Merge pull request #276015 from dcurwin/fix-formatting-may22-2024

v-dirichards · web-flow · commit 09799b391a57 · 2024-05-22T09:20:56.000-05:00
Fix formatting
diff --git a/articles/defender-for-cloud/remediate-server-secrets.md b/articles/defender-for-cloud/remediate-server-secrets.md
@@ -12,7 +12,6 @@ Microsoft Defender for Cloud provides secrets scanning for virtual machines (VMs
 
 This article helps you to identify and remediate security risks with VM secrets.
 
-
 ## Prerequisites
 
 - An Azure account. If you don't already have an Azure account, you can [create your Azure free account today](https://azure.microsoft.com/free/).
@@ -25,12 +24,9 @@ This article helps you to identify and remediate security risks with VM secrets.
 
 - [Agentless machine scanning](enable-vulnerability-assessment-agentless.md#enabling-agentless-scanning-for-machines) must be enabled. Learn more about [agentless scanning](concept-agentless-data-collection.md#availability).
 
-
-
 ## Remediate secrets with attack paths
 
-Attack path analysis is a graph-based algorithm that scans your [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph) to expose exploitable paths that attackers might use to reach high-impact assets. Defender for Cloud provides a number of attack paths scenarios for VM secrets.
-
+Attack path analysis is a graph-based algorithm that scans your [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph) to expose exploitable paths that attackers might use to reach high-impact assets. Defender for Cloud provides several attack paths scenarios for VM secrets.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -46,7 +42,6 @@ Attack path analysis is a graph-based algorithm that scans your [cloud security
 
 If a secret is found on your resource, that resource triggers an affiliated recommendation that is located under the Remediate vulnerabilities security control on the Recommendations page. Defender for Cloud provides a [number of VM secrets security recommendations](secrets-scanning-servers.md#security-recommendations).
 
-
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
 1. Navigate to **Microsoft Defender for Cloud** > **Recommendations**.
@@ -65,21 +60,20 @@ If a secret is found on your resource, that resource triggers an affiliated reco
 
 1. In the Findings section, select a secret to view detailed information about the secret.
 
-    :::image type="content" source="media/secret-scanning/select-findings.png" alt-text="Screenshot that shows the detailed information of a secret after you have selected the secret in the findings section." lightbox="media/secret-scanning/select-findings.png":::
+    :::image type="content" source="media/secret-scanning/select-findings.png" alt-text="Screenshot that shows the detailed information of a secret after you selected the secret in the findings section." lightbox="media/secret-scanning/select-findings.png":::
 
 1. Expand **Remediation steps** and follow the listed steps.
 
 1. Expand **Affected resources** to review the resources affected by this secret.
 
-1. (Optional) You can select an affected resource to see that resource's information.
+1. (Optional) You can select an affected resource to see the resource's information.
 
 Secrets that don't have a known attack path are referred to as `secrets without an identified target resource`.
 
 ## Remediate secrets with cloud security explorer
 
 The [cloud security explorer](concept-attack-path.md#what-is-cloud-security-explorer) enables you to proactively identify potential security risks within your cloud environment. It does so by querying the [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph), which is the context engine of Defender for Cloud. Cloud security explorer provides a [number of query templates](secrets-scanning-servers.md#) for investigating VM secrets issues.
 
-
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
 1. Navigate to **Microsoft Defender for Cloud** > **Cloud Security Explorer**.
@@ -94,8 +88,7 @@ If you don't want to use any of the available templates, you can also [build you
 
 ## Remediate secrets in the asset inventory
 
-Your [asset inventory](asset-inventory.md) shows the [security posture](concept-cloud-security-posture-management.md) of the resources you've connected to Defender for Cloud. You can view the secrets discovered on a specific machine.
-
+Your [asset inventory](asset-inventory.md) shows the [security posture](concept-cloud-security-posture-management.md) of the resources you connected to Defender for Cloud. You can view the secrets discovered on a specific machine.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -110,4 +103,3 @@ Your [asset inventory](asset-inventory.md) shows the [security posture](concept-
 1. Select a secret to view extra details of that secret.
 
