MicrosoftDocs
diff --git a/‎docs/scenarios/sap/enterprise-scale-landing-zone.md‎
Lines changed: 4 additions & 4 deletions b/‎docs/scenarios/sap/enterprise-scale-landing-zone.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/scenarios/sap/eslz-business-continuity-and-disaster-recovery.md‎
Lines changed: 5 additions & 5 deletions b/‎docs/scenarios/sap/eslz-business-continuity-and-disaster-recovery.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎docs/scenarios/sap/eslz-identity-and-access-management.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/scenarios/sap/eslz-identity-and-access-management.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/scenarios/sap/eslz-security-governance-and-compliance.md‎
Lines changed: 6 additions & 6 deletions b/‎docs/scenarios/sap/eslz-security-governance-and-compliance.md‎
Lines changed: 6 additions & 6 deletions
@@ -104,7 +104,7 @@ This architecture has three or four subnets, depending on the tier. For example,
 
 - **Azure NetApp Files**: A [delegated subnet](/azure/azure-netapp-files/azure-netapp-files-delegate-subnet) for using Azure NetApp Files for different SAP on Azure scenarios.
 - **Azure Application Gateway**: A subnet that handles traffic coming from the internet. For example, this subnet might handle Fiori apps.
-- **SAP applications**: A subnet that contains SAP application servers, SAP Central Services, SAP enqueue replication services instances, and web dispatchers.
+- **SAP applications**: A subnet that contains SAP application servers, SAP Central Services, SAP enqueue replication service instances, and web dispatchers.
 - **Database**: A subnet that contains only database virtual machines.
 
 > [!NOTE]
@@ -130,7 +130,7 @@ Ensure Azure resources in the workload use zone-redundant configurations or span
 - Detect: Audit subscriptions for non-compliance of these policies.
 - Prevent configurations using the Deny effect for resources that do not adhere to zone resiliency standards.
 
-Compliance with this initiative can be checked at the end of the Implementation process. More information of the Azure Policy Initiative for Zone Resilience can be found here.
+Compliance with this initiative can be checked at the end of the Implementation process. More information on the Azure Policy Initiative for Zone Resilience can be found here.
 
 #### Azure NetApp Files and Azure Files
 
@@ -158,7 +158,7 @@ The example SAP systems architecture uses [private endpoints](/azure/private-lin
 
 Azure Private Link is now generally available. SAP Private Link Service currently supports connections from SAP BTP, the Cloud Foundry runtime, and other services on top of [Private Link resources](https://help.sap.com/docs/PRIVATE_LINK/42acd88cb4134ba2a7d3e0e62c9fe6cf/e8bc0c6440834a47a0ff57cb4efc0dc2.html?locale=en-US) for the most common load balancer plus virtual machine scenarios. Example scenarios include SAP S/4HANA or SAP ERP running on the virtual machine and connecting to Azure native services like [Azure Database for MySQL](https://help.sap.com/docs/PRIVATE_LINK/42acd88cb4134ba2a7d3e0e62c9fe6cf/5c70499ee70b415d954145a795e43355.html?locale=en-US).
 
-The example architecture shows an SAP Private Link Service connection to BTP environments. SAP Private Link Service establishes a private connection between specific SAP BTP services and specific services in your infrastructure as service provider accounts. If you reuse the private link functionality, BTP services can access your S/4 HANA environment through private network connections, which avoids data transfer over the public internet.
+The example architecture shows an SAP Private Link Service connection to BTP environments. SAP Private Link Service establishes a private connection between specific SAP BTP services and specific services in your infrastructure as a service provider accounts. If you reuse the private link functionality, BTP services can access your S/4 HANA environment through private network connections, which avoids data transfer over the public internet.
 
 For more information about scenarios for connecting to BTP services, see the SAP Community blog post about the [architecture effect of Private Link Service](https://blogs.sap.com/2021/07/27/btp-private-linky-swear-with-azure-how-many-pinkies-do-i-need/).
 
