Merge pull request #5410 from MicrosoftDocs/main

Merge main to live, 4 AM
MicrosoftDocs · Oct 3, 2024 · 4212c7d · 4212c7d
2 parents 9de3b8f + 955218e
commit 4212c7d
Show file tree

Hide file tree

Showing 11 changed files with 86 additions and 112 deletions.
diff --git a/.docutune/dictionaries/dummy-guids.json b/.docutune/dictionaries/dummy-guids.json
@@ -1,7 +1,7 @@
 // List of the dummy GUIDs used in the documentation, and the sensitive term list that they are associated with. Refer to Learn Plaford for more information.
 // Used as part of docutune-1.5.2/dictionaries/Dictionary-Security-GUIDs.ps1 workflow.
 {
-  "appId|applicationId|application|clientId|audience|aud": [
+  "appId|applicationId|clientId|audience|aud": [
     "00001111-aaaa-2222-bbbb-3333cccc4444",
     "11112222-bbbb-3333-cccc-4444dddd5555",
     "22223333-cccc-4444-dddd-5555eeee6666",

diff --git a/docs/identity/enterprise-apps/whats-new-docs.md b/docs/identity/enterprise-apps/whats-new-docs.md
@@ -1,7 +1,7 @@
 ---
 title: "What's new in Microsoft Entra application management"
 description: "New and updated documentation for the Microsoft Entra application management."
-ms.date: 09/02/2024
+ms.date: 01/10/2024
 ms.service: entra-id
 ms.subservice: enterprise-apps
 ms.topic: whats-new
@@ -16,6 +16,10 @@ manager: CelesteDG
 
 Welcome to what's new in Microsoft Entra application management documentation. This article lists new docs that have been added and those articles that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Microsoft Entra ID](~/fundamentals/whats-new.md).
 
+## September 2024
+
+No updates this month.
+
 ## August 2024
 
 ### Updated articles
@@ -39,9 +43,3 @@ Reviewed the following articles to improve technical accuracy and clarity:
 - [Tutorial: Configure F5 BIG-IP Easy Button for Kerberos single sign-on](f5-big-ip-kerberos-easy-button.md).
 - [Tutorial: Configure F5 BIG-IP Easy Button for SSO to SAP ERP](f5-big-ip-sap-erp-easy-button.md).
 - [Integrate F5 BIG-IP with Microsoft Entra ID](f5-integration.md).
-
-## June 2024
-
-### Updated articles
-
-- [Manage consent to applications and evaluate consent requests](manage-consent-requests.md) - Review to improve technical accuracy and clarity.
diff --git a/.../monitoring-health/concept-log-monitoring-integration-options-considerations.md b/.../monitoring-health/concept-log-monitoring-integration-options-considerations.md
@@ -6,7 +6,7 @@ manager: amycolannino
 ms.service: entra-id
 ms.topic: conceptual
 ms.subservice: monitoring-health
-ms.date: 11/17/2023
+ms.date: 10/02/2024
 ms.author: sarahlipsey
 ms.reviewer: egreenberg14
 
@@ -23,39 +23,39 @@ With these integrations, you can enable rich visualizations, monitoring, and ale
 
 The following logs can be integrated with one of many endpoints:
 
-* The [**audit logs activity report**](concept-audit-logs.md) gives you access to the history of every task that's performed in your tenant.
+* The [**audit logs activity report**](concept-audit-logs.md) gives you access to the history of every task performed in your tenant.
 * With the [**sign-in activity report**](concept-sign-ins.md), you can see when users attempt to sign in to your applications or troubleshoot sign-in errors.
-* With the [**provisioning logs**](~/identity/app-provisioning/application-provisioning-log-analytics.md), you can monitor which users were, updated, and deleted in all your third-party applications.
+* With the [**provisioning logs**](~/identity/app-provisioning/application-provisioning-log-analytics.md), you can monitor which users were, updated, and deleted in all your non-Mirosoft applications.
 * The [**risky users logs**](~/id-protection/howto-identity-protection-investigate-risk.md#risky-users-report) helps you monitor changes in user risk level and remediation activity.
 * With the [**risk detections logs**](~/id-protection/howto-identity-protection-investigate-risk.md#risk-detections-report), you can monitor user's risk detections and analyze trends in risk activity detected in your organization.
 