 Different types of secrets have different sets of additional information. For example, for plaintext SSH private keys, the information includes related public keys (mapping between the private key to the authorized keys’ file we discovered or mapping to a different virtual machine that contains the same SSH private key identifier).
-
diff --git a/articles/defender-for-cloud/secrets-scanning.md b/articles/defender-for-cloud/secrets-scanning.md
@@ -23,12 +23,10 @@ Defender for Cloud provides secrets scanning for virtual machines, and for cloud
 - **Cloud deployments**: Agentless secrets scanning across multicloud infrastructure-as-code deployment resources.
 - **Azure DevOps**: [Scanning to discover exposed secrets in Azure DevOps](defender-for-devops-introduction.md).
 
-
-
-
 ## Deploying secrets scanning
 
 Secrets scanning is provided as a feature in Defender for Cloud plans:
+
 - **VM scanning**: Provided with Defender for Cloud Security Posture Management (CSPM) plan, or with Defender for Servers Plan 2.
 - **Cloud deployment resource scanning** Provided with Defender CSPM.
 - **DevOps scanning**: Provided with Defender CSPM.
@@ -46,69 +44,64 @@ You can review and investigate the security findings for secrets in a couple of
 
 Defender for Cloud supports discovery of the types of secrets summarized in the table.
 
