Merge pull request #224648 from MicrosoftDocs/main

Publish to live, Sunday 4PM PST, 1/22

Author: v-lmcdonald

.openpublishing.redirection.defender-for-iot.json

@@ -654,6 +654,11 @@
             "redirect_url": "/azure/defender-for-iot/device-builders/tutorial-standalone-agent-binary-installation",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-connect-sensor-by-proxy.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/connect-sensors",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/references-defender-for-iot-glossary.md",
             "redirect_url": "/azure/defender-for-iot/organizations/overview",

articles/cost-management-billing/costs/enable-preview-features-cost-management-labs.md

@@ -71,7 +71,7 @@ Cost analysis is your tool for interactive analytics and insights. You've seen t
 
 The first time you open the cost analysis preview, you'll see a list of all views. When you return, you'll see a list of the recently used views to help you get back to where you left off quicker than ever. You can pin any view or even rename or subscribe to alerts for your saved views.
 
-The recent and pinned views can be enabled from the [Try preview](https://aka.ms/costmgmt/trypreview) page in the Azure portal. Use the **How would you rate the cost analysis preview?** option at the bottom of the page to share feedback about the preview.
+**Recent and pinned views are available by default in the cost analysis preview.** Use the **How would you rate the cost analysis preview?** option at the bottom of the page to share feedback.
 
 
 <a name="aksnestedtable"></a>

articles/defender-for-cloud/custom-security-policies.md

@@ -3,7 +3,7 @@ title: Create custom Azure security policies in Microsoft Defender for Cloud
 description: Azure custom policy definitions monitored by Microsoft Defender for Cloud.
 ms.topic: how-to
 ms.custom: ignite-2022
-ms.date: 07/20/2022
+ms.date: 01/22/2023
 zone_pivot_groups: manage-asc-initiatives
 ---
 
@@ -35,26 +35,36 @@ You can view your custom initiatives organized by controls, similar to the contr
 
     :::image type="content" source="media/custom-security-policies/accessing-security-policy-page.png" alt-text="Screenshot of accessing the security policy page in Microsoft Defender for Cloud." lightbox="media/custom-security-policies/accessing-security-policy-page.png":::
 
-1. In the Add custom initiatives page, review the list of custom policies already created in your organization.
+1. Review the list of custom policies already created in your organization, and select **Add** to assign a policy to your subscription.
 
-    - If you see one you want to assign to your subscription, select **Add**. 
-    - If there isn't an initiative in the list that meets your needs, create a new custom initiative:
+If there isn't an initiative in the list that meets your needs, you can create one.
 
-        1. Select **Create new**.
-        1. Enter the definition's location and name.
-        1. Select the policies to include and select **Add**.
-        1. Enter any desired parameters.
-        1. Select **Save**.
-        1. In the Add custom initiatives page, select refresh. Your new initiative will be available.
-        1. Select **Add** and assign it to your subscription.
+**To create a new custom initiative**:
+
+1. Select **Create new**.
+
+1. Enter the definition's location and custom name.
+
+    > [!NOTE]
+    > Custom initiatives shouldn't have the same name as other initiatives (custom or built-in). If you create a custom initiative with the the same name, it will cause a conflict in the information displayed in the dashboard.
+
+1. Select the policies to include and select **Add**.
+
+1. Enter any desired parameters.
+
+1. Select **Save**.
+
+1. In the Add custom initiatives page, select refresh. Your new initiative will be available.
+
+1. Select **Add** and assign it to your subscription.
 
     ![Create or add a policy.](media/custom-security-policies/create-or-add-custom-policy.png)
 
 
     > [!NOTE]
     > Creating new initiatives requires subscription owner credentials. For more information about Azure roles, see [Permissions in Microsoft Defender for Cloud](permissions.md).
 
-    Your new initiative takes effect and you can see the impact in the following two ways:
+    Your new initiative takes effect and you can see the results in the following two ways:
 
     * From the Defender for Cloud menu, select **Regulatory compliance**. The compliance dashboard opens to show your new custom initiative alongside the built-in initiatives.
 