@@ -279,4 +279,4 @@ Review the following design areas for your SAP on Azure landing zone accelerator
 - [Governance](eslz-security-governance-and-compliance.md)
 - [Operations baseline](eslz-management-and-monitoring.md)
 - [Business continuity and disaster recovery](eslz-business-continuity-and-disaster-recovery.md)
-- [Deployment options](eslz-platform-automation-and-devops.md)
+- [Deployment options](eslz-platform-automation-and-devops.md)
@@ -26,7 +26,7 @@ Incorporate principles into your architecture that address on-premises business
 > [!TIP]
 > Determine a high availability and disaster recovery (HADR) solution for each of the archetypes in your SAP landscape early on. Ensure that the solution covers all SAP components.
 > 
-> Configure an HADR solution on Azure early, in least one landscape, and keep it active. Then your teams can get experience with the solution's technologies, which might differ from existing technologies. Configure HADR early to help develop and evolve your standard operating procedures (SOPs).
+> Configure an HADR solution on Azure early, in at least one landscape, and keep it active. Then your teams can get experience with the solution's technologies, which might differ from existing technologies. Configure HADR early to help develop and evolve your standard operating procedures (SOPs).
 > 
 > Plan to have complete high availability, disaster recovery, and backup protection for production workloads as soon as the system is live.
 
@@ -52,7 +52,7 @@ When you implement high availability, the goal is to provide availability for SA
 
 For other scenarios, don't restrict availability to infrastructure failures or software failures. Apply availability to all necessary lifecycle management tasks. For example, you can patch the OS in the VMs, the database management system (DBMS), and the SAP software. To minimize outages that might happen during planned downtime and lifecycle management operations, use common tools that help protect your systems against unplanned service disruptions.
 
-SAP and SAP databases support automatic failover clusters. In Windows, the Windows Server 2022 failover clustering feature supports failover. In Linux, Linux Pacemaker or partner tools like SIOS Protection Suite and Veritas InfoScale support failover. In Azure, you can deploy only a subset high availability configuration in your own datacenter.
+SAP and SAP databases support automatic failover clusters. In Windows, the Windows Server 2022 failover clustering feature supports failover. In Linux, Linux Pacemaker or partner tools like SIOS Protection Suite and Veritas InfoScale support failover. In Azure, you can deploy only a subset of high availability configuration in your own datacenter.
 
 For more information, see [Supported scenarios for SAP workloads on Azure VMs](/azure/virtual-machines/workloads/sap/sap-planning-supported-configurations) and [Supported scenarios for SAP HANA Large Instances](/azure/virtual-machines/workloads/sap/hana-supported-scenario).
 
@@ -216,7 +216,7 @@ Most organizations use both regions for operating SAP systems. Organizations tha
 
 When you choose a disaster recovery region, be sure to have ExpressRoute connectivity to that region. If you have multiple ExpressRoute circuits connecting to Azure, at least one of those circuits must connect to the primary Azure region. The others should connect to the disaster recovery region. This type of architecture connects you to the Azure network in a different geographic or geopolitical area and helps protect your connection if a catastrophe affects one of the Azure regions.
 
-Some organizations use a combination high availability and disaster recovery architecture, which groups high availability with disaster recovery in the same Azure region. But grouping high availability with disaster recovery isn't ideal. [Azure availability zones](/azure/reliability/availability-zones-overview) support this architecture. The distance between availability zones within one Azure region isn't as large as the distance between two Azure regions, so a natural disaster could jeopardize the application services in the region where it occurs. You also need to consider the latency between SAP application servers and database servers. According to [SAP note 1100926](https://launchpad.support.sap.com/#/notes/1100926), a roundtrip time of less than or equal to 0.3 ms is a good value, and a time of less than or equal to 0.7 ms is a moderate value. So for zones with high latencies, have operational procedures to ensure that SAP application servers and database servers always run in the same zone. Organizations choose this architecture for the following reasons:
+Some organizations use a combination of high availability and disaster recovery architecture, which groups high availability with disaster recovery in the same Azure region. But grouping high availability with disaster recovery isn't ideal. [Azure availability zones](/azure/reliability/availability-zones-overview) support this architecture. The distance between availability zones within one Azure region isn't as large as the distance between two Azure regions, so a natural disaster could jeopardize the application services in the region where it occurs. You also need to consider the latency between SAP application servers and database servers. According to [SAP note 1100926](https://launchpad.support.sap.com/#/notes/1100926), a roundtrip time of less than or equal to 0.3 ms is a good value, and a time of less than or equal to 0.7 ms is a moderate value. So for zones with high latencies, have operational procedures to ensure that SAP application servers and database servers always run in the same zone. Organizations choose this architecture for the following reasons:
 
 - Compliance is sufficient with configurations that support smaller distances between production deployment and a disaster recovery target.
 
