Azure
diff --git a/Diff for: ‎Plugins/Community Based Plugins/Purview/eDiscovery/Readme.md
+76-63 b/Diff for: ‎Plugins/Community Based Plugins/Purview/eDiscovery/Readme.md
+76-63
@@ -1,74 +1,87 @@
-# eDiscovery Plugin for Copilot for Security
+# eDiscovery Plugin for Security Copilot
 Author: Amit Singh
 
-This custom plugin for Copilot for Security offers a range of functionalities to enhance your organization's eDiscovery capabilities in Microsoft Purview. Use this plugin if you create the case and then export the artifacts. If you attach search to review set & review those in eDiscovery then this plugin will not work as currently constructed. 
+This custom Security Copilot plugin enhances your organization's eDiscovery capabilities in Microsoft Purview. It is designed for workflows where you create a case and export artifacts directly. You can initiate an export from Search after indexing and estimating the artifacts. However, this plugin does not support workflows that involve attaching searches to a review set for further analysis in eDiscovery. Attaching searches to a review set is a manual process that must be completed within the case in the Purview portal.
 
-Pre-requisites
+### Prerequisites for Using Security Copilot
 
-* [Copilot for Security Enabled](https://learn.microsoft.com/en-us/security-copilot/get-started-security-copilot#onboarding-to-microsoft-security-copilot)
-* [Access to upload custom plugins](https://learn.microsoft.com/en-us/security-copilot/manage-plugins?tabs=securitycopilotplugin#managing-custom-plugins)
-* Make sure your application has the following delegated graph (https://graph.microsoft.com) permissions: offline_access user.read eDiscovery.Read.All & eDiscovery.ReadWrite.All. See this link for App registration [EntraID Application Registration created](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#register-an-application) 
+- **Ensure Security Copilot is Enabled**  
+  Before you start, make sure Security Copilot is enabled in your environment. Follow the onboarding steps here:  
+  [Get Started with Security Copilot](https://learn.microsoft.com/en-us/security-copilot/get-started-security-copilot#onboarding-to-microsoft-security-copilot)
 
-### Instructions
-#### Upload the Custom Plugin
+- **Check Your Access to Upload Custom Plugins**  
+  To use custom plugins, you need the proper permissions to upload them in Security Copilot. Learn how to manage and enable this feature here:  
+  [Managing Custom Plugins](https://learn.microsoft.com/en-us/security-copilot/manage-plugins?tabs=securitycopilotplugin#managing-custom-plugins)
 
-* Obtain the file [eDiscovery_OAuth_API_manifest.yaml](https://github.com/samitks77/Copilot-For-Security/blob/main/Plugins/Community%20Based%20Plugins/Purview/eDiscovery/eDiscovery_OAuth_API_manifest.yaml) from this directory. This is the yaml that you will upload in Copilot for Security. From your EntraID App registration, add the ClientId & tenant ID. ![alt text](EntraID-ClientID-TenantID.png)
-* During the upload process as a custom plugin in Copilot for Security you will need to have your Secret Value from Certificates & secrets. This will be your API key for this plugin to work. Copy your secret value once the secret is created because if you navigate away from this screen, your secret value will not be human readable ![alt text](EntraID-SecretValue.png) Follow these steps to create the secrets(https://learn.microsoft.com/en-us/graph/auth-register-app-v2#add-credentials).
-* Upload eDiscovery_OAuth_API_manifest.yaml to Copilot for Security by navigating to custom plugins at the bottom of the Manage Sources page. ![alt text](CfS-add-plugin.png)
-* Upload the file by clicking on Copilot for Security plugin. ![alt text](CfS-add-plugin-part2.png)
-* Paste the Client Secret Value from EntraID App Registration & click connect ![alt text](CfS-Secret.png) It should open another window where you will sign in. 
+- **Set Up the Required Permissions for Your Application**  
+  Your application must have the following permissions for Microsoft Graph (`https://graph.microsoft.com`):  
+  - `offline_access`  
+  - `user.read`  
+  - `eDiscovery.Read.All`  
+  - `eDiscovery.ReadWrite.All`  
+
+  To register your application and configure these permissions, follow the steps here:  
+  [Register an Application in Entra ID](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#register-an-application)
+
+## Setting Up the Custom Plugin in Security Copilot
+
+### Uploading the Custom Plugin  
+
+1. **Download the Required File**  
+   - Obtain the file **[`eDiscovery_OAuth_API_manifest.yaml`](https://github.com/samitks77/Copilot-For-Security/blob/main/Plugins/Community%20Based%20Plugins/Purview/eDiscovery/eDiscovery_OAuth_API_manifest.yaml)** from the designated directory. This YAML file will be uploaded to **Security Copilot** during the setup process.
+   
+2. **Add Client ID & Tenant ID**  
+   - From your **Entra ID App Registration**, make sure to add your **Client ID** and **Tenant ID** before proceeding with the 
+   upload.    
+   ![alt text](EntraID-ClientID-TenantID.png)  
+   
+3. **Generate and Copy Your Secret Value**
+   - During the plugin upload process in **Security Copilot**, you will need a **Secret Value** from **Certificates & Secrets** in your Entra ID App.  
+   - This **Secret Value** acts as your **API key** for the plugin to function correctly.  
+   - **Important:** Copy your **Secret Value** immediately after creating it. If you navigate away from the page, the value will no longer be readable.
+     
+     ![alt text](EntraID-SecretValue.png)
+
+4. **Create Secrets in Entra ID**
+
+   - Follow these steps to create and manage secrets for your application: 
+   **[`How to Add Credentials in Entra ID`](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#add-credentials)**
+
+5. **Navigate to Custom Plugins**
+
+   - Go to the **Manage Sources** on the home page of **Security Copilot**, and scroll down to the **Custom Plugins** section.
+
+   ![alt text](scp-upload-custom-plugins.png)
+
+   ![alt text](scp-upload-custom-plugins-2.png)
+6. **Upload the Plugin File**
+
+   - Click on **Security Copilot Plugin**, then upload the **`eDiscovery_OAuth_API_manifest.yaml`** file.
+
+   ![alt text](scp-upload-custom-plugins-api-manifest.png)
+
+7.  **Enter the Client Secret and Connect**
+   
+    - Paste the **Client Secret Value** from your **Entra ID App Registration**.  
+    - Click **Connect** to proceed.
+
+     ![alt text](CfS-Secret.png)
+
+8.  **Sign-In**
+
+    Once you click **Connect**, a new window will open where you will need to sign in with your credentials.
+
+### Plugin Setup Complete  
+
+You have successfully set up the **eDiscovery Plugin** in **Security Copilot**. With the plugin uploaded, Client ID, Tenant ID, and Secret Value configured, and authentication completed, your integration is now ready to use. Security Copilot can now leverage this plugin for enhanced **eDiscovery capabilities**, allowing you to streamline investigations and data retrieval processes. If you encounter any issues, verify your Entra ID settings, ensure your Client Secret is valid, and check your Security Copilot permissions. 
 
