Merge pull request #3336 from DeCohen/WI402870-file-monitoring-access-doc-updates

added links to the articles and updated the notes message

Author: padmagit77

CloudAppSecurityDocs/get-started.md

@@ -61,7 +61,11 @@ After you connect an app, you can gain deeper visibility so you can investigate
 
 **How to page**: [Protect sensitive information with DLP policies](policies-information-protection.md)
 
-**Recommended task**: Enable file monitoring and create file policies
+**Recommended tasks**
+
+-  Enable file monitoring and create file policies
+
+- To enable File monitoring of Microsoft 365 files, you are required to use a relevant Entra Admin ID, such as Application Administrator or Cloud Application Administrator. For more details, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference).
 
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**.
 1. Under **Information Protection**, select **Files**.
@@ -70,8 +74,6 @@ After you connect an app, you can gain deeper visibility so you can investigate
 1. Select the required settings and then select **Save**.
 1. In [Step 3](#step-3-control-cloud-apps-with-policies), create [File policies](data-protection-policies.md) to meet your organizational requirements.
 
-> [!TIP]
-> You can view files from your connected apps by browsing to **Cloud Apps** > **Files** in the Microsoft Defender Portal.
 
 **Migration recommendation**  
 We recommend using Defender for Cloud Apps sensitive information protection in parallel with your current Cloud Access Security Broker (CASB) solution. Start by [connecting the apps you want to protect](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md) to Microsoft Defender for Cloud Apps. Since API connectors use out-of-band connectivity, no conflict will occur. Then progressively migrate your [policies](control-cloud-apps-with-policies.md) from your current CASB solution to Defender for Cloud Apps.

CloudAppSecurityDocs/manage-admins.md

@@ -20,6 +20,7 @@ Microsoft Defender for Cloud Apps supports role-based access control. This artic
 >
 > - Microsoft 365 and Microsoft Entra roles aren't listed in the Defender for Cloud Apps **Manage admin access** page. To assign roles in Microsoft 365 or Microsoft Entra ID, go to the relevant RBAC settings for that service.
 > - Defender for Cloud Apps uses Microsoft Entra ID to determine the user's [directory level inactivity timeout setting](/azure/azure-portal/set-preferences#change-the-directory-timeout-setting-admin). If a user is configured in Microsoft Entra ID to never sign out when inactive, the same setting will apply in Defender for Cloud Apps as well.
+> - Defender for Cloud Apps Information Protection enablement requires an Entra Admin ID, such as: Application Administrator or Cloud Application Administrator. For more details, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Protect your Microsoft 365 environment](/defender-cloud-apps/protect-office-365)
 
 By default, the following Microsoft 365 and [Microsoft Entra ID](/azure/active-directory/roles/permissions-reference) admin roles have access to Defender for Cloud Apps: