Connect az updates (#229)

* remove menu screen and user input from topics

* updates for RLP-97479

* adding new gifs removing old ones

* image name update

* image file name update

* broken list fix

* list issues

* Update authorize-prisma-cloud.adoc

Cleaned up UI paths

* removed sp

* sp references

* clean up menu

* ashwini feedback

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/authorize-prisma-cloud.adoc

@@ -27,10 +27,10 @@ Follow the steps below to use the Automated Terraform script method to create th
 [NOTE]
 ====
 
-We recommend that you create a directory to store the Terraform template you download. This allows you to better manage the templates when you add new Azure resources to Prisma Cloud or update existing roles. Give this directory a unique name for example, userinput:[onboard-tenant-<tenant-name>].
+We recommend that you create a directory to store the Terraform template you download. This allows you to better manage the templates when you add new Azure resources to Prisma Cloud or update existing roles. Give this directory a unique name for example, _onboard-tenant-<tenant-name>_.
 ====
-. Run the command userinput:[terraform init > terraform apply] and click *Confirm*.
-. This generates outputs with the following values as shown below: 
+. Run the command *terraform init > terraform apply* and click *Confirm*.
+. This generates outputs with the following values: 
 +
 image::connect/so-az-automate-tenant.png[] 
 +
@@ -58,9 +58,9 @@ Follow the steps below to use the Automated Terraform script method to create th
 +
 [NOTE]
 ====
-We recommend that you create a directory to store the Terraform template you download. This allows you to better manage the templates when you add new Azure resources to Prisma Cloud or update existing roles. Give this directory a unique name that indicates its purpose, for example, userinput:[onboard-subscription-<subscription-name>].
+We recommend that you create a directory to store the Terraform template you download. This allows you to better manage the templates when you add new Azure resources to Prisma Cloud or update existing roles. Give this directory a unique name that indicates its purpose, for example, _onboard-subscription-<subscription-name>_.
 ====
-. Run the command userinput:[terraform init > terraform apply] and click *Confirm*.
+. Run the command _terraform init > terraform apply_ and click *Confirm*.
 . This generates outputs with the following values as shown below: 
 +
 image::connect/so-az-automate-subscription.png[]
@@ -73,13 +73,13 @@ Input the following Terraform Output Key values in the associated UI fields as i
 
 ==== Terraform for Active Directory Workflow
 
-Follow the steps listed under the Tenant flow above. For step 2, remember to name the directory you use to store your Terraform template something intuitive such as, userinput:[onboard-active-directory-<tenant-name>].
+Follow the steps listed under the Tenant flow above. For step 2, remember to name the directory you use to store your Terraform template something intuitive such as, _onboard-active-directory-<tenant-name>_.
 
 [.task]
 [#json]
 === Custom Roles to Authorize Prisma Cloud Access
 
-In addition to the automated Terraform authorization method, you also have the option to create a custom role so that enforce the principal of least access privileges to limit user access to the bare minimum. To create a custom role on Azure, you must have an Azure Active Directory Premium 1 or Premium 2 license plan.
+In addition to the automated Terraform authorization method, you also have the option to create a custom role so that you can enforce the principal of least access privileges to limit user access to the bare minimum. To create a custom role on Azure, you must have an Azure Active Directory Premium 1 or Premium 2 license plan.
 
 [.procedure]
 . Create a custom role using Azure CLI. You can create custom roles using Azure PowerShell, Azure CLI, or the REST API. The following instructions use the Azure CLI command (run on PowerShell or on the DOS command prompt) to create the custom role.
@@ -132,7 +132,7 @@ az role definition create --role-definition "azure_prisma_cloud_lp_read_only.jso
 ----
 az role definition create --role-definition "azure_prisma_cloud_read_only_role_gov.json"
 ----
-* China 
+... China 
 +
 [userinput]
 ----
@@ -173,19 +173,21 @@ image::connect/so-az-authorize-custom-role-tenant.png[]
 
 If your organization restricts the use of Terraform templates, you also have the option to manually onboard your Azure Active Directory (AD), Government or Azure China account resources to Prisma Cloud by creating an app registration (service principal) on Azure. Here is a preview of the required steps based on your chosen onboarding flow:
 
