fixing last issues

Author: rayne-wiselman

articles/defender-for-cloud/TOC.yml

@@ -95,6 +95,8 @@
     - name: Defender for Cloud support matrices
       displayName: coverage, supported platforms, cloud services, roles, permissions
       href: support-matrix-defender-for-cloud.md
+    - name: Defender for Cloud cloud support
+      href: support-matrix-cloud-environment.md
     - name: Defender for Servers support matrices
       displayName: coverage, machines, windows, linux, multicloud, supported features, endpoint protections
       href: support-matrix-defender-for-servers.md

articles/defender-for-cloud/alerts-reference.md

@@ -751,7 +751,7 @@ VM_VbScriptHttpObjectAllocation| VBScript HTTP object allocation detected | High
 **(Preview) Parameter enumeration on an API endpoint**<br/> (API_ParameterEnumeration) | A single IP was observed enumerating parameters when accessing one of the API endpoints. Based on historical traffic patterns from the last 30 days, Defender for APIs learns a baseline that represents the typical number of distinct parameter values used by a single IP when accessing this endpoint across 20-minute windows. The alert was triggered because a single client IP recently accessed an endpoint using an unusually large number of distinct parameter values. | Initial access | Medium
 **(Preview) Distributed parameter enumeration on an API endpoint**<br/> (API_DistributedParameterEnumeration) | The aggregate user population (all IPs) was observed enumerating parameters when accessing one of the API endpoints. Based on historical traffic patterns from the last 30 days, Defender for APIs learns a baseline that represents the typical number of distinct parameter values used by the user population (all IPs) when accessing an endpoint across 20-minute windows. The alert was triggered because the user population recently accessed an endpoint using an unusually large number of distinct parameter values. | Initial access | Medium
 **(Preview) Parameter value(s) with anomalous data types in an API call**<br/> (API_UnseenParamType) | A single IP was observed accessing one of your API endpoints and using parameter values of a low probability data type (e.g., string, integer, etc.). Based on historical traffic patterns from the last 30 days, Defender for APIs learns the expected data types for each API parameter. The alert was triggered because an IP recently accessed an endpoint using a previously low probability data type as a parameter input. | Impact | Medium
-**(Preview) Previously unseen parameter used in an API call**<br/> (API_UnseenParam) | A single IP was observed accessing one of the API endpoints using a previously unseen or out-of-bounds parameter in the request. Based on historical traffic patterns from the last 30 days, Defender for APIs learns a set of expected parameters associated with calls to an endpoint The alert was triggered because an IP recently accessed an endpoint using a previously unseen parameter. | Impact | Medium
+**(Preview) Previously unseen parameter used in an API call**<br/> (API_UnseenParam) | A single IP was observed accessing one of the API endpoints using a previously unseen or out-of-bounds parameter in the request. Based on historical traffic patterns from the last 30 days, Defender for APIs learns a set of expected parameters associated with calls to an endpoint. The alert was triggered because an IP recently accessed an endpoint using a previously unseen parameter. | Impact | Medium
 **(Preview) Access from a Tor exit node to an API endpoint**<br/> (API_AccessFromTorExitNode) | An IP address from the Tor network accessed one of your API endpoints. Tor is a network that allows people to access the Internet while keeping their real IP hidden. Though there are legitimate uses, it is frequently used by attackers to hide their identity when they target people's systems online. | Pre-attack | Medium
 **(Preview) API Endpoint access from suspicious IP**<br/> (API_AccessFromSuspiciousIP) | An IP address accessing one of your API endpoints was identified by Microsoft Threat Intelligence as having a high probability of being a threat. While observing malicious Internet traffic, this IP came up as involved in attacking other online targets.  | Pre-attack | High
 **(Preview) Suspicious User Agent detected**<br/> (API_AccessFromSuspiciousUserAgent) | 

articles/defender-for-cloud/concept-cloud-security-posture-management.md

@@ -17,7 +17,7 @@ Defender for Cloud continually assesses your resources, subscriptions and organi
 - **Foundational CSPM capabilities** - None 
 - **Defender Cloud Security Posture Management (CSPM)** - Agentless scanning requires the **Subscription Owner** to enable the plan. Anyone with a lower level of authorization can enable the Defender CSPM plan but the agentless scanner won't be enabled by default due to lack of permissions. Attack path analysis and security explorer won't be populated with vulnerabilities because the agentless scanner is disabled. 
 
