to determine what the user is allowed to access.
 
 Regardless of where the authorization information comes from, it can then be emitted as the `Groups` attribute inside the SAML token by configuring that attribute name as the [default partner claim type on the claims schema](../../active-directory-b2c/claimsschema.md#defaultpartnerclaimtypes) or by overriding the [partner claim type on the output claims](../../active-directory-b2c/relyingparty.md#outputclaims). Note however that BTP allows you to [map Role Collections to User Attributes](https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/b3fbb1a9232d4cf99967a0b29dd85d4c.html), which means that *any* attribute name can be used for authorization decisions, even if you don't use the `Groups` attribute name.
+
+## Next Steps
+
+- Learn more about the initial setup in [this tutorial](../saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial.md)
+- Discover additional [SAP integration scenarios with Azure AD](../../sap/workloads/integration-get-started.md#azure-ad) and beyond
@@ -21,6 +21,9 @@ In this tutorial, you'll learn how to integrate SAP Cloud Identity Services with
 * Enable your users to be automatically signed-in to SAP Cloud Identity Services with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
+> [!TIP]
+> Follow the recommendations and best-practice guide "[Using Azure Active Directory to secure access to SAP platforms and applications](../fundamentals/scenario-azure-first-sap-identity-integration.md)" to operationalize the setup.
+
 ## Prerequisites
 
 To get started, you need the following items:
@@ -215,3 +218,5 @@ You can also use Microsoft My Apps to test the application in any mode. When you
 ## Next steps
 
 Once you configure the SAP Cloud Identity Services you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).
+
+Consult the [recommendations and best-practice guide](../fundamentals/scenario-azure-first-sap-identity-integration.md) to operationalize the setup.
@@ -3,12 +3,11 @@ title: Customize alert notifications using Logic Apps
 description: Learn how to create a logic app to process Azure Monitor alerts.
 author: EdB-MSFT
 ms.topic: conceptual
-ms.date: 09/07/2022
+ms.date: 02/09/2023
 ms.author: edbaynash
 ms.reviewer: edbaynash
 
 # Customer intent: As an administrator I want to create a logic app that is triggered by an alert so that I can send emails or Teams messages when an alert is fired.
-
 ---
 
 # Customize alert notifications using Logic Apps 
@@ -17,24 +16,28 @@ This article shows you how to create a Logic App and integrate it with an Azure
 
 [Azure Logic Apps](../../logic-apps/logic-apps-overview.md) allows you to build and customize workflows for integration. Use Logic Apps to customize your alert notifications.
 
-+ Customize the alerts email, using your own email subject and body format. 
-+ Customize the alert metadata by looking up tags for affected resources or fetching a log query search result. For information on how to access the search result rows containing alerts data, see: 
-  + [Azure Monitor Log Analytics API response format](../logs/api/response-format.md)
-  + [Query/management HTTP response](/azure/data-explorer/kusto/api/rest/response)
-+ Integrate with external services using existing connectors like Outlook, Microsoft Teams, Slack and PagerDuty, or by configuring the Logic App for your own services.
+- Customize the alerts email, using your own email subject and body format. 
+- Customize the alert metadata by looking up tags for affected resources or fetching a log query search result. For information on how to access the search result rows containing alerts data, see: 
+  - [Azure Monitor Log Analytics API response format](../logs/api/response-format.md)
+  - [Query/management HTTP response](/azure/data-explorer/kusto/api/rest/response)
+- Integrate with external services using existing connectors like Outlook, Microsoft Teams, Slack and PagerDuty, or by configuring the Logic App for your own services.
 
-In this example, we'll use the following steps to create a Logic App that uses the [common alerts schema](./alerts-common-schema.md) to send details from the alert. The example uses the following steps:
+In this example, the following steps create a Logic App that uses the [common alerts schema](./alerts-common-schema.md) to send details from the alert. The example uses the following steps:
 
 1. [Create a Logic App](#create-a-logic-app) for sending an email or a Teams post.
 1. [Create an alert action group](#create-an-action-group) that triggers the logic app.
 1. [Create a rule](#create-a-rule-using-your-action-group) the uses the action group.
+
 ## Create a Logic App
 
-1. Create a new Logic app. Set **Logic App name** , select **Consumption Plan type**.
+1. In the [portal](https://portal.azure.com/), create a new Logic app. In the **Search** bar at the top of the page, enter "Logic App".
+1. On the **Logic App** page, select **+Add**.
+1. Select the **Subscription** and **Resource group** for your Logic App.
+1. Set **Logic App name**, and select **Consumption Plan type**.
 1. Select **Review + create**, then select **Create**.
 1. Select **Go to resource** when the deployment is complete.
 :::image type="content" source="./media/alerts-logic-apps/create-logic-app.png" alt-text="A screenshot showing the create logic app page.":::
-1. On the Logic Apps Designer page, select **When a HTTP request is received**.  
+1. On the **Logic Apps Designer** page, select **When a HTTP request is received**.  
 :::image type="content" source="./media/alerts-logic-apps/logic-apps-designer.png" alt-text="A screenshot showing the Logic Apps designer start page.":::  
 
