Merge pull request #314036 from Xelu86/enabletls12sap

[Update] TLS 1.2 secure communication in Azure Monitor for SAP solutions

Author: JillGrant615

articles/sap/monitor/enable-tls-azure-monitor-sap-solutions.md

@@ -1,47 +1,45 @@
 ---
-title: Enable TLS 1.2 or later 
-description: Learn about secure communication with TLS 1.2 or later in Azure Monitor for SAP solutions.
+title: TLS 1.2 secure communication in Azure Monitor for SAP solutions
+description: Learn about secure communication with TLS 1.2 or later in Azure Monitor for SAP solutions, including supported certificate types and how encryption works.
 author: sameeksha91
 ms.service: sap-on-azure
 ms.subservice: sap-monitor
-ms.topic: how-to
-ms.date: 08/21/2024
+ms.topic: concept-article
+ms.date: 03/30/2026
 ms.author: sakhare
-#Customer intent: As an SAP Basis or cloud infrastructure team member, I want to deploy Azure Monitor for SAP solutions with secure communication.
-# Customer intent: As an SAP Basis or cloud infrastructure team member, I want to enable TLS 1.2 or later for Azure Monitor for SAP solutions, so that I can ensure secure communication and protect telemetry data during transit.
+#Customer intent: As an SAP Basis or cloud infrastructure team member, I want to enable TLS 1.2 or later for Azure Monitor for SAP solutions so that I can ensure secure communication and protect telemetry data during transit.
 ---
 
-# Enable TLS 1.2 or later in Azure Monitor for SAP solutions
+# TLS 1.2 secure communication in Azure Monitor for SAP solutions
 
-In this article, learn about secure communication with TLS 1.2 or later in Azure Monitor for SAP solutions.
+TLS 1.2 secure communication is an optional encryption feature in Azure Monitor for SAP solutions that encrypts monitoring telemetry data in transit between Azure Functions and SAP systems. This article explains how the feature works and which certificate types are supported.
 
-Azure Monitor for SAP solutions resources and their associated managed resource group components are deployed within a virtual network in a subscription. Azure Functions is one component in a managed resource group. Azure Functions connects to an appropriate SAP system by using connection properties that you provide, pulls required telemetry data, and pushes that data to Log Analytics.  
+Azure Monitor for SAP solutions resources and their associated managed resource group components deploy within a virtual network in your subscription. Azure Functions connects to an SAP system by using the connection properties that you provide, pulls required telemetry data, and pushes that data to Log Analytics.
 
-Azure Monitor for SAP solutions provides encryption of monitoring telemetry data in transit by using approved cryptographic protocols and algorithms. Traffic between Azure Functions and SAP systems is encrypted with TLS 1.2 or later. By choosing this option, you can enable secure communication.
-  
-Enabling TLS 1.2 or later for telemetry data in transit is an optional feature. You can choose to enable or disable this feature according to your requirements.
+Azure Monitor for SAP solutions encrypts monitoring telemetry data in transit by using approved cryptographic protocols and algorithms. Traffic between Azure Functions and SAP systems is encrypted with TLS 1.2 or later. You can enable or disable this feature based on your needs.
 
 ## Supported certificates
 
-To enable secure communication in Azure Monitor for SAP solutions, you can choose to use either a *root* certificate or a *server* certificate.
+To enable secure communication in Azure Monitor for SAP solutions, you can use either a *root* certificate or a *server* certificate.
 
-We highly recommend that you use root certificates. For root certificates, Azure Monitor for SAP solutions supports only certificates from [certificate authorities (CAs) that participate in the Microsoft Trusted Root Program](/security/trusted-root/participants-list).
+We recommend root certificates. For root certificates, Azure Monitor for SAP solutions supports only certificates from [certificate authorities (CAs) that participate in the Microsoft Trusted Root Program](/security/trusted-root/participants-list).
 
-Certificates must be signed by a trusted root authority. Self-signed certificates aren't supported.
+A trusted root authority must sign the certificates. Self-signed certificates **aren't** supported.
 
-## How does it work?
+## How it works
 
-When you deploy an Azure Monitor for SAP solutions resource, a managed resource group and its components are automatically deployed. Managed resource group components include Azure Functions, Log Analytics, Azure Key Vault, and a storage account. This storage account holds certificates that are needed to enable secure communication with TLS 1.2 or later.
+When you deploy an Azure Monitor for SAP solutions resource, a managed resource group and its components deploy automatically. Managed resource group components include Azure Functions, Log Analytics, Azure Key Vault, and a storage account. This storage account holds certificates needed to enable secure communication with TLS 1.2 or later.
 
-During the creation of providers in Azure Monitor for SAP solutions, you choose to enable or disable secure communication. If you enable it, you can then choose which type of certificate you want to use.
+During provider creation in Azure Monitor for SAP solutions, you can enable or disable secure communication. When you enable this feature, the certificate type determines how encryption works.
 
-If you select a root certificate, you need to [verify that it comes from a Microsoft-supported CA](/security/trusted-root/participants-list). You can then continue to create the provider instance. Subsequent data in transit is encrypted through this root certificate.
+With a root certificate, the certificate must come from a [Microsoft-supported CA](/security/trusted-root/participants-list). After validation, the provider instance uses the root certificate to encrypt subsequent data in transit.
 
-If you select a server certificate, make sure that it's signed by a trusted CA. After you upload the certificate, it's stored in a storage account within the managed resource group in the Azure Monitor for SAP solutions resource. Subsequent data in transit is encrypted through this certificate.
+With a server certificate, a trusted CA must sign the certificate. After you upload the certificate, Azure Monitor for SAP solutions stores it in a storage account within the managed resource group. This certificate encrypts subsequent data in transit.
 
 > [!NOTE]
-> Each provider type might have prerequisites that you must fulfill to enable secure communication.
+> Each provider type might have prerequisites that you must meet to enable secure communication.
 
-## Next steps
+## Related content
 
-- [Configure Azure Monitor for SAP solutions providers](provider-netweaver.md)
+- [Azure Monitor for SAP solutions provider types](providers.md)
+- [Configure SAP NetWeaver provider for Azure Monitor for SAP solutions](provider-netweaver.md)