Move FAQs to concepts

Author: bmansheim

articles/defender-for-cloud/TOC.yml

@@ -13,6 +13,18 @@
   - name: Important upcoming changes
     displayName: release notes, changelog, news
     href: upcoming-changes.md
+  - name: Common questions
+    items:
+    - name: General questions
+      href: faq-general.yml
+    - name: Permissions questions
+      href: faq-permissions.yml
+    - name: Data collection and agent questions
+      href: faq-data-collection-agents.yml
+    - name: Azure Virtual Machines questions
+      href: faq-vms.yml
+    - name: Azure Log Analytics questions
+      href: faq-azure-monitor-logs.yml
 
 - name: Quickstarts
   items:
@@ -568,18 +580,6 @@
     href: /rest/api/defenderforcloud/
   - name: Security baseline
     href: /security/benchmark/azure/baselines/security-center-security-baseline?toc=/azure/defender-for-cloud/TOC.json
-  - name: FAQ for Microsoft Defender for Cloud
-    items:
-    - name: General questions
-      href: faq-general.yml
-    - name: Permissions questions
-      href: faq-permissions.yml
-    - name: Data collection and agent questions
-      href: faq-data-collection-agents.yml
-    - name: Virtual Machines questions
-      href: faq-vms.yml
-    - name: Existing users of Azure Log Analytics
-      href: faq-azure-monitor-logs.yml
   - name: Azure Policy built-ins
     displayName: samples, policy
     href: policy-reference.md

articles/defender-for-cloud/alerts-overview.md

@@ -14,7 +14,7 @@ This article describes security alerts and notifications in Microsoft Defender f
 ## What are security alerts?
 Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.
 
-- Security alerts are triggered by advanced detections in Defender for Cloud, and are available when you enable Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp).
+- Security alerts are triggered by advanced detections in Defender for Cloud, and are available when you enable Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).
 - Each alert provides details of affected resources, issues, and remediation recommendations.
 - Defender for Cloud classifies alerts and prioritizes them by severity in the Defender for Cloud portal.
 - Alerts data is retained for 90 days.

articles/defender-for-cloud/alerts-schemas.md

@@ -9,7 +9,7 @@ ms.date: 11/09/2021
 
 # Security alerts schemas
 
-If your subscription has Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp) enabled, you'll receive security alerts when Defender for Cloud detects threats to their resources.
+If your subscription has Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) enabled, you'll receive security alerts when Defender for Cloud detects threats to their resources.
 
 You can view these security alerts in Microsoft Defender for Cloud's pages - [overview dashboard](overview-page.md), [alerts](tutorial-security-incident.md), [resource health pages](investigate-resource-health.md), or [workload protections dashboard](workload-protections-dashboard.md) - and through external tools such as:
 

articles/defender-for-cloud/alerts-suppression-rules.md

@@ -15,7 +15,7 @@ This page explains how you can use alerts suppression rules to suppress false po
 |Aspect|Details|
 |----|:----|
 |Release state:|General availability (GA)|
-|Pricing:|Free<br>(Most security alerts are only available with [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp))|
+|Pricing:|Free<br>(Most security alerts are only available with [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads))|
 |Required roles and permissions:|**Security admin** and **Owner** can create/delete rules.<br>**Security reader** and **Reader** can view rules.|
 |Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Azure China 21Vianet)|
 

articles/defender-for-cloud/asset-inventory.md

@@ -12,7 +12,7 @@ The asset inventory page of Microsoft Defender for Cloud shows the [security pos
 
 Use this view and its filters to address such questions as:
 
-- Which of my subscriptions with [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp) enabled have outstanding recommendations?
+- Which of my subscriptions with [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) enabled have outstanding recommendations?
 - Which of my machines with the tag 'Production' are missing the Log Analytics agent?
 - How many of my machines tagged with a specific tag have outstanding recommendations?
 - Which machines in a specific resource group have a known vulnerability (using a CVE number)?

articles/defender-for-cloud/concept-cloud-security-posture-management.md

@@ -80,4 +80,4 @@ Learn more about [agentless scanning](concept-agentless-data-collection.md).
 