@@ -250,7 +260,7 @@ The metadata should be added to the policy definition for a policy that is part
     },
 ```
 
-Below is an example of a custom policy including the metadata/securityCenter property:
+Here's another example of a custom policy including the metadata/securityCenter property:
 
   ```json
   {

articles/defender-for-cloud/governance-rules.md

@@ -90,6 +90,10 @@ If there are existing recommendations that match the definition of the governanc
 > -	Create and apply rules on multiple scopes at once using management scopes cross cloud.
 > -	Check effective rules on selected scope using the scope filter.
 
+To view the effect rules on specific scope, use the “scope” filter and select a desired scope.
+
+Conflicting rules are applied in priority order. For example, rules on a management scope, (Azure management groups, AWS master accents and GCP organizations) take effect before rules on scopes (for example, Azure subscriptions, AWS accounts, or GCP projects). 
+
 ## Manually assigning owners and due dates for recommendation remediation
 
 For every resource affected by a recommendation, you can assign an owner and a due date so that you know who needs to implement the security changes to improve your security posture and when they're expected to do it by. You can also apply a grace period so that the resources that are given a due date don't impact your secure score unless they become overdue.

articles/defender-for-cloud/media/custom-security-policies/accessing-security-policy-page.png

@@ -217,9 +217,6 @@
       items:
       - name: Connect OT sensors to Defender for IoT
         href: connect-sensors.md
-        displayName: proxy
-      - name: Connect OT sensors with a proxy (legacy)
-        href: how-to-connect-sensor-by-proxy.md
     - name: Activate and set up your on-premises management console
       href: how-to-activate-and-set-up-your-on-premises-management-console.md
       displayName: sites, zones

articles/defender-for-iot/organizations/TOC.yml

@@ -95,8 +95,6 @@ For more information, see the [Microsoft Defender for IoT for device builders do
 
 Defender for IoT routes all traffic from all European regions to the *West Europe* regional datacenter. It routes traffic from all remaining regions to the *East US* regional datacenter.
 
-If you're using Defender for IoT OT monitoring software earlier than [22.1](release-notes.md#versions-222x) and are connecting through your own IoT Hub, the IoT Hub supported regions are also relevant for your organization. For more information, see [IoT Hub supported regions](https://azure.microsoft.com/global-infrastructure/services/?products=iot-hub).
-
 ## Next steps
 
 > [!div class="nextstepaction"]

articles/defender-for-iot/organizations/how-to-connect-sensor-by-proxy.md

@@ -2,9 +2,9 @@
 title: Develop secure applications on Microsoft Azure
 description: This article discusses best practices to consider during the implementation and verification phases of your web application project.
 author: TerryLanfear
-manager: barbkess
+manager: rkarlin
 ms.author: terrylan
-ms.date: 03/21/2021
+ms.date: 01/22/2023
 ms.topic: article
 ms.service: security
 ms.subservice: security-develop
@@ -96,7 +96,7 @@ If the application must autogenerate passwords, ensure that the generated passwo
 
 If your application allows [file uploads](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload), consider precautions that you can take for this risky activity. The first step in many attacks is to get some malicious code into a system that is under attack. Using a file upload helps the attacker accomplish this. OWASP offers solutions for validating a file to ensure that the file you're uploading is safe.
 