-*Azure Tenant*
-. Create a custom role at the tenant level.
-. Assign IAM roles at the tenant root level. 
-. Assign GraphAPI permissions at the tenant level.
-. Grant admin consent for Azure AD Graph APIs.
+==== *Azure Tenant*
+
+* Create a custom role at the tenant level.
+* Assign IAM roles at the tenant root level. 
+* Assign GraphAPI permissions at the tenant level.
+* Grant admin consent for Azure AD Graph APIs.
+
+==== *Azure Subscription*
 
- *Azure Subscription*
-. Create a custom role at the Subscription level.
-. Assign IAM roles at the subscription level.
+* Create a custom role at the Subscription level.
+* Assign IAM roles at the subscription level.
 
-*Azure Active Directory*
-. Assign GraphAPI permissions at the tenant level.
-. Grant admin consent for Azure AD Graph APIs.
+==== *Azure Active Directory*
+* Assign GraphAPI permissions at the tenant level.
+* Grant admin consent for Azure AD Graph APIs.
 
 
 ==== Prerequisites
@@ -203,7 +205,7 @@ If your organization restricts the use of Terraform templates, you also have the
 +
 .. Log in to https://portal.azure.com[Azure portal].
 
-.. Select menu:Azure{sp}Active{sp}Directory[App registrations > + New registration].
+.. Select *Azure Active Directory[App registrations > + New registration]*.
 
 .. Enter the application name.
 
@@ -223,19 +225,19 @@ The authentication response of the app will be returned to this URI.
 +
 The client secret is a secret string that the application uses to prove its identity when requesting a token.
 +
-.. Select menu:Certificates{sp}&{sp}secrets[+ New client secret].
+.. Select *Certificates & secrets[+ New client secret*.
 
 .. Enter a client *Description*, select *Expires* to configure how long the client secret lasts, and *Add*.
 
 .. Copy *Value* to a secure location. Make sure that you copy *Value* and not *Secret ID*. 
 
 . Get the Object ID.
 +
-.. Select menu:Azure{sp}Active{sp}Directory[Enterprise applications], and search for the app you previously created in the search box.
+.. Select *Azure Active Directory[Enterprise applications]*, and search for the app you previously created in the search box.
 +
 image::connect/azure-enterprise-applications-object-id.png[]
 
-.. Copy *Object ID* to a secure location on your computer. Make sure that you get the *Object ID* for the Prisma Cloud application from menu:Enterprise{sp}Applications[All applications] on the Azure portal—not from *App Registrations*.
+.. Copy *Object ID* to a secure location on your computer. Make sure that you get the *Object ID* for the Prisma Cloud application from *Enterprise Applications > All applications* on the Azure portal—not from *App Registrations*.
 
 . Add roles to the root group.
 +
@@ -273,23 +275,23 @@ image::connect/azure-account-view-roles.png[]
 ... Confirm that all the newly created roles were added.
 
 . Add the Microsoft Graph APIs.
-.. Navigate to the app you previously registered. Select menu:Azure{sp}Active{sp}Directory[App registrations], and select your app.
-.. Navigate to Microsoft Graph. Select menu:API{sp}permissions[+ Add a permission > Microsoft Graph > Application permissions].
+.. Navigate to the app you previously registered. Select *Azure Active Directory > App registrations*, and select your app.
+.. Navigate to Microsoft Graph. Select *API permissions > Add a permission > Microsoft Graph > Application permissions*.
 .. Add the permissions. Enter the permission name in *Select permissions*, and select the name from *Permission*. Add the following permissions:
 
-* screen:[User.Read.All]
-* screen:[Policy.Read.All]
-* screen:[Group.Read.All]
-* screen:[GroupMember.Read.All]
-* screen:[Reports.Read.All]
-* screen:[Directory.Read.All]
-* screen:[Domain.Read.All]
-* screen:[Application.Read.All]
+* User.Read.All
+* Policy.Read.All
+* Group.Read.All
+* GroupMember.Read.All
+* Reports.Read.All
+* Directory.Read.All
+* Domain.Read.All
+* Application.Read.All
 +
 If you have enabled additional functions like Agentless Scanning or Workload Protection additional permissions will be required. Review the *Roles and Permissions* list for the required permissions. 
 