 ## Next steps
 
-Learn about Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp).
+Learn about Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).

articles/defender-for-cloud/defender-for-cloud-introduction.md

@@ -17,7 +17,7 @@ Microsoft Defender for Cloud is a cloud-native application protection platform (
 
 ## Secure cloud applications
 
-Defender for Cloud helps you to incorporate good security practices early during the software development process. You can protect your code management environments and your code pipelines, and get insights into your development environment security posture from a single location. Defender for Cloud currently supports Defender for DevOps, and Defender for GitHub.
+Defender for Cloud helps you to incorporate good security practices early during the software development process, or DevSecOps. You can protect your code management environments and your code pipelines, and get insights into your development environment security posture from a single location. Defender for Cloud currently includes Defender for DevOps.
 
 Today’s applications require security awareness at the code, infrastructure, and runtime levels to make sure that deployed applications are hardened against attacks.
 
@@ -29,7 +29,7 @@ Today’s applications require security awareness at the code, infrastructure, a
 
 The security of your cloud and on-premises resources depends on proper configuration and deployment. Defender for Cloud recommendations identify the steps that you can take to secure your environment.
 
-Defender for Cloud includes Foundational CSPM (Free) capabilities for free. You can also enable advanced CSPM capabilities and cloud workload protections by enabling paid Defender plans.
+Defender for Cloud includes Foundational CSPM (Free) capabilities for free. You can also enable advanced CSPM capabilities by enabling paid Defender plans.
 
 | Capability | What problem does it solve? | Get started | Defender plan and pricing |
 | ---------- | --------------------------- | ----------- | ------------------------- |
@@ -45,11 +45,9 @@ Defender for Cloud includes Foundational CSPM (Free) capabilities for free. You
 
 ## Protect cloud workloads
 
-### Cloud workload protections
-
 Proactive security principles require that you implement security practices that protect your workloads from threats. Cloud workload protections (CWP) surface workload-specific recommendations that lead you to the right security controls to protect your workloads.
 
-When your environment is threatened, you need to know right away the nature and severity of the threat so you can plan your response. After you identify a threat in your environment, you need to quickly respond to limit the risk to your resources. 
+When your environment is threatened, security alerts right away indicate the nature and severity of the threat so you can plan your response. After you identify a threat in your environment, you need to quickly respond to limit the risk to your resources.
 
 | Capability | What problem does it solve? | Get started | Defender plan and pricing |
 | ---------- | --------------------------- | ----------- | ------------------------- |
@@ -58,8 +56,8 @@ When your environment is threatened, you need to know right away the nature and
 | Protect cloud databases | Protect your entire database estate with attack detection and threat response for the most popular database types in Azure to protect the database engines and data types, according to their attack surface and security risks. | [Deploy specialized protections for cloud and on-premises databases](quickstart-enable-database-protections.md) | - [Defender for Azure SQL Databases](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br>- [Defender for SQL servers on machines](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br>- [Defender for Open-source relational databases](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br>- [Defender for Azure Cosmos DB](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
 | Protect containers | Secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications with environment hardening, vulnerability assessments, and run-time protection. | [Find security risks in your containers](defender-for-containers-introduction.md) | [Defender for Containers](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
 | [Infrastructure service insights](asset-inventory.md) | Diagnose weaknesses in your application infrastructure that can leave your environment susceptible to attack. | - [Identify attacks targeting applications running over App Service](defender-for-app-service-introduction.md)</br>- [Detect attempts to exploit Key Vault accounts](defender-for-key-vault-introduction.md)</br>- [Get alerted on suspicious Resource Manager operations](defender-for-resource-manager-introduction.md)</br>- [Expose anomalous DNS activities](defender-for-dns-introduction.md) | - [Defender for App Service](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br></br>- [Defender for Key Vault](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br></br>- [Defender for Resource Manager](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br></br>- [Defender for DNS](https://azure.microsoft.com/pricing/details/defender-for-cloud/)|
-| [Security alerts](alerts-overview.md) | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | [Manage security alerts]( managing-and-responding-alerts.md) | [Any workload protection Defender plan](#cloud-workload-protections-cwp) |
-| [Security incidents](alerts-overview.md#what-are-security-incidents) | Correlate alerts to identify attack patterns and integrate with Security Information and Event Management (SIEM), Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions to respond to threats and limit the risk to your resources. | [Export alerts to SIEM, SOAR, or ITSM systems](export-to-siem.md) | [Any workload protection Defender plan](#cloud-workload-protections-cwp) |
+| [Security alerts](alerts-overview.md) | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | [Manage security alerts]( managing-and-responding-alerts.md) | [Any workload protection Defender plan](#protect-cloud-workloads) |
+| [Security incidents](alerts-overview.md#what-are-security-incidents) | Correlate alerts to identify attack patterns and integrate with Security Information and Event Management (SIEM), Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions to respond to threats and limit the risk to your resources. | [Export alerts to SIEM, SOAR, or ITSM systems](export-to-siem.md) | [Any workload protection Defender plan](#protect-cloud-workloads) |
 
