Merge pull request #230367 from AlizaBernstein/WI-67358-release-notes-update-reg-compliance-pack

WI-67358-update some reg compliance standards now avail in gov clouds

Author: prmerger-automator[bot]

articles/defender-for-cloud/release-notes.md

@@ -2,7 +2,7 @@
 title: Release notes for Microsoft Defender for Cloud
 description: A description of what's new and changed in Microsoft Defender for Cloud
 ms.topic: overview
-ms.date: 02/20/2023
+ms.date: 03/20/2023
 ---
 
 # What's new in Microsoft Defender for Cloud?
@@ -19,9 +19,26 @@ To learn about *planned* changes that are coming soon to Defender for Cloud, see
 ## March 2023
 
 Updates in March include:
+
+- [Some regulatory compliance standards are now available in government clouds](#some-regulatory-compliance-standards-are-now-available-in-government-clouds)
 - [New preview recommendation for Azure SQL Servers](#new-preview-recommendation-for-azure-sql-servers)
 - [New alert in Defender for Key Vault](#new-alert-in-defender-for-key-vault)
 
+### Some regulatory compliance standards are now available in government clouds
+
+We are announcing that the following regulatory standards are being updated with latest version and are available for customers in Azure Government and Azure China 21Vianet.
+
+**Azure Government**:
+- [PCI DSS v4](/azure/compliance/offerings/offering-pci-dss)
+- [SOC 2 Type 2](/azure/compliance/offerings/offering-soc-2) 
+- [ISO 27001:2013](/azure/compliance/offerings/offering-iso-27001)
+
+**Azure China 21Vianet**:
+- [SOC 2 Type 2](/azure/compliance/offerings/offering-soc-2) 
+- [ISO 27001:2013](/azure/compliance/offerings/offering-iso-27001)
+
+Learn how to [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md).
+
 ### New preview recommendation for Azure SQL Servers 
 
 We have added a new recommendation for Azure SQL Servers, `Azure SQL Server authentication mode should be Azure Active Directory Only (Preview)`.

articles/defender-for-cloud/upcoming-changes.md

@@ -2,7 +2,7 @@
 title: Important changes coming to Microsoft Defender for Cloud
 description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan 
 ms.topic: overview
-ms.date: 03/05/2023
+ms.date: 03/20/2023
 ---
 
 # Important upcoming changes to Microsoft Defender for Cloud
@@ -19,11 +19,12 @@ If you're looking for the latest release notes, you'll find them in the [What's
 | Planned change | Estimated date for change |
 |--|--|
 | [Changes in the recommendation "Machines should be configured securely"](#changes-in-the-recommendation-machines-should-be-configured-securely) | March 2023 |
-| [Three alerts in the Defender for Resource Manager plan will be deprecated](#three-alerts-in-the-defender-for-resource-manager-plan-will-be-deprecated) | March 2023 |
+| [Three alerts in the Defender for Azure Resource Manager plan will be deprecated](#three-alerts-in-the-defender-for-resource-manager-plan-will-be-deprecated) | March 2023 |
 | [Alerts automatic export to Log Analytics workspace will be deprecated](#alerts-automatic-export-to-log-analytics-workspace-will-be-deprecated) | March 2023 |
 | [Deprecation and improvement of selected alerts for Windows and Linux Servers](#deprecation-and-improvement-of-selected-alerts-for-windows-and-linux-servers) | April 2023 |
 | [Deprecation of App Service language monitoring policies](#deprecation-of-app-service-language-monitoring-policies) | April 2023 |
-| [Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations) | May 2023 |
+| [Deprecation of legacy compliance standards across cloud environments](#deprecation-of-legacy-compliance-standards-across-cloud-environments) | April 2023 |
+| [Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations) | April 2023 |
 
 ### Changes in the recommendation "Machines should be configured securely"
 
@@ -92,6 +93,15 @@ Customers can use alternative built-in policies to monitor any specified languag
 
 These will no longer be in Defender for Cloud's built-in recommendations. You can add them as custom recommendations to have Defender for Cloud monitor them.
 
+### Deprecation of legacy compliance standards across cloud environments
+
+**Estimated date for change: April 2023**
+
+We are announcing the full deprecation of support of [`PCI DSS`](/azure/compliance/offerings/offering-pci-dss) standard/initiative in Azure China 21Vianet.
+
+Legacy PCI DSS v3.2.1 and legacy SOC TSP are set to be fully deprecated and replaced by [SOC 2 Type 2](/azure/compliance/offerings/offering-soc-2) initiative and [PCI DSS v4](/azure/compliance/offerings/offering-pci-dss) initiative.
+Learn how to [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md).
+
 ### Multiple changes to identity recommendations
 
 **Estimated date for change: May 2023**
@@ -134,6 +144,15 @@ We recommend updating custom scripts, workflows, and governance rules to corresp
 
 We've improved the coverage of the V2 identity recommendations by scanning all Azure resources (rather than just subscriptions) which allows security administrators to view role assignments per account. These changes may result in changes to your Secure Score throughout the GA process.
 