@@ -236,10 +236,10 @@ Another factor to consider when you choose your disaster recovery region is the
 - Replicate key vault contents like certificates, secrets, or keys across regions so that you can decrypt data in the disaster recovery region.
 - Use [cross-region replication in Azure NetApp Files](/azure/azure-netapp-files/cross-region-replication-introduction) to synchronize file volumes between the primary region and the disaster recovery region.
 - Use native database replication, rather than Site Recovery, to synchronize data to the disaster recovery site.
-- Peer the primary and disaster recovery virtual networks. For example, for HANA system replication, you need to peer an SAP HANA DB virtual network needs to the disaster recovery site's SAP HANA DB virtual network.
+- Peer the primary and disaster recovery virtual networks. For example, for HANA system replication, you need to peer an SAP HANA DB virtual network to the disaster recovery site's SAP HANA DB virtual network.
 - If you use Azure NetApp Files storage for your SAP deployments, at a minimum, create two Azure NetApp Files accounts in the Premium tier, in two regions.
 - Consider grouping systems based on their business importance and proximity dependency based on application performance. To minimize the business effect of a regional outage, deploy each group to a separate region in a paired region construct. For example, to minimize the effect of a regional outage, you can deploy two critical ERP Central Component systems that serve two different business units, in UK South and UK West.
 
 ## Next step
 
-[Deployment options for SAP in Azure](eslz-platform-automation-and-devops.md)
+[Deployment options for SAP in Azure](eslz-platform-automation-and-devops.md)
@@ -70,7 +70,7 @@ Here are common administration and management activities of SAP on Azure:
   - Implement [SSO by using OAuth for SAP NetWeaver](/entra/identity/saas-apps/sap-netweaver-tutorial#configure-sap-netweaver-for-oauth) to allow third-party or custom applications to access SAP NetWeaver OData services.
   - Implement [SSO to SAP HANA](/entra/identity/saas-apps/saphana-tutorial)
 
-- Implement Microsoft Entra ID as identity provider for SAP systems hosted on RISE. For more information, see [Integrating the Service with Microsoft Entra ID](https://help.sap.com/docs/identity-authentication/identity-authentication/integrating-service-with-microsoft-azure-ad).
+- Implement Microsoft Entra ID as an identity provider for SAP systems hosted on RISE. For more information, see [Integrating the Service with Microsoft Entra ID](https://help.sap.com/docs/identity-authentication/identity-authentication/integrating-service-with-microsoft-azure-ad).
 - For applications that access SAP, use [principal propagation to establish SSO](https://github.com/azuredevcollege/SAP/blob/master/sap-oauth-saml-flow/README.md).
 
 - If you're using SAP BTP services or SaaS solutions that require SAP Cloud Identity Service, Identity Authentication (IAS), [implement SSO between SAP Cloud Identity Authentication Services and Microsoft Entra ID](/entra/fundamentals/scenario-azure-first-sap-identity-integration) to access those SAP services. This integration lets SAP IAS act as a proxy identity provider and forwards authentication requests to Microsoft Entra ID as the central user store and identity provider.
 
@@ -32,7 +32,7 @@ For more information about the shared responsibility model, see [Shared responsi
 
 Security is a shared responsibility between Microsoft and customers. You can upload your own virtual machine (VM) and database images to Azure, or use images from the Azure Marketplace. However, these images need security controls that meet application and organizational requirements. You must apply your customer-specific security controls to the operating system, data, and SAP application layer.
 
-For generally-accepted security guidance, refer to the [cybersecurity best practices](https://www.cisecurity.org/cybersecurity-best-practices/) from the Center for Internet Security (CIS).
+For generally accepted security guidance, refer to the [cybersecurity best practices](https://www.cisecurity.org/cybersecurity-best-practices/) from the Center for Internet Security (CIS).
 
 Azure Landing Zones have specific guidance regarding zero-trust based network security to secure network perimeter and traffic flows. For more information, see [Network security strategies on Azure](../../ready/landing-zone/design-area/security.md#zero-trust).
 