-For commercial and national cloud coverage, review [features supported in different Azure cloud environments](support-matrix-cloud-environment.md)
+For commercial and national cloud coverage, review [features supported in different Azure cloud environments](support-matrix-cloud-environment.md).
 
 
 ## Defender CSPM plan options

articles/defender-for-cloud/defender-for-apis-deploy.md

@@ -1,5 +1,5 @@
 ---
-title: Enable Defender for APIs 
+title: Enable Defender for APIs in Defender for Cloud 
 description: Learn about deploying the Defender for APIs plan in Defender for Cloud
 author: elazark
 ms.author: elkrieger
@@ -26,7 +26,7 @@ This article describes how to deploy the [Microsoft Defender for APIs](defender-
 1. Select the subscription that contains the managed APIs that you want to protect.
 1. In the **APIs** plan, select **On**. Then select **Save**.
 
-    :::image type="content" source="media/defender-for-apis-deploy/enable-plan.png" alt-text="Shows how to turn on the Defender for APIs plan in the portal" lightbox="media/defender-for-apis-deploy/enable-plan.png":::
+    :::image type="content" source="media/defender-for-apis-deploy/enable-plan.png" alt-text="Page that shows how to turn on the Defender for APIs plan in the portal." lightbox="media/defender-for-apis-deploy/enable-plan.png":::
 
 > [!NOTE]
 > After enabling Defender for APIs, onboarded APIs take up to 50 minutes to appear in the **Recommendations** tab. Security insights are available in the **Workload protections** > **API security** dashboard within 40 minutes of onboarding.
@@ -37,7 +37,7 @@ This article describes how to deploy the [Microsoft Defender for APIs](defender-
 1. Search for *Defender for APIs*.
 1. Under **Enable enhanced security features**, select the security recommendation **Azure API Management APIs should be onboarded to Defender for APIs**.
 
-    :::image type="content" source="media/defender-for-apis-deploy/api-recommendations.png" alt-text="Graphic showing how to turn on the Defender for APIs plan from the recommendation." lightbox="media/defender-for-apis-deploy/api-recommendations.png":::
+    :::image type="content" source="media/defender-for-apis-deploy/api-recommendations.png" alt-text="Screenshot showing how to turn on the Defender for APIs plan from the recommendation." lightbox="media/defender-for-apis-deploy/api-recommendations.png":::
 
 
 1. In the recommendation page, you can review the recommendation severity, update interval, description, and remediation steps.
@@ -49,21 +49,21 @@ This article describes how to deploy the [Microsoft Defender for APIs](defender-
 1. In **Unhealthy resources**, select the APIs that you want to protect with Defender for APIs.
 1. Select **Fix**. 
 
-    :::image type="content" source="media/defender-for-apis-deploy/api-recommendation-details.png" alt-text="Graphic showing the recommendation details for turning on the plan." lightbox="media/defender-for-apis-deploy/api-recommendation-details.png":::
+    :::image type="content" source="media/defender-for-apis-deploy/api-recommendation-details.png" alt-text="Screenshot showing the recommendation details for turning on the plan." lightbox="media/defender-for-apis-deploy/api-recommendation-details.png":::
 
 1. In **Fixing resources**, review the selected APIs, and select **Fix resources**.
 
-    :::image type="content" source="media/defender-for-apis-deploy/fix-resources.png" alt-text="Graphic showing how to fix unhealthy resources." lightbox="media/defender-for-apis-deploy/fix-resources.png":::
+    :::image type="content" source="media/defender-for-apis-deploy/fix-resources.png" alt-text="Screenshot showing how to fix unhealthy resources." lightbox="media/defender-for-apis-deploy/fix-resources.png":::
 
