changed files by pdets auto publish service, publishid[bd3d810c-ea70-4ec7-a67d-35a9e54b1f85] and do [publish].

Author: wwlpublish

learn-pr/wwl-sci/monitor-maintain-azure-active-directory/8-knowledge-check.yml

@@ -22,13 +22,13 @@ quiz:
     choices:
     - content: "Microsoft Entra audit logs provide a comparison of budgeted Azure usage compared to actual."
       isCorrect: false
-      explanation: "Incorrect. Audit logs provide traceability through logs for all changes made by various features within Microsoft Entra ID. Examples of audit logs include changes made to any resources within Microsoft Entra ID. You'll see things like adding or removing users, apps, groups, roles, and policies."
+      explanation: "Incorrect. Audit logs provide traceability through logs for all changes made by various features within Microsoft Entra ID. Examples of audit logs include changes made to any resources within Microsoft Entra ID. You see things like adding or removing users, apps, groups, roles, and policies."
     - content: "Microsoft Entra audit logs provide records of system activities for compliance reporting."
       isCorrect: true
       explanation: "Correct. An audit log has a default list view that shows data like the date and time of the occurrence. Additional information includes the service that logged the occurrence, and the category of the activity. Finally, the name of the activity (what), the status of the activity (success or failure), the target, and the initiator/actor (who) of an activity."
     - content: "Microsoft Entra audit logs allow customer to monitor activity when provisioning new services within Azure."
       isCorrect: false
-      explanation: "Incorrect. Audit logs provide traceability through logs for all changes made by various features within Microsoft Entra ID. Examples of audit logs include changes made to any resources within Microsoft Entra ID. You'll see things like adding or removing users, apps, groups, roles, and policies."
+      explanation: "Incorrect. Audit logs provide traceability through logs for all changes made by various features within Microsoft Entra ID. Examples of audit logs include changes made to any resources within Microsoft Entra ID. You see things like adding or removing users, apps, groups, roles, and policies."
   - content: "Can Azure export logging data to third-party SIEM (security information and event management) tools?"
     choices:
     - content: "Yes, Azure supports exporting log data to several common third-party SIEM tools."
@@ -39,7 +39,7 @@ quiz:
       explanation: "Incorrect. Azure Sentinel is a Microsoft first-party SIEM tool, but we do support using other tools, such as Splunk, IBM QRadar, and ArcSight."
     - content: "Yes, Splunk is the third party SIEM Azure can export to."
       isCorrect: false
-      explanation: "Incorrect. While Splunk is one of the third-party SIEM tools we can export data to, it is not the only one. We also support other third-party SIEM tools, such as IBM QRadar and ArcSight."
+      explanation: "Incorrect. While Splunk is one of the third-party SIEM tools we can export data to, it isn't the only one. We also support other third-party SIEM tools, such as IBM QRadar and ArcSight."
   - content: "John wants to configure email notifications to be sent from Microsoft Entra Domain Services (AD DS) when issues are detected. In Azure, where would notifications be configured?"
     choices:
     - content: "Azure Microsoft Portal - Microsoft Entra ID - Monitoring - Notifications - Add email recipient."
@@ -50,4 +50,4 @@ quiz:
       explanation: "Correct. The health of a Microsoft Entra Domain Services (MEDS) managed domain is monitored by the Azure platform. The health status page in the Azure Microsoft Portal shows any alerts for the managed domain. To make sure issues are responded to in a timely manner, email notifications can be configured to report on health alerts as soon as they're detected in the Microsoft Entra Domain Services managed domain."
     - content: "Azure Microsoft Portal - Notification Hubs - Microsoft Entra ID - Add email recipient."
       isCorrect: false
-      explanation: "Incorrect. Azure Notification Hubs are to provide push notification to any platform (iOS, Android, Windows, and so on.) to share breaking news, promotional content, or other Azure App information to users."
+      explanation: "Incorrect. Azure Notification Hubs are to provide push notification to any platform to share breaking news, promotional content, or other Azure App information to users."

learn-pr/wwl-sci/monitor-maintain-azure-active-directory/includes/3-review-monitor-azure-active-directory-audit-logs.md

@@ -15,7 +15,7 @@ You can customize the list view by clicking **Columns** in the toolbar.
 
 :::image type="content" source="../media/columns.png" alt-text="Screenshot of the Audit columns, so you can pick the specific data you need to see in your report.":::
 
-This enables you to display additional fields or remove fields that are already displayed.
+Custom columns enables you to display other fields or remove fields that are already displayed.
 