 1. Paste the common alert schema into the **Request Body JSON Schema** field from the following JSON:
@@ -105,10 +108,40 @@ In this example, we'll use the following steps to create a Logic App that uses t
     }
     ```
 
-1. Select the **+** icon to insert a new step.
-:::image type="content" source="./media/alerts-logic-apps/configure-http-request-received.png" alt-text="A screenshot showing the parameters for the when http request received step.":::
+    :::image type="content" source="./media/alerts-logic-apps/configure-http-request-received.png" alt-text="A screenshot showing the parameters for the http request received step.":::
+
+1. (Optional). You can customize the alert notification by extracting information about the affected resource on which the alert fired, e.g. the resource’s tags. You can then include those resource tags in the alert payload and use the information in your logical expressions for sending the notifications. To do this, we will:
+    - Create a variable for the affected resource IDs.
+    - Split the resource ID into in an array so we can use its various elements (e.g. subscription, resource group).
+    - Use the Azure Resource Manager connector to read the resource’s metadata.
+    - Fetch the resource’s tags which can then be used in subsequent steps of the Logic App.
+
+    1. Select **+** and **Add an action** to insert a new step.
+    1. In the **Search** field, search for and select **Initialize variable**.
+    1. In the **Name** field, enter the name of the variable, such as 'AffectedResources'.
+    1. In the **Type** field, select **Array**.
+    1. In the **Value** field, select **Add dynamic Content**. Select the **Expression** tab, and enter this string: `split(triggerBody()?['data']?['essentials']?['alertTargetIDs'][0], '/')`.
+
+        :::image type="content" source="./media/alerts-logic-apps/initialize-variable.png" alt-text="A screenshot showing the parameters for the initializing a variable in Logic Apps.":::
+
+    1. Select **+** and **Add an action** to insert another step.
+    1. In the **Search** field, search for and select **Azure Resource Manager**, and then **Read a resource**. 
+    1. Populate the fields of the **Read a resource** action with the array values from the `AffectedResources` variable. In each of the fields, click inside the field, and scroll down to **Enter a custom value**. Select **Add dynamic content**, and then select the **Expression** tab. Enter the strings from this table:
+
+        |Field|String value|
+        |---------|---------|
+        |Subscription|`variables('AffectedResource')[2]`|
+        |Resource Group|`variables('AffectedResource')[4]`|
+        |Resource Provider|`variables('AffectedResource')[6]`|
+        |Short Resource Id|`concat(variables('AffectedResource')[7], '/', variables('AffectedResource')[8]`)|
+        |Client Api Version|2021-06-01|
+
+    The dynamic content now includes tags from the affected resource. You can use those tags when you configure your notifications as described in the following steps.
 
 1. Send an email or post a Teams message.
+1. Select **+** and **Add an action** to insert a new step.
+
+    :::image type="content" source="./media/alerts-logic-apps/configure-http-request-received.png" alt-text="A screenshot showing the parameters for the when http request received step.":::
 
 ## [Send an email](#tab/send-email)
 
@@ -119,46 +152,45 @@ In this example, we'll use the following steps to create a Logic App that uses t
 1. Sign into Office 365 when prompted to create a connection.
 1. Create the email **Body** by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.   
 For example:
-    - Enter *An alert has monitoring condition:* then select **monitorCondition** from the **Dynamic content** list.
-    - Then enter *Date fired:* and select **firedDateTime** from the **Dynamic content** list. 
-    - Enter *Affected resources:* and select **alterTargetIDs** from the **Dynamic content** list.  
-    
+    - Enter the text: `An alert has been triggered with this monitoring condition:`. Then, select **monitorCondition** from the **Dynamic content** list.
+    - Enter the text: `Date fired:`. Then, select **firedDateTime** from the **Dynamic content** list.
+    - Enter the text: `Affected resources:`. Then, select **alertTargetIDs** from the **Dynamic content** list.
+
 1. In the **Subject** field, create the subject text by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.  
 For example:
-     - Enter *Alert:* and select **alertRule** from the **Dynamic content** list.
-     - Then enter *with severity:* and select **severity** from the **Dynamic content** list.
-     - Enter  *has condition:* and select **monitorCondition** from the **Dynamic content** list.  
-          
+     - Enter the text: `Alert:`. Then, select **alertRule** from the **Dynamic content** list.
+     - Enter the text: `with severity:`. Then, select **severity** from the **Dynamic content** list.
+     - Enter the text: `has condition:`. Then, select **monitorCondition** from the **Dynamic content** list.  
+
 1. Enter the email address to send the alert to in the **To** field.
 1. Select **Save**.
 