 1. Verify that remediation was successful.
 
-    :::image type="content" source="media/defender-for-apis-deploy/fix-resources-confirm.png" alt-text="Graphic confirming that remediation was successful." lightbox="media/defender-for-apis-deploy/fix-resources-confirm.png":::
+    :::image type="content" source="media/defender-for-apis-deploy/fix-resources-confirm.png" alt-text="Screenshot confirming that remediation was successful." lightbox="media/defender-for-apis-deploy/fix-resources-confirm.png":::
 
 ## Track onboarded API resources
 
 After onboarding the API resources, you can track their status in the Defender for Cloud portal > **Workload protections** > **API security**.
 
-:::image type="content" source="media/defender-for-apis-deploy/track-resources.png" alt-text="Graphic showing how to track onboarded API resources." lightbox="media/defender-for-apis-deploy/track-resources.png":::
+:::image type="content" source="media/defender-for-apis-deploy/track-resources.png" alt-text="Screenshot showing how to track onboarded API resources." lightbox="media/defender-for-apis-deploy/track-resources.png":::
 
 
 ## Next steps

articles/defender-for-cloud/defender-for-apis-introduction.md

@@ -1,6 +1,6 @@
 ---
-title: Microsoft Defender for APIs overview
-description: Learn about the benefits and features of Microsoft Defender for APIs
+title: Overview of the Microsoft Defender for APIs plan in Microsoft Defender for Cloud
+description: Learn about the benefits of the Microsoft Defender for APIs plan in Microsoft Defender for Cloud
 ms.date: 04/05/2023
 author: elazark
 ms.author: elkrieger
@@ -35,11 +35,11 @@ Defender for APIs currently provides security for APIs published in Azure API Ma
 
 Review the inventory and security findings for onboarded APIs in the Defender for Cloud API Security dashboard. The dashboard shows the number of onboarded devices, broken down by API collections, endpoints, and Azure API Management services. 
 
-:::image type="content" source="media/defender-for-apis-introduction/inventory.png" alt-text="Page for reviewing the onboarded API inventory":::
+:::image type="content" source="media/defender-for-apis-introduction/inventory.png" alt-text="Screenshot for reviewing the onboarded API inventory.":::
 
 You can drill down into API collection to review security findings for onboarded API endpoints.
 
-:::image type="content" source="media/defender-for-apis-introduction/endpoint-details.png" alt-text="Page for reviewing the API endpoint details":::
+:::image type="content" source="media/defender-for-apis-introduction/endpoint-details.png" alt-text="Screenshot for reviewing the API endpoint details.":::
 
 API endpoint information includes:
 
@@ -81,7 +81,7 @@ Act on recommendations and alerts to mitigate threats and risk. Defender for Clo
 
 **When Defender for APIs is enabled together with the Defender CSPM plan**, you can use Cloud Security Explorer to proactively and efficiently query your organizational information to locate, identify, and remediate API assets, security issues, and risks.
 
-:::image type="content" source="media/defender-for-apis-introduction/cloud-security-explorer.png" alt-text="Page for reviewing API information in Cloud Security Explorer." lightbox="media/defender-for-apis-introduction/cloud-security-explorer.png":::
+:::image type="content" source="media/defender-for-apis-introduction/cloud-security-explorer.png" alt-text="Screenshot for reviewing API information in Cloud Security Explorer." lightbox="media/defender-for-apis-introduction/cloud-security-explorer.png":::
 
 ## Next steps
 

articles/defender-for-cloud/defender-for-apis-manage.md

@@ -1,6 +1,6 @@
 ---
-title: Manage Defender for APIs
-description: Manage your Defender for APIs deployment
+title: Manage the Defender for APIs plan in Microsoft Defender for Cloud
+description: Manage your Defender for APIs deployment in Microsoft Defender for Cloud
 author: elazark
 ms.author: elkrieger
 ms.service: defender-for-cloud
@@ -20,7 +20,7 @@ Defender for APIs is currently in preview.
 1. Select **API security**.
 1. Next to the API you want to offboard from Defender for APIs, select the ellipsis (...) > **Remove**.
 