+### Deprecation of legacy compliance standards across cloud environments
+
+**Estimated date for change: April 2023**
+
+We are announcing the full deprecation of support of [`PCI DSS`](/azure/compliance/offerings/offering-pci-dss) standard/initiative in Azure China 21Vianet.
+
+Legacy PCI DSS v3.2.1 and legacy SOC TSP are set to be fully deprecated and replaced by [SOC 2 Type 2](/azure/compliance/offerings/offering-soc-2) initiative and [`PCI DSS v4`](/azure/compliance/offerings/offering-pci-dss) initiative.
+Learn how to [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md).
+
 ## Next steps
 
 For all recent changes to Defender for Cloud, see [What's new in Microsoft Defender for Cloud?](release-notes.md).

articles/defender-for-cloud/update-regulatory-compliance-packages.md

@@ -2,7 +2,7 @@
 title: The regulatory compliance dashboard in Microsoft Defender for Cloud
 description: Learn how to add and remove regulatory standards from the regulatory compliance dashboard in Defender for Cloud
 ms.topic: how-to
-ms.date: 02/07/2023
+ms.date: 03/20/2023
 ms.custom: ignite-2022
 ---
 
@@ -21,17 +21,18 @@ To see compliance data mapped as assessments in your dashboard, add a compliance
 
 When you've assigned a standard or benchmark to your selected scope, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments. You can also download summary reports for any of the standards that have been assigned.
 
-Microsoft tracks the regulatory standards themselves and automatically improves its coverage in some of the packages over time. When Microsoft releases new content for the initiative, it will appear automatically in your dashboard as new policies mapped to controls in the standard.
+Microsoft tracks the regulatory standards themselves and automatically improves its coverage in some of the packages over time. When Microsoft releases new content for the initiative, it appears automatically in your dashboard as new policies mapped to controls in the standard.
 
 ## What regulatory compliance standards are available in Defender for Cloud?
 
 By default, every Azure subscription has the Microsoft cloud security benchmark assigned. This is the Microsoft-authored, cloud specific guidelines for security and compliance best practices based on common compliance frameworks. [Learn more about Microsoft cloud security benchmark](/security/benchmark/azure/introduction).
 
-Available regulatory standards:
+**Available regulatory standards**:
 
-- PCI-DSS v3.2.1
+- PCI-DSS v3.2.1 **(deprecated)**
 - PCI DSS v4
 - SOC TSP
+- SOC 2 Type 2
 - ISO 27001:2013
 - Azure CIS 1.1.0
 - Azure CIS 1.3.0
@@ -55,7 +56,7 @@ Available regulatory standards:
 
 Users that have one Defender bundle enabled can enable other standards. 
 
-Available AWS regulatory standards:
+**Available AWS regulatory standards**:
 
 - CIS 1.2.0
 - CIS 1.5.0
@@ -73,13 +74,11 @@ To add regulatory compliance standards on AWS accounts:
 
     :::image type="content" source="media/update-regulatory-compliance-packages/Add-aws-regulatory-compliance.png" alt-text="Screenshot of adding regulatory compliance standard to AWS account." lightbox="media/update-regulatory-compliance-packages/Add-aws-regulatory-compliance.png":::
 
-More standards will be added to the dashboard and included in the information on [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md).
-
-**GCP**: When users onboard, every GCP project has the "GCP Default" standard assigned and can be viewed under Recommendations. 
+**GCP**: When users onboard, every GCP project has the "GCP Default" standard assigned. 
 
 Users that have one Defender bundle enabled can enable other standards. 
 
-Available GCP regulatory standards:
+**Available GCP regulatory standards**:
 
 - CIS 1.1.0, 1.2.0
 - PCI DSS 3.2.1
@@ -163,7 +162,7 @@ To remove a standard:
 
     :::image type="content" source="./media/update-regulatory-compliance-packages/remove-standard-confirm.png" alt-text="Screenshot showing to confirm that you really want to remove the regulatory standard you selected." lightbox="media/update-regulatory-compliance-packages/remove-standard-confirm.png":::
 
-1. Select **Yes**. The standard will be removed.
+1. Select **Yes**.
 
 ## Next steps