@@ -46,13 +46,13 @@ Enterprises that use hub-spoke network topologies often deploy cloud architectur
 
 Enable Microsoft Defender for Cloud Standard for SAP on Azure subscriptions to:
 
-- Strengthen the security posture your datacenters and provide advanced threat protection for on-premises and hybrid workloads across Azure and other clouds.
+- Strengthen the security posture of your datacenters and provide advanced threat protection for on-premises and hybrid workloads across Azure and other clouds.
 
 - See all-up security posture across SAP on Azure subscriptions, and see resource security hygiene across SAP VMs, disks, and applications.
 
 - Delegate an SAP admin custom role with [just-in-time access](/azure/security-center/just-in-time-explained).
 
-- Use the dedicated Microsoft Defender for Endpoint configuration for SAP hosts running on Linux and Windows to ensure that the SAP landscape is secure and SAP server performance is optimized. For more information use below references:
+- Use the dedicated Microsoft Defender for Endpoint configuration for SAP hosts running on Linux and Windows to ensure that the SAP landscape is secure and SAP server performance is optimized. For more information, use the references below:
 
   - [Microsoft Defender for Endpoint on Linux for SAP](/defender-endpoint/mde-linux-deployment-on-sap)
   - [Microsoft Defender for Endpoint on Windows Server with SAP](/defender-endpoint/mde-sap-windows-server)
@@ -183,7 +183,7 @@ Cost management is very important. Microsoft offers various ways to optimize cos
 
 ### Automate SAP deployments
 
-Save time and reduce errors by automating SAP deployments. Deploying complex SAP landscapes into a public cloud is not an easy task. SAP basic teams might be very familiar with the traditional tasks of installing and configuring on-premises SAP systems. Designing, building, and testing cloud deployments often require additional domain knowledge. For more information, see [SAP enterprise-scale platform automation and DevOps](./eslz-platform-automation-and-devops.md).
+Save time and reduce errors by automating SAP deployments. Deploying complex SAP landscapes into a public cloud is not an easy task. SAP Basis teams might be very familiar with the traditional tasks of installing and configuring on-premises SAP systems. Designing, building, and testing cloud deployments often require additional domain knowledge. For more information, see [SAP enterprise-scale platform automation and DevOps](./eslz-platform-automation-and-devops.md).
 
 ### Lock resources for production workloads
 
@@ -195,7 +195,7 @@ Customize role-based access control (RBAC) roles for SAP on Azure spoke subscrip
 
 ### Use Azure Connector for SAP LaMa
 
-Within a typical SAP estate, several application landscapes are often deployed, such an ERP, SCM, and BW, and there is an ongoing need to perform SAP system copies and SAP system refreshes. Examples are creating new SAP projects for technical or application releases, or periodically refreshing QA systems from production copies. The end-to-end process for SAP system copies and refreshes can be both time-consuming and labor intensive.
+Within a typical SAP estate, several application landscapes are often deployed, such as ERP, SCM, and BW, and there is an ongoing need to perform SAP system copies and SAP system refreshes. Examples are creating new SAP projects for technical or application releases, or periodically refreshing QA systems from production copies. The end-to-end process for SAP system copies and refreshes can be both time-consuming and labor intensive.
 
 SAP Landscape Management (LaMa) Enterprise Edition can support operational efficiencies by automating several steps involved in the SAP system copy or refresh. [Azure Connector for LaMa](/azure/virtual-machines/workloads/sap/lama-installation) enables copying, deletion, and relocation of Azure-managed disks to help your SAP operations team perform SAP system copies and system refreshes rapidly, reducing manual efforts.
 
@@ -220,4 +220,4 @@ The following recommendations are for various compliance and governance scenario
 - [SAP on Azure: designing for efficiency and operations](https://azure.microsoft.com/blog/sap-on-azure-designing-for-efficiency-operations/)
 - [Azure Virtual Machines planning and implementation for SAP NetWeaver](/azure/virtual-machines/workloads/sap/planning-guide)
 - [Configure Microsoft Defender for Endpoint on Windows Server with SAP](/defender-endpoint/mde-sap-windows-server)
-- [Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP](/defender-endpoint/mde-linux-deployment-on-sap)
+- [Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP](/defender-endpoint/mde-linux-deployment-on-sap)