 . Grant admin consent for Default Directory.
-.. Select menu:Grant{sp}admin{sp}consent{sp}for{sp}Default{sp}Directory[Yes].
+.. Select Yes under *Grant admin consent for Default Directory*.
 .. Verify that the permissions are granted.
 .. Confirm that you can see green check marks under the *Status* column.
 

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account.adoc

@@ -82,14 +82,16 @@ To successfully onboard and monitor the resources within your Azure subscription
 +
 The following Azure resources need to have the *Get* and *List* permissions enabled in the Key Management Operations on Azure Portal for Prisma Cloud to ingest them:
 +
-** screen:[azure-key-vault-list]
+** azure-key-vault-list
 
-** screen:[azure-key-vault-certificate]
+** azure-key-vault-certificate
 +
 Select menu:All{sp}services[Key vaults > (key vault name) > Access policies > + Add Access Policy]. For *Key permissions*, *Secret permissions*, and *Certificate permissions*, add the *Get* and *List* Key Management Operations.
 +
 image::connect/add-access-policy-azure.png[]
 
+. Authorize Prisma Cloud to ingest storage accounts. On the Azure portal, access your account and select *Configuration*. Enable the *Allow storage account keys* option and complete access key setup. Learn more about https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal[managing storage account keys]. 
+
 . On the Azure portal, enable Prisma Cloud to obtain network traffic data from Network Security Group (NSG) https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal[flow logs]. 
 +
 NSG flow logs, a feature of Network Watcher, allow you to view ingress and egress IP traffic information through a NSG. This step is required only if you are using the Azure Tenant or Subscription workflow, or if you would optionally like to ingest flow logs.
@@ -134,6 +136,8 @@ To successfully connect your account to Prisma Cloud you will need to provide th
 
 * https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/azure-commercial-permissions-security-coverage.txt[Permissions for Foundational and Advanced Security Capabilities]
 
+Reference Azure documentation to learn more about https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader[Reader], https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader-and-data-access[Reader and Data Access], https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor[Network Contributor] and https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor[Storage Account Contributor] roles.
+
 === Next: Onboard your Azure Account 
 
 * Azure Tenant (Connects all your Azure resources to Prisma Cloud including Accounts with Management Groups, Subscriptions and Active Directory) 

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-active-directory.adoc

@@ -22,12 +22,12 @@ If your organization restricts the use of Terraform scripts, you can choose to m
 
 Ensure that you've reviewed the xref:connect-azure-account.adoc#prerequisites[onboarding prerequisites] prior to starting the onboarding process. The graphic below provides a visual overview of the steps you will take to onboard your account.
 
-image::connect/so-az-active-directory.gif[]
+image::connect/az-active-dir.gif[]
 
 [.procedure]
 . *Get Started*
 +
-.. xref:../get-started/access-prisma-cloud.adoc[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account].
+.. xref:../get-started/access-prisma-cloud.adoc[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*.
 .. Choose *Azure* as the *Cloud to Secure*.
 .. Select *Active Directory* under *Scope*.
 .. Select *Commercial* as the *Deployment Type*.

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-subscription.adoc

@@ -22,12 +22,12 @@ If your organization restricts the use of Terraform scripts, you can choose to m
 
 Ensure that you've reviewed the xref:connect-azure-account.adoc#prerequisites[onboarding prerequisites] prior to starting the onboarding process. The graphic below provides a visual overview of the steps you will take to onboard your account.
 
-//image::connect/so-az-subscription.gif[]
+image::connect/az-subscription.gif[]
 
 [.procedure]
 . *Get Started*
 +
-.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account].
+.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*.
 
 .. Choose *Azure* as the *Cloud to Secure*.
 .. Select *Subscription* under *Scope*.

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-tenant.adoc

@@ -22,7 +22,7 @@ If your organization restricts the use of Terraform scripts, you can choose to m
 
 Ensure that you've reviewed the xref:connect-azure-account.adoc#prerequisites[onboarding prerequisites] prior to starting the onboarding process. The graphic below provides a visual overview of the steps required to onboard your account.
 