 ### Skills & Prompts
-1. Create eDiscovery Case: 
-   - Example Prompt(s): 
-     - Create eDiscovery case in Purview with the Case name "Test-123", response should be a bulleted list
-   - Inputs: [Case name]
-2. Add custodian to eDiscovery Case: 
-   - Example Prompt(s): 
-     - Add custodian to the eDiscovery case in Purview, use the case id from above or use this Case ID "1xxxx234-XXXX-XXXX-a1cd- 
-       fxxxxxxxxxx0" and add this email for the custodian "[email protected]" 
-   - Inputs: [Email]
-   - Inputs: [Case ID]
-3. Apply hold on eDiscovery Custodian 
-   - Example Prompt(s): 
-     - Apply hold on eDiscovery custodians using the custodian id from above or use this Custodian ID "2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx6" 
-   - Inputs: [Custodian ID]
-4. Add new userSource objects to Custodians 
-   - Example Prompt(s): 
-     - add new userSource object associated with the eDiscovery custodian id "2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx6", include this 
-       custodian email "[email protected]" and Mailbox, site for sources. 
-   - Inputs: [Custodian ID]
-   - Inputs: [Email]
-5. Add new eDiscovery Search object to the Case 
-   - Example Prompt(s): 
-     - Add a new ediscoverySearch object with this Case ID "1xxxx234-XXXX-XXXX-a1cd-fxxxxxxxxxx0" with the display name "Test-123- 
-       search", also add dataSourceScopes to allTenantMailboxes, allTenantSites, allCaseCustodians.
-   - Inputs: [Case ID]
-   - Inputs: [Display Name]
-6. Run an estimate on eDiscovery Case: 
-   - Example Prompt(s): 
-     - Run an estimate of the number of emails and documents in eDiscovery with this Search ID "2xxxxxxx-xxx4-xxxd-4xxx- 
-       5xxxxxxxxxxx" or the Search ID from above
-   - Inputs: [Search ID]
-7. Create new eDiscovery ReviewSet: 
-   - Example Prompt(s): 
-     - Create new ediscoveryReviewSet for the above case id or use this Case ID "1xxxx234-XXXX-XXXX-a1cd- 
-       fxxxxxxxxxx0" with the Display Name of "Test-123-reviewset"
-   - Inputs: [Case ID]
-8. Initiate an Export in eDiscovery: 
-   - Example Prompt(s): 
-     - Use this Case ID "1xxxx234-XXXX-XXXX-a1cd-fxxxxxxxxxx0" or the Case ID from above & this ReviewSetId "dxxxxxxx-xxxx-xxxx-xxxx- 
-       xxxxxxxxxxxx" or the ReviewSetId from above and initiate an export
-   - Inputs: [Case ID]
-   - Inputs: [Review Set ID]
-9. Get a list of Case Operation in eDiscovery: 
-   - Example Prompt(s): 
-     - Use the Case ID from above or use this Case ID "1xxxx234-XXXX-XXXX-a1cd-fxxxxxxxxxx0", get a list of the caseOperation objects 
-       and their properties
-   - Inputs: [Case ID]
-
-### eDiscovery prompt book based on variables like CaseID etc
-![alt text](CfS-Prompt-Sample.png)
+
+🔹 **These are **suggested prompts** that you can use to interact with this plugin in **Security Copilot**. Each prompt helps you execute specific **eDiscovery actions efficiently**. You can modify these prompts based on your use case and organizational requirements. Below, you'll find structured input fields required for each action, ensuring precise execution of eDiscovery tasks. For a cleaner, structured view of the prompts, check out the HTML version below:**
+
+👉 **[`Suggested Prompts in HTML`](https://htmlpreview.github.io/?https://raw.githubusercontent.com/samitks77/Copilot-For-Security/main/Plugins/Community%20Based%20Plugins/Purview/eDiscovery/sampleprompts.html)**
+
+