    :::image type="content" source="./media/alerts-logic-apps/configure-email.png" alt-text="A screenshot showing the parameters tab for the send email action.":::
 
-You've created a Logic App that will send an email to the specified address, with details from the alert that triggered it. 
+You've created a Logic App that sends an email to the specified address, with details from the alert that triggered it. 
 
 The next step is to create an action group to trigger your Logic App.
 
 ## [Post a Teams message](#tab/send-teams-message)
 
 1. In the search field, search for *Microsoft Teams*.  
-
 1. Select **Microsoft Teams**
     :::image type="content" source="./media/alerts-logic-apps/choose-operation-teams.png" alt-text="A screenshot showing add action page of the logic apps designer with Microsoft Teams selected.":::  
 1. Select **Post a message in a chat or channel** from the list of actions.
 1. Sign into Teams when prompted to create a connection.  
-1. Select *User*  from the **Post as** dropdown.
-1. Select *Group chat* from the **Post in** dropdown.
+1. Select **User**  from the **Post as** dropdown.
+1. Select **Group chat** from the **Post in** dropdown.
 1. Select your group from the **Group chat** dropdown.
-1. Create the message text in the **Message** field by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.  
+1. Create the message text in the **Message** field by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.
     For example:
-    - Enter *Alert:* then select **alertRule** from the **Dynamic content** list.
-    - Enter *with severity:* and select **severity** from the **Dynamic content** list.
-    - Enter *was fired at:* and select **firedDateTime** from the **Dynamic content** list.
-    - Add more fields according to your requirements.
+    1. Enter `Alert:` then select **alertRule** from the **Dynamic content** list.
+    1. Enter `with severity:` and select **severity** from the **Dynamic content** list.
+    1. Enter `was fired at:` and select **firedDateTime** from the **Dynamic content** list.
+    1. Add more fields according to your requirements.
 1. Select **Save**
     :::image type="content" source="./media/alerts-logic-apps/configure-teams-message.png" alt-text="A screenshot showing the parameters tab for the post a message in a chat or channel action.":::
 
-You've created a Logic App that will send a Teams message to the specified group, with details from the alert that triggered it. 
+You've created a Logic App that sends a Teams message to the specified group, with details from the alert that triggered it. 
 
 The next step is to create an action group to trigger your Logic App.
 
@@ -177,7 +209,7 @@ To trigger your Logic app, create an action group, then create an alert that use
 :::image type="content" source="./media/alerts-logic-apps/create-action-group.png" alt-text="A screenshot showing the actions tab of a create action group page.":::
 1. In the **Actions** tab under **Action type**, select **Logic App**.
 1. In the **Logic App** section, select your logic app from the dropdown.
-1. Set **Enable common alert schema** to *Yes*. If you select *No*, the alert type will determine which alert schema is used. For more information about alert schemas, see [Context specific alert schemas](./alerts-non-common-schema-definitions.md).
+1. Set **Enable common alert schema** to *Yes*. If you select *No*, the alert type determines which alert schema is used. For more information about alert schemas, see [Context specific alert schemas](./alerts-non-common-schema-definitions.md).
 1. Select **OK**.
 1. Enter a name in the **Name** field.
 1. Select **Review + create**, the **Create**.
@@ -193,9 +225,9 @@ To trigger your Logic app, create an action group, then create an alert that use
 
 :::image type="content" source="./media/alerts-logic-apps/test-action-group2.png" alt-text="A screenshot showing an action group details test page.":::
 
-The following email will be sent to the specified account:
+The following email is sent to the specified account:
 
-:::image type="content" source="./media/alerts-logic-apps/sample-output-email.png" alt-text="A screenshot showing an sample email sent by the test page.":::
+:::image type="content" source="./media/alerts-logic-apps/sample-output-email.png" alt-text="A screenshot showing a sample email sent by the test page.":::
 
 
 ## Create a rule using your action group
 
@@ -75,14 +75,16 @@ Set up schedule-based rules to trigger scale events. Use schedule-based rules wh
 
 ### Rules
 
-Rules define the conditions needed to trigger a scale event, the direction of the scaling, and the amount to scale by. Rules can be:
+Rules define the conditions needed to trigger a scale event, the direction of the scaling, and the amount to scale by. Combine multiple rules using different metrics, for example CPU usage and queue length. Define up to 10 rules per profile.     
+
+Rules can be:
 
 * Metric-based  
 Trigger based on a metric value, for example when CPU usage is above 50%.
 * Time-based  
 Trigger based on a schedule, for example, every Saturday at 8am. 
 
-You can combine multiple rules using different metrics, for example CPU usage and queue length.  
+
 Autoscale scales out if *any* of the rules are met, whereas autoscale scales in only if *all* the rules are met.
 In terms of logic operators, the OR operator is used when scaling out with multiple rules. The AND operator is used when scaling in with multiple rules.