 ## Learn More
 

articles/defender-for-cloud/defender-for-cloud-planning-and-operations-guide.md

@@ -123,7 +123,7 @@ Defenders for Cloud policies contain the following components:
 - [Security policy](tutorial-security-policy.md): an [Azure Policy](../governance/policy/overview.md) that determines which controls are monitored and recommended by Defender for Cloud. You can also use Azure Policy to create new definitions, define more policies, and assign policies across management groups.
 
 - [Email notifications](configure-email-notifications.md): security contacts and notification settings.
-- [Pricing tier](defender-for-cloud-introduction.md#cloud-workload-protections-cwp): with or without Microsoft Defender for Cloud's Defender plans, which determine which Defender for Cloud features are available for resources in scope (can be specified for subscriptions and workspaces using the API).
+- [Pricing tier](defender-for-cloud-introduction.md#protect-cloud-workloads): with or without Microsoft Defender for Cloud's Defender plans, which determine which Defender for Cloud features are available for resources in scope (can be specified for subscriptions and workspaces using the API).
 
 > [!NOTE]
 > Specifying a security contact ensures that Azure can reach the right person in your organization if a security incident occurs. Read [Provide security contact details in Defender for Cloud](configure-email-notifications.md) for more information on how to enable this recommendation.
@@ -167,7 +167,7 @@ In the Azure portal, you can browse to see a list of your Log Analytics workspac
 
 For workspaces created by Defender for Cloud, data is retained for 30 days. For existing workspaces, retention is based on the workspace pricing tier. If you want, you can also use an existing workspace.
 
-If your agent reports to a workspace other than the **default** workspace, any Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp) that you've enabled on the subscription should also be enabled on the workspace.
+If your agent reports to a workspace other than the **default** workspace, any Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) that you've enabled on the subscription should also be enabled on the workspace.
 
 > [!NOTE]
 > Microsoft makes strong commitments to protect the privacy and security of this data. Microsoft adheres to strict compliance and security guidelines—from coding to operating a service. For more information about data handling and privacy, read [Defender for Cloud Data Security](data-security.md).

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -183,4 +183,4 @@ Images should first be imported to ACR. Learn more about [importing container im
 
 ## Next steps
 
-Learn more about the Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp).
+Learn more about the Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-elastic.md

@@ -170,5 +170,5 @@ Yes. The results are under [Sub-Assessments REST API](/rest/api/defenderforcloud
 
 Learn more about:
 
-- Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#cloud-workload-protections-cwp)
+- Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads)
 - [Multicloud protections](multicloud.yml) for your AWS account