Merge pull request #311543 from MartinPankraz/add-agentless-tooling-ref

prmerger-automator[bot] · web-flow · commit 9c9fc927d5f3 · 2026-02-09T12:30:29.000Z
tooling add
diff --git a/articles/sentinel/sap/collect-sap-hana-audit-logs.md b/articles/sentinel/sap/collect-sap-hana-audit-logs.md
@@ -15,16 +15,15 @@ ms.collection: usx-security
 
 # Collect SAP HANA audit logs in Microsoft Sentinel
 
-This article explains how to collect audit logs from your SAP HANA database.
+This article explains how to collect audit logs from your SAP HANA database in customer managed environments.
 
 Content in this article is intended for your **security**, **infrastructure**, and  **SAP BASIS** teams.
 
 > [!IMPORTANT]
 > Microsoft Sentinel SAP HANA support is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
-> [!NOTE]
-> This article is relevant only for the data connector agent, and isn't relevant for the [SAP agentless data connector](deployment-overview.md#data-connector).
->
+> [!IMPORTANT]
+> For environments managed by SAP such as SAP RISE (S/4HANA Cloud, private edition), SAP HANA database audit logs are collected by SAP using the service **SAP LogServ** only. It integrates with Microsoft Sentinel for SAP applications natively re-using the built-in analytic rules. Learn more from the [Blog Series: SAP LogServ Integration with Microsoft Sentinel](https://community.sap.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-sap-logserv-integration-with-microsoft-sentinel/ba-p/14126401)
 
 ## Prerequisites
 
diff --git a/articles/sentinel/sap/deploy-data-connector-agent-container.md b/articles/sentinel/sap/deploy-data-connector-agent-container.md
@@ -374,6 +374,16 @@ At this stage, the system's **Health** status is **Pending**. If the agent is up
 > [!IMPORTANT]
 > There may be some wait time on initial connect. Find more details to verify the connector [here](/azure/sentinel/create-codeless-connector#verify-the-codeless-connector).
 
+## Mass-Onboard SAP systems at scale
+
+To onboard SAP systems to the Sentinel Solution for SAP applications at scale, API and CLI based approaches are recommended. Get started with [this script library](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SAP/Tools/IntegrationSuite).
+
+## Rotate the BTP client secret
+
+We recommend that you periodically rotate the BTP subaccount client secrets used by the data connector. For an automated, platform-based approach, see our [Automatic SAP BTP trust store certificate renewal with Azure Key Vault – or how to stop thinking about expiry dates once and for all](https://community.sap.com/t5/technology-blogs-by-members/automatic-sap-btp-trust-store-certificate-renewal-with-azure-key-vault-or/ba-p/13565138) (SAP blog).
+
+This [script library](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SAP/Tools/IntegrationSuite) demonstrates the automatic process of updating an existing data connector with a new secret.
+
 ## Customize data connector behavior (optional)
 
 If you have an SAP agentless data connector for Microsoft Sentinel, you can use the SAP Integration Suite to customize how the agentless data connector ingests data from your SAP system into Microsoft Sentinel.
