Merge pull request #225481 from AlizaBernstein/WI-60886-MDC-security-explorer-new-experience

WI-60886 cloud security explorer new experience

Author: ttorble

articles/defender-for-cloud/how-to-manage-cloud-security-explorer.md

@@ -4,77 +4,89 @@ titleSuffix: Defender for Cloud
 description: Learn how to build queries in cloud security explorer to find vulnerabilities that exist on your multicloud environment.
 ms.topic: how-to
 ms.custom: ignite-2022
-ms.date: 01/24/2023
+ms.date: 02/07/2023
 ---
 
 # Cloud security explorer
 
-Defender for Cloud's contextual security capabilities assists security teams in the reduction of the risk of impactful breaches. Defender for Cloud uses environmental context to perform a risk assessment of your security issues, and identifies the biggest security risks and distinguishes them from less risky issues.
+Defender for Cloud's contextual security capabilities assist security teams in reducing the risk of impactful breaches. Defender for Cloud uses environmental context to perform a risk assessment of your security issues, identifies the biggest security risks, and distinguishes them from less risky issues.
 
-By using the cloud security explorer, you can proactively identify security risks in your cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine. You can prioritize your security team's concerns, while taking your organization's specific context and conventions into account.  
+Use the cloud security explorer, to proactively identify security risks in your cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine. You can prioritize your security team's concerns, while taking your organization's specific context and conventions into account.  
 
-With the cloud security explorer, you can query all of your security issues and environment context such as assets inventory, exposure to internet, permissions, lateral movement between resources and more.
+With the cloud security explorer, you can query all of your security issues and environment context such as assets inventory, exposure to internet, permissions, and lateral movement between resources and across multiple clouds (Azure and AWS).
 
-Learn more about [the cloud security graph, attack path analysis, and the cloud security explorer?](concept-attack-path.md).
+Learn more about [the cloud security graph, attack path analysis, and the cloud security explorer](concept-attack-path.md).
 
-## Availability
+## Prerequisites
 
-| Aspect | Details |
-|--|--|
-| Release state | Preview |
-| Prerequisite | - [Enable agentless scanning](enable-vulnerability-assessment-agentless.md) <br> - [Enable Defender for CSPM](enable-enhanced-security.md) <br> - [Enable Defender for Containers](defender-for-containers-enable.md), and install the relevant agents in order to view attack paths that are related to containers. This will also give you the ability to [query](how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) containers data plane workloads in security explorer. |
-| Required plans | - Defender Cloud Security Posture Management (CSPM) enabled |
-| Required roles and permissions: | - **Security Reader** <br> - **Security Admin** <br> - **Reader** <br> - **Contributor** <br> - **Owner** |
-| Clouds: | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds (Azure, AWS) <br>:::image type="icon" source="./media/icons/no-icon.png"::: Commercial clouds (GCP) <br>:::image type="icon" source="./media/icons/no-icon.png"::: National (Azure Government, Azure China 21Vianet) |
+- You must [enable agentless scanning](enable-vulnerability-assessment-agentless.md).
+
+- You must [enable Defender for CSPM](enable-enhanced-security.md).
+
+- You must [enable Defender for Containers](defender-for-containers-enable.md), and install the relevant agents in order to view attack paths that are related to containers. 
+
+    When you enable Defender for Containers, you also gain the ability to [query](how-to-manage-cloud-security-explorer.md#build-a-query-with-the-cloud-security-explorer) containers data plane workloads in the security explorer. 
+
+- Required roles and permissions: 
+    - Security Reader
+    - Security Admin
+    - Reader
+    - Contributor
+    - Owner
+
+Check the [cloud availability tables](supported-machines-endpoint-solutions-clouds-servers.md) to see which government and cloud environments are supported.
 
 ## Build a query with the cloud security explorer
 
-You can use the cloud security explorer to build queries that can proactively hunt for security risks in your environments. 
+The cloud security explorer allows you to build queries that can proactively hunt for security risks in your environments with dynamic and efficient features such as:
+
+- **Multi-cloud and multi-resource queries** - The entity selection control filters are grouped and combined into logical control categories to assist you in building queries across cloud environments and across resources simultaneously.
+
+- **Custom Search** - Use the dropdown menus to apply filters to build your query.
+
+- **Query templates** -  Use any of the available pre-built query templates to more efficiently build your query.
+
+- **Share query link** - Copy and share a link of your query with other people.
 
 **To build a query**:
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
 1. Navigate to **Microsoft Defender for Cloud** > **Cloud Security Explorer**.
 
-    :::image type="content" source="media/concept-cloud-map/cloud-security-explorer.png" alt-text="Screenshot of the cloud security explorer page." lightbox="media/concept-cloud-map/cloud-security-explorer.png":::
+    :::image type="content" source="media/concept-cloud-map/cloud-security-explorer-main-page.png" alt-text="Screenshot of the cloud security explorer page." lightbox="media/concept-cloud-map/cloud-security-explorer-main-page.png":::
 
-1. Select a resource from the drop-down menu.
+1. Search for and select a resource from the drop-down menu. 
 