-    :::image type="content" source="media/defender-for-apis-manage/api-remove.png" alt-text="Page for removing an API from Defender for APIs." lightbox="media/defender-for-apis-manage/api-remove.png":::
+    :::image type="content" source="media/defender-for-apis-manage/api-remove.png" alt-text="Screenshot of review API information in Cloud Security Explorer." lightbox="media/defender-for-apis-manage/api-remove.png":::
 
 
 

articles/defender-for-cloud/defender-for-apis-posture.md

@@ -1,6 +1,6 @@
 ---
-title: Investigate your API security findings and posture
-description: Learn how to analyze your API security alerts and posture with Defender for APIs
+title: Investigate your API security findings and posture in Microsoft Defender for Cloud
+description: Learn how to analyze your API security alerts and posture in Microsoft Defender for Cloud
 author: elazark
 ms.author: elkrieger
 ms.service: defender-for-cloud
@@ -22,17 +22,17 @@ This article describes how to investigate API security findings, alerts, and sec
 1. Select **API security (Preview)**.
 1. In the **API Security** dashboard, select an API collection.
 
-    :::image type="content" source="media/defender-for-apis-posture/api-collection-details.png" alt-text="Graphic showing the onboarded API collections."lightbox="media/defender-for-apis-posture/api-collection-details.png":::
+    :::image type="content" source="media/defender-for-apis-posture/api-collection-details.png" alt-text="Screenshot showing the onboarded API collections."lightbox="media/defender-for-apis-posture/api-collection-details.png":::
 
 1. In the API collection page, to drill down into an API endpoint, select the ellipses (...) > **View resource**.
 
-     :::image type="content" source="media/defender-for-apis-posture/view-resource.png" alt-text="Graphic showing API endpoint details." lightbox="media/defender-for-apis-posture/view-resource.png":::
+     :::image type="content" source="media/defender-for-apis-posture/view-resource.png" alt-text="Screenshot showing API endpoint details." lightbox="media/defender-for-apis-posture/view-resource.png":::
 
 1. In the **Resource health** page, review the endpoint settings.
 1. In the **Recommendations** tab, review recommendation details and status.
 1. In the **Alerts** tab review security alerts for the endpoint. Defender for Endpoint monitors API traffic to and from endpoints, to provide runtime protection against suspicious behavior and malicious attacks.
 
-    :::image type="content" source="media/defender-for-apis-posture/resource-health.png" alt-text="Graphic showing the health of an endpoint." lightbox="media/defender-for-apis-posture/resource-health.png":::
+    :::image type="content" source="media/defender-for-apis-posture/resource-health.png" alt-text="Screenshot showing the health of an endpoint." lightbox="media/defender-for-apis-posture/resource-health.png":::
 
 ## Create sample security alerts
 
@@ -56,7 +56,7 @@ When the Defender CSPM plan is enabled together with Defender for APIs, you can
 
     Alternatively, you can select the predefined query **Unauthenticated API endpoints containing sensitive data are outside the virtual network** > **Open query**. The query returns all unauthenticated API endpoints that contain sensitive data and aren't part of the Azure API management network.
 
-    :::image type="content" source="media/defender-for-apis-posture/predefined-query.png" alt-text="Page showing predefined API query":::
+    :::image type="content" source="media/defender-for-apis-posture/predefined-query.png" alt-text="Screenshot showing a predefined API query.":::
 
 
 ## Next steps

articles/defender-for-cloud/defender-for-apis-prepare.md

@@ -1,11 +1,12 @@
 ---
-title: Support and prerequisites for Defender for APIs deployment
-description: Learn about the requirements for Defender for APIs deployment
+title: Support and prerequisites for deploying the Defender for APIs plan in Microsoft Defender for Cloud
+description: Learn about the requirements for Defender for APIs deployment in Microsoft Defender for Cloud
 author: elazark
 ms.author: elkrieger
 ms.service: defender-for-cloud
 ms.topic: conceptual
 ms.date: 03/23/2023
+ms.custom: references_regions
 ---
 # Support and prerequisites for Defender for APIs deployment