-
-**Secrets type** |	**VM secrets discovery** |	**Cloud deployment secrets discovery** |	**Review location**
+**Secrets type** | **VM secrets discovery** | **Cloud deployment secrets discovery** | **Review location**
 --- | --- | --- | ---
-Insecure SSH private keys<br/>Supports RSA algorithm for PuTTy files.<br/>PKCS#8 and PKCS#1 standards<br/>OpenSSH standard |Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure SQL connection strings support SQL PAAS.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure database for PostgreSQL.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure database for MySQL.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure database for MariaDB.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure Cosmos DB, including PostgreSQL, MySQL and MariaDB.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext AWS RDS connection string supports SQL PAAS:<br/>Plaintext Amazon Aurora with Postgres and MySQL flavors.<br/>Plaintext Amazon custom RDS with Oracle and SQL Server flavors.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure storage account connection strings|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure storage account connection strings.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure storage account SAS tokens.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext AWS access keys.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext AWS S3 presigned URL. |Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Google storage signed URL. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure AD Client Secret. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure DevOps Personal Access Token. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext GitHub Personal Access Token.|Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure App Configuration Access Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Cognitive Service Key.|Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure AD User Credentials. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Container Registry Access Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure App Service Deployment Password. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Databricks Personal Access Token. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure SignalR Access Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure API Management Subscription Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Bot Framework Secret Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Machine Learning Web Service API Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Communication Services Access Key.|Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Event Grid Access Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Amazon Marketplace Web Service (MWS) Access Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Maps Subscription Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Web PubSub Access Key.|Yes	|Yes | Inventory, cloud security explorer.
-Plaintext OpenAI API Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Batch Shared Access Key. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext NPM Author Token. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Subscription Management Certificate. |Yes	|Yes | Inventory, cloud security explorer.
-Plaintext GCP API Key. |No	|Yes | Inventory, cloud security explorer.
-Plaintext AWS Redshift credentials.|No	|Yes | Inventory, cloud security explorer.
-Plaintext Private key.|No	|Yes | Inventory, cloud security explorer.
-Plaintext ODBC connection string.|No	|Yes | Inventory, cloud security explorer.
-Plaintext General password.|No	|Yes | Inventory, cloud security explorer.
-Plaintext User login credentials.|No	|Yes | Inventory, cloud security explorer.
-Plaintext Travis personal token.|No	|Yes | Inventory, cloud security explorer.
-Plaintext Slack access token. |No	|Yes | Inventory, cloud security explorer.
-Plaintext ASP.NET Machine Key.|No	|Yes | Inventory, cloud security explorer.
-Plaintext HTTP Authorization Header. |No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Redis Cache password. |No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure IoT Shared Access Key. |No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure DevOps App Secret.|No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Function API Key. |No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Shared Access Key. |No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Logic App Shared Access Signature. |No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Active Directory Access Token.|No	|Yes | Inventory, cloud security explorer.
-Plaintext Azure Service Bus Shared Access Signature.|No	|Yes | Inventory, cloud security explorer.
-
-
-
+Insecure SSH private keys<br/>Supports RSA algorithm for PuTTy files.<br/>PKCS#8 and PKCS#1 standards<br/>OpenSSH standard |Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure SQL connection strings support SQL PAAS.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure database for PostgreSQL.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure database for MySQL.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure database for MariaDB.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure Cosmos DB, including PostgreSQL, MySQL and MariaDB.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext AWS RDS connection string supports SQL PAAS:<br/>Plaintext Amazon Aurora with Postgres and MySQL flavors.<br/>Plaintext Amazon custom RDS with Oracle and SQL Server flavors.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure storage account connection strings|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure storage account connection strings.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure storage account SAS tokens.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext AWS access keys.|Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext AWS S3 presigned URL. |Yes |Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Google storage signed URL. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure AD Client Secret. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure DevOps Personal Access Token. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext GitHub Personal Access Token.|Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure App Configuration Access Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Cognitive Service Key.|Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure AD User Credentials. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Container Registry Access Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure App Service Deployment Password. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Databricks Personal Access Token. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure SignalR Access Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure API Management Subscription Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Bot Framework Secret Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Machine Learning Web Service API Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Communication Services Access Key.|Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Event Grid Access Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Amazon Marketplace Web Service (MWS) Access Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Maps Subscription Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Web PubSub Access Key.|Yes |Yes | Inventory, cloud security explorer.
+Plaintext OpenAI API Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Batch Shared Access Key. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext NPM Author Token. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext Azure Subscription Management Certificate. |Yes |Yes | Inventory, cloud security explorer.
+Plaintext GCP API Key. |No |Yes | Inventory, cloud security explorer.
+Plaintext AWS Redshift credentials.|No |Yes | Inventory, cloud security explorer.
+Plaintext Private key.|No |Yes | Inventory, cloud security explorer.
+Plaintext ODBC connection string.|No |Yes | Inventory, cloud security explorer.
+Plaintext General password.|No |Yes | Inventory, cloud security explorer.
+Plaintext User login credentials.|No |Yes | Inventory, cloud security explorer.
+Plaintext Travis personal token.|No |Yes | Inventory, cloud security explorer.
+Plaintext Slack access token. |No |Yes | Inventory, cloud security explorer.
+Plaintext ASP.NET Machine Key.|No |Yes | Inventory, cloud security explorer.
+Plaintext HTTP Authorization Header. |No |Yes | Inventory, cloud security explorer.
+Plaintext Azure Redis Cache password. |No |Yes | Inventory, cloud security explorer.
+Plaintext Azure IoT Shared Access Key. |No |Yes | Inventory, cloud security explorer.
+Plaintext Azure DevOps App Secret.|No |Yes | Inventory, cloud security explorer.
+Plaintext Azure Function API Key. |No |Yes | Inventory, cloud security explorer.
+Plaintext Azure Shared Access Key. |No |Yes | Inventory, cloud security explorer.
+Plaintext Azure Logic App Shared Access Signature. |No |Yes | Inventory, cloud security explorer.
+Plaintext Azure Active Directory Access Token.|No |Yes | Inventory, cloud security explorer.
+Plaintext Azure Service Bus Shared Access Signature.|No |Yes | Inventory, cloud security explorer.
 
 ## Related content
+
 - [VM secrets scanning](secrets-scanning-servers.md).
 - [Cloud deployment secrets scanning](secrets-scanning-cloud-deployment.md)
 - [Azure DevOps scanning](devops-support.md)
-
-
diff --git a/articles/defender-for-cloud/security-policy-concept.md b/articles/defender-for-cloud/security-policy-concept.md
@@ -69,8 +69,7 @@ Every recommendation in Defender for Cloud has an associated risk level that rep
 
 The MCSB standard is an Azure Policy initiative that includes multiple compliance controls. One of these controls is "Storage accounts should restrict network access using virtual network rules."
 
-As Defender for Cloud continually assesses and finds resources that don't satisfy this control, it marks the resources as noncompliant and triggers a recommendation. In this case, guidance is to harden Azure Storage accounts that aren't protected with virtual network rules.
-
+Defender for Cloud continuously assesses resources. If it finds any that don’t satisfy this control, it marks them as noncompliant and triggers a recommendation. In this case, guidance is to harden Azure Storage accounts that aren't protected with virtual network rules.
 
 ## Next steps
 