-    :::image type="content" source="media/how-to-manage-cloud-security/select-resource.png" alt-text="Screenshot of the resource drop-down menu.":::
+      :::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-select-resource.png" alt-text="Screenshot of the resource drop-down menu." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-select-resource.png":::
 
-1. Select **+** to add other filters to your query. For each filter selected you can add more subfilters as needed.
+1. Select **+** to add other filters to your query.
+    
+    :::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-query-search.png" alt-text="Screenshot that shows a full query and where to select on the screen to perform the search." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-query-search.png":::
 
-1. Select **Search**.
+1. Add subfilters as needed.
 
-    :::image type="content" source="media/how-to-manage-cloud-security/search-query.png" alt-text="Screenshot that shows a full query and where to select on the screen to perform the search.":::
+1. After building your query, select **Search** to run the query.
 
-The results will populate on the bottom of the page.
+    :::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-query-search-populated.png" alt-text="Screenshot that shows where to select search to run the query and results populated." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-query-search-populated.png":::
 
 ## Query templates
 
-You can select an existing query template from the bottom of the page by selecting **Open query**.
-
-:::image type="content" source="media/how-to-manage-cloud-security/query-template.png" alt-text="Screenshot that shows you where the query templates are located.":::
-
-You can alter any template to search for specific results by changing the query and selecting search.
+Query templates are pre-formatted searches using commonly used filters. Use one of the existing query templates from the bottom of the page by selecting **Open query**.
 
-## Query options
+:::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-query-templates.png" alt-text="Screenshot that shows you the location of the query templates." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-query-templates.png":::
 
-The following information can be queried in the cloud security explorer:
+You can modify any template to search for specific results by changing the query and selecting **Search**.
 
-- **Recommendations** - All Defender for Cloud security recommendations.
 
-- **Vulnerabilities** - All vulnerabilities found by Defender for Cloud.
+## Share a query
 
-- **Insights** - Contextual data about your cloud resources.  
-        
-- **Connections** - Connections that are identified between cloud resources in your environment.
+Use the query link to share a query with other people. After creating a query, select **Share query link**. The link is copied to your clipboard.
 
-You can review the [full list of recommendations, insights and connections](attack-path-reference.md). 
+:::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-share-query.png" alt-text="Screenshot showing the Share Query Link icon." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-share-query.png":::
 
 ## Next steps
 
-View the [reference list of attack paths and cloud security graph components](attack-path-reference.md)
+View the [reference list of attack paths and cloud security graph components](attack-path-reference.md).
 
-Learn about the [Defender CSPM plan options](concept-cloud-security-posture-management.md#defender-cspm-plan-options)
+Learn about the [Defender CSPM plan options](concept-cloud-security-posture-management.md#defender-cspm-plan-options).

articles/defender-for-cloud/media/concept-cloud-map/cloud-security-explorer-main-page.png

@@ -2,7 +2,7 @@
 title: Release notes for Microsoft Defender for Cloud
 description: A description of what's new and changed in Microsoft Defender for Cloud
 ms.topic: overview
-ms.date: 02/09/2023
+ms.date: 02/13/2023
 ---
 
 # What's new in Microsoft Defender for Cloud?
@@ -20,10 +20,17 @@ To learn about *planned* changes that are coming soon to Defender for Cloud, see
 
 Updates in February include:
 
+- [Enhanced Cloud Security Explorer](#enhanced-cloud-security-explorer) 
 - [Recommendation to find vulnerabilities in running container images for Linux released for General Availability (GA)](#recommendation-to-find-vulnerabilities-in-running-container-images-released-for-general-availability-ga)
 - [Announcing support for the AWS CIS 1.5.0 compliance standard](#announcing-support-for-the-aws-cis-150-compliance-standard)
 - [Microsoft Defender for DevOps (preview) is now available in other regions](#microsoft-defender-for-devops-preview-is-now-available-in-other-regions)
 
+### Enhanced Cloud Security Explorer
+
+An improved version of the cloud security explorer includes a refreshed user experience that removes query friction dramatically, added the ability to run multicloud and multi-resource queries, and embedded documentation for each query option.
+
+The Cloud Security Explorer now allows you to run cloud-abstract queries across resources. You can use either the pre-built query templates or use the custom search to apply filters to build your query. Learn [how to manage Cloud Security Explorer](how-to-manage-cloud-security-explorer.md).
+
 ### Recommendation to find vulnerabilities in running container images released for General Availability (GA)
 
 The [Running container images should have vulnerability findings resolved](defender-for-containers-vulnerability-assessment-azure.md#view-vulnerabilities-for-images-running-on-your-aks-clusters) recommendation for Linux is now GA. The recommendation is used to identify unhealthy resources and is included in the calculations of your secure score.