 :::image type="content" source="../media/column-select.png" alt-text="Screenshot of the Remove fields dialog. Set up the reports to show and review just the data you need.":::
 
@@ -45,7 +45,7 @@ The **Service** filter allows you to select from a drop-down list of the followi
  - Account Provisioning
  - Application Proxy
  - Authentication Methods
- - B2C
+ - Business to Customer (B2C)
  - Conditional Access
  - Core Directory
  - Entitlement Management
@@ -54,7 +54,7 @@ The **Service** filter allows you to select from a drop-down list of the followi
  - Invited Users
  - MIM Service
  - MyApps
- - PIM
+ - Privileged Identity Management (PIM)
  - Self-service Group Management
  - Self-service Password Management
  - Terms of Use
@@ -86,7 +86,7 @@ The **Activity** filter is based on the category and activity resource type sele
 
 You can get the list of all Audit Activities using the Graph API: `https://graph.windows.net/<tenantdomain>/activities/auditActivityTypesV2?api-version=beta`
 
-The **Status** filter allows you to filter based on the status of an audit operation. The status can be one of the following:
+The **Status** filter allows you to filter based on the status of an audit operation. The status can be one of the following values:
 
  - All
  - Success
@@ -96,7 +96,7 @@ The **Target** filter allows you to search for a particular target by the starti
 
 The **Initiated by** filter enables you to define what an actor's name or a universal principal name (UPN) starts with. The name and UPN are case-sensitive.
 
-The **Date range** filter enables to you to define a timeframe for the returned data.Possible values are:
+The **Date range** filter enables to you to define a timeframe for the returned `data.Possible` values are:
 
  - 7 days
  - 24 hours
@@ -110,7 +110,7 @@ You can also choose to download the filtered data, up to 250,000 records, by sel
 
 ## Audit logs shortcuts
 
-In addition to **Microsoft Entra ID**, the Azure portal provides you with two additional entry points to audit data:
+In addition to **Microsoft Entra ID**, the Azure portal provides you with two other entry points to audit data:
 
  - Users and groups
  - Enterprise applications
@@ -119,14 +119,14 @@ In addition to **Microsoft Entra ID**, the Azure portal provides you with two ad
 
 With user and group-based audit reports, you can get answers to questions such as:
 
- - What types of updates have been applied to users?
+ - What types of updates were applied to users?
  - How many users were changed?
  - How many passwords were changed?
  - What has an administrator done in a directory?
- - What are the groups that have been added?
+ - What are the groups that were added?
  - Are there groups with membership changes?
  - Have the owners of a group been changed?
- - What licenses have been assigned to a group or a user?
+ - What licenses were assigned to a group or a user?
 
 If you want to review only auditing data that is related to users, you can find a filtered view under **Audit logs** in the **Monitoring** section of the **Users** tab. This entry point has **UserManagement** as preselected category.
 
@@ -140,8 +140,8 @@ If you want to review only auditing data that is related to groups, you can find
 
 With application-based audit reports, you can get answers to questions such as:
 
- - What applications have been added or updated?
- - What applications have been removed?
+ - What applications were added or updated?
+ - What applications were removed?
  - Has a service principal for an application changed?
  - Have the names of applications been changed?
  - Who gave consent to an application?
@@ -152,4 +152,4 @@ If you want to review audit data related to your applications, you can find a fi
 
 ## Microsoft 365 activity logs
 
-You can view Microsoft 365 activity logs from the Microsoft 365 admin center. Even though Microsoft 365 activity and Microsoft Entra activity logs share a lot of the directory resources, only the Microsoft 365 admin center provides a full view of the Microsoft 365 activity logs. You can also access the Microsoft 365 activity logs programmatically by using the Office 365 Management APIs.
+You can view Microsoft 365 activity logs from the Microsoft 365 admin center. Even though Microsoft 365 activity and Microsoft Entra activity logs share numerous directory resources, only the Microsoft 365 admin center provides a full view of the Microsoft 365 activity logs. You can also access the Microsoft 365 activity logs programmatically by using the Office 365 Management APIs.

learn-pr/wwl-sci/monitor-maintain-azure-active-directory/includes/6-analyze-azure-active-directory-workbooks-reporting.md

@@ -9,8 +9,10 @@ With the usage and insights report, you can get an application-centric view of y
 To access the data from the usage and insights report, you need:
 
  - A Microsoft Entra tenant.
- - A Microsoft Entra ID premium (P1/P2) license to view the sign-in data.
- - A user in the Security Administrator, Security Reader or Report Reader roles. In addition, any user (non-admins) can access their own sign-ins.
+ - A Microsoft Entra ID P1 or P2 license.
+ - A user in the Security Administrator, Security Reader or Report Reader roles.
+
+In addition, any user (non-admins) can access their own sign-ins.
 
 ## Access the usage and insights report