-//image::connect/so-az-tenant.gif[]
+image::connect/az-tenant.gif[]
 
 [.procedure]
 . *Get Started*

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/edit-onboarded-account.adoc

@@ -1,9 +1,6 @@
 == View and Edit a Connected Azure Account
 
-After you have added your Azure cloud account resources, you may from time to time want to review or update existing cloud resources or modify assigned permissions. The graphic below outlines the required steps to view or edit security capabilities.
-
-image::connect/so-az-view-edit.gif[]
-
+After you have added your Azure cloud account resources, you may from time to time want to review or update existing cloud resources or modify assigned permissions. 
 Follow the steps below to view or edit your Azure cloud account resources: 
 
 [.task]

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/troubleshoot-azure-account-onboarding.adoc

@@ -129,7 +129,7 @@ This query allows you to list all network traffic from the Internet or from Susp
 
 The Network Watcher is required to generate flow logs on Azure.
 
-.. Log in to the Azure portal and select menu:Network{sp}Watcher[Overview] and verify that the status is *Enabled*.
+.. Log in to the Azure portal and select *Network Watcher > Overview* and verify that the status is *Enabled*.
 
 .. Log in to Prisma Cloud.
 
@@ -141,7 +141,7 @@ config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-netw
 
 *Check that you have enabled flow logs on the NSGs*.
 
-.. Log in to the Azure portal, and select menu:Network{sp}Watcher[NSG Flow Logs] and verify that the status is *Enabled*.
+.. Log in to the Azure portal, and select *Network Watcher > NSG Flow Logs* and verify that the status is *Enabled*.
 
 .. Log in to Prisma Cloud.
 

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/update-azure-application-permissions.adoc

@@ -1,6 +1,6 @@
 == Update Azure Application Permissions
 
-Even after you have completed onboarding, you have the option to add or remove Prisma Cloud Security Capabilities. Learn how you can add additional capabilities and the required associated permissions in your Azure subscriptions or tenants after onboarding. To verify if you have missing permissions authenticate into Prisma Cloud and select menu:Settings[Cloud Accounts], and view the *Status* column. 
+Even after you have completed onboarding, you have the option to add or remove Prisma Cloud Security Capabilities. Learn how you can add additional capabilities and the required associated permissions in your Azure subscriptions or tenants after onboarding. To verify if you have missing permissions authenticate into Prisma Cloud and select *Settings > Cloud Accounts*, and view the *Status* column. 
 
 === Update Azure Custom Role Permissions
 
@@ -58,22 +58,22 @@ Follow the steps below to assign graph API permissions at the tenant level.
 
 [.procedure]
 . Add the required permissions.
-.. Navigate to the app you previously registered. Select menu:Azure{sp}Active{sp}Directory[App registrations], and select your app.
-.. Navigate to Microsoft Graph. Select menu:API{sp}permissions[+ Add a permission > Microsoft Graph > Application permissions].
+.. Navigate to the app you previously registered. Select *Azure > Active > Directory > App registrations*, and select your app.
+.. Navigate to Microsoft Graph. Select *API > permissions > Add a permission > Microsoft Graph > Application permissions*.
 .. Add the permissions. Enter the permission name in *Select permissions*, and select the name from *Permission*. Add the following permissions:
 
-* screen:[User.Read.All]
-* screen:[Policy.Read.All]
-* screen:[Group.Read.All]
-* screen:[GroupMember.Read.All]
-* screen:[Reports.Read.All]
-* screen:[Directory.Read.All]
-* screen:[Domain.Read.All]
-* screen:[Application.Read.All]
+* User.Read.All
+* Policy.Read.All
+* Group.Read.All
+* GroupMember.Read.All
+* Reports.Read.All
+* Directory.Read.All
+* Domain.Read.All
+* Application.Read.All
 +
 If you have enabled additional functions like Agentless Scanning or Workload Protection additional permissions will be required. Review the *Roles and Permissions* list for the required permissions. 
 
 . Grant admin consent for Default Directory.
-.. Select menu:Grant{sp}admin{sp}consent{sp}for{sp}Default{sp}Directory[Yes].
+.. Select *Grant admin consent for Default Directory > Yes*.
 .. Verify that the permissions are granted.
 .. Confirm that you can see green check marks under the *Status* column.