 ## Integration options
 
-To help choose the right method for integrating Microsoft Entra activity logs for storage or analysis, think about the overall task you're trying to accomplish. We've grouped the options into three main categories:
+To help choose the right method for integrating Microsoft Entra activity logs for storage or analysis, think about the overall task you're trying to accomplish. The options are grouped into three main categories:
 
 * Troubleshooting
 * Long-term storage
 * Analysis and monitoring
 
-### Troubleshooting
+### Basic troubleshooting
 
-If you're performing troubleshooting tasks but you don't need to retain the logs for more than 30 days, we recommend using the Azure portal or Microsoft Graph to access activity logs. You can filter the logs for your scenario and export or download them as needed.
+If you're performing basic troubleshooting tasks but you don't need to retain the logs for more than 30 days, we recommend using the Microsoft Entra admin center or the Microsoft Graph APIs to access the activity logs. You can filter the logs for your scenario and export or download them as needed.
 
 If you're performing troubleshooting tasks *and* you need to retain the logs for more than 30 days, take a look at the long-term storage options.
 
 ### Long-term storage
 
-If you're performing troubleshooting tasks *and* you need to retain the logs for more than 30 days, you can export your logs to an Azure storage account. This option is ideal of you don't plan on querying that data often.
+If you're performing troubleshooting tasks *and* you need to retain the logs for more than 30 days, you should export your logs to an Azure storage account. This option is ideal of you don't plan on querying that data often.
 
 If you need to query the data that you're retaining for more than 30 days, take a look at the analysis and monitoring options.
 
 ### Analysis and monitoring
 
 If your scenario requires that you retain data for more than 30 days *and* you plan on querying that data regularly, you've got a few options to integrate your data with SIEM tools for analysis and monitoring.
 
-If you have a third party SIEM tool, we recommend setting up an Event Hubs namespace and event hub that you can stream your data through. With an event hub, you can stream logs to one of the supported SIEM tools.
+If you have a non-Microsoft SIEM tool, we recommend setting up an Event Hubs namespace and event hub that you can stream your data through. With an event hub, you can stream logs to one of the supported SIEM tools.
 
-If you don't plan on using a third-party SIEM tool, we recommend sending your Microsoft Entra activity logs to Azure Monitor logs. With this integration, you can query your activity logs with Log Analytics. In Addition to Azure Monitor logs, Microsoft Sentinel provides near real-time security detection and threat hunting. If you decide to integrate with SIEM tools later, you can stream your Microsoft Entra activity logs along with your other Azure data through an event hub.
+If you don't plan on using a third-party SIEM tool, we recommend sending your Microsoft Entra activity logs to [Azure Monitor logs](/azure/azure-monitor/logs/data-platform-logs). With this integration, you can query your activity logs in a [Log Analytics workspace](/azure/azure-monitor/logs/log-analytics-workspace-overview). In Addition to Azure Monitor logs, [Microsoft Sentinel](/azure/sentinel/overview?tabs=azure-portal) provides near real-time security detection and threat hunting. If you decide to integrate with SIEM tools later, you can stream your Microsoft Entra activity logs along with your other Azure data through an event hub.
 
 ## Cost considerations
 
@@ -71,7 +71,7 @@ Other considerations for sending Microsoft Entra logs to Azure Monitor logs are
 
 Azure Monitor provides the option to exclude whole events, fields, or parts of fields when ingesting logs from Microsoft Entra ID. Learn more about this cost saving feature in [Data collection transformation in Azure Monitor](/azure/azure-monitor/essentials/data-collection-transformations).
 
-## Estimate your costs
+### Estimate your costs
 
 To estimate the costs for your organization, you can estimate either the daily log size or the daily cost for integrating your logs with an endpoint.
 
@@ -88,7 +88,7 @@ To estimate the daily log size, gather a sample of your logs, adjust the sample
 
 If you haven't downloaded logs from the Microsoft Entra admin center before, review the [How to download logs in Microsoft Entra ID](howto-download-logs.md) article. Depending on the size of your organization, you might need to choose a different sample size to start your estimation. The following sample sizes are a good place to start:
 
-* 1000 records
+* 1,000 records
 * For large tenants, 15 minutes of sign-ins
 * For small to medium tenants, 1 hour of sign-ins