-Antimalware protection helps identify and remove viruses, spyware, and other malicious software. You can install [Microsoft Antimalware](../fundamentals/antimalware.md) or a Microsoft partner's endpoint protection solution ([Trend Micro](https://www.trendmicro.com/azure/), [Broadcom](https://www.broadcom.com/products), [McAfee](https://www.mcafee.com/us/products.aspx), [Windows Defender](/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10), and [Endpoint Protection](/configmgr/protect/deploy-use/endpoint-protection)).
+Antimalware protection helps identify and remove viruses, spyware, and other malicious software. You can install [Microsoft Antimalware](../fundamentals/antimalware.md) or a Microsoft partner's endpoint protection solution ([Trend Micro](https://www.trendmicro.com/azure/), [Broadcom](https://www.broadcom.com/products), [McAfee](https://www.mcafee.com/us/products.aspx), [Microsoft Defender Antivirus in Windows](/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10), and [Endpoint Protection](/configmgr/protect/deploy-use/endpoint-protection)).
 
 [Microsoft Antimalware](../fundamentals/antimalware.md) includes features like real-time protection, scheduled scanning, malware remediation, signature updates, engine updates, samples reporting, and exclusion event collection. You can integrate Microsoft Antimalware and partner solutions with [Microsoft Defender for Cloud](../../security-center/security-center-partner-integration.md) for ease of deployment and built-in detections (alerts and incidents).
 
@@ -130,15 +130,15 @@ In [fuzz testing](https://www.microsoft.com/security/blog/2007/09/20/fuzz-testin
 
 Reviewing the attack surface after code completion helps ensure that any design or implementation changes to an application or system has been considered. It helps ensure that any new attack vectors that were created as a result of the changes, including threat models, has been reviewed and mitigated.
 
-You can build a picture of the attack surface by scanning the application. Microsoft offers an attack surface analysis tool called [Attack Surface Analyzer](https://www.microsoft.com/download/details.aspx?id=58105). You can choose from many commercial dynamic testing and vulnerability scanning tools or services, including [OWASP Zed Attack Proxy Project](https://owasp.org/www-project-zap/), [Arachni](http://arachni-scanner.com/), [Skipfish](https://code.google.com/p/skipfish/), and [w3af](http://w3af.sourceforge.net/). These scanning tools crawl your app and map the parts of the application that are accessible over the web. You can also search the Azure Marketplace for similar [developer tools](https://azuremarketplace.microsoft.com/marketplace/apps/category/developer-tools?page=1).
+You can build a picture of the attack surface by scanning the application. Microsoft offers an attack surface analysis tool called [Attack Surface Analyzer](https://www.microsoft.com/download/details.aspx?id=58105). You can choose from many commercial dynamic testing and vulnerability scanning tools or services, including [OWASP Zed Attack Proxy Project](https://owasp.org/www-project-zap/), [Arachni](http://arachni-scanner.com/), and [w3af](http://w3af.sourceforge.net/). These scanning tools crawl your app and map the parts of the application that are accessible over the web. You can also search the Azure Marketplace for similar [developer tools](https://azuremarketplace.microsoft.com/marketplace/apps/category/developer-tools?page=1).
 
 ### Perform security penetration testing
 
 Ensuring that your application is secure is as important as testing any other functionality. Make [penetration testing](../fundamentals/pen-testing.md) a standard part of the build and deployment process. Schedule regular security tests and vulnerability scanning on deployed applications, and monitor for open ports, endpoints, and attacks.
 
 ### Run security verification tests
 
-[Secure DevOps Kit for Azure](https://github.com/azsk/AzTS-docs/#readme) (AzSK) contains SVTs for multiple services of the Azure platform. You run these SVTs periodically to ensure that your Azure subscription and the different resources that comprise your application are in a secure state. You can also automate these tests by using the continuous integration/continuous deployment (CI/CD) extensions feature of AzSK, which makes SVTs available as a Visual Studio extension.
+[Azure Tenant Security Solution (AzTS)](https://github.com/azsk/AzTS-docs/#readme) from the Secure DevOps Kit for Azure (AzSK) contains SVTs for multiple services of the Azure platform. You run these SVTs periodically to ensure that your Azure subscription and the different resources that comprise your application are in a secure state. You can also automate these tests by using the continuous integration/continuous deployment (CI/CD) extensions feature of AzSK, which makes SVTs available as a Visual Studio extension.
 
 ## Next steps