Security policy article updates

Updated content and images for the upcoming release.

Author: liorarviv

articles/defender-for-cloud/TOC.yml

@@ -255,7 +255,7 @@
       href: workflow-automation.md
     - name: Disable a recommendation
       displayName: recommendation, disable, security, policy, 
-      href: tutorial-security-policy.md#disable-security-policies-and-disable-recommendations
+      href: tutorial-security-policy.md#disable-a-security-recommendation
     - name: Exempt recommendations per resource, subscription, or management group
       displayName: disable, resource, exempt, recommendation
       href: exempt-resource.md

articles/defender-for-cloud/media/tutorial-security-policy/additional-parameters.png

@@ -102,7 +102,7 @@ To investigate why the recommendations are still being generated, verify the fol
 ### We're using a third-party MFA tool to enforce MFA. Why do we still get the Defender for Cloud recommendations?
 Defender for Cloud's MFA recommendations doesn't support third-party MFA tools (for example, DUO).
 
-If the recommendations are irrelevant for your organization, consider marking them as "mitigated" as described in [Exempting resources and recommendations from your secure score](exempt-resource.md). You can also [disable a recommendation](tutorial-security-policy.md#disable-security-policies-and-disable-recommendations).
+If the recommendations are irrelevant for your organization, consider marking them as "mitigated" as described in [Exempting resources and recommendations from your secure score](exempt-resource.md). You can also [disable a recommendation](tutorial-security-policy.md#disable-a-security-recommendation).
 
 ### Why does Defender for Cloud show user accounts without permissions on the subscription as "requiring MFA"?
 Defender for Cloud's MFA recommendations refers to [Azure RBAC](../role-based-access-control/role-definitions-list.md) roles and the [Azure classic subscription administrators](../role-based-access-control/classic-administrators.md) role. Verify that none of the accounts have such roles.

articles/defender-for-cloud/media/tutorial-security-policy/default-assignment-screen.png

@@ -1424,7 +1424,7 @@ Security Center includes multiple recommendations to encrypt data at rest with c
 
 Data in Azure is encrypted automatically using platform-managed keys, so the use of customer-managed keys should only be applied when required for compliance with a specific policy your organization is choosing to enforce.
 
-With this change, the recommendations to use CMKs are now **disabled by default**. When relevant for your organization, you can enable them by changing the *Effect* parameter for the corresponding security policy to **AuditIfNotExists** or **Enforce**. Learn more in [Enable a security policy](tutorial-security-policy.md#enable-a-security-policy).
+With this change, the recommendations to use CMKs are now **disabled by default**. When relevant for your organization, you can enable them by changing the *Effect* parameter for the corresponding security policy to **AuditIfNotExists** or **Enforce**. Learn more in [Enable a security recommendation](tutorial-security-policy.md#enable-a-security-recommendation).
 
 This change is reflected in the names of the recommendation with a new prefix, **[Enable if required]**, as shown in the following examples:
 

articles/defender-for-cloud/media/tutorial-security-policy/enable-security-recommendation.png

@@ -17,7 +17,7 @@ To get to the list of recommendations:
     - In the Defender for Cloud overview, select **Security posture** and then select **View recommendations** for the environment you want to improve.
     - Go to **Recommendations** in the Defender for Cloud menu.
 
-You can search for specific recommendations by name. Use the search box and filters above the list of recommendations to find specific recommendations. Look at the [details of the recommendation](security-policy-concept.md#security-recommendation-details) to decide whether to [remediate it](implement-security-recommendations.md), [exempt resources](exempt-resource.md), or [disable the recommendation](tutorial-security-policy.md#disable-security-policies-and-disable-recommendations).
+You can search for specific recommendations by name. Use the search box and filters above the list of recommendations to find specific recommendations. Look at the [details of the recommendation](security-policy-concept.md#security-recommendation-details) to decide whether to [remediate it](implement-security-recommendations.md), [exempt resources](exempt-resource.md), or [disable the recommendation](tutorial-security-policy.md#disable-a-security-recommendation).
 
 You can learn more by watching this video from the Defender for Cloud in the Field video series:
 - [Security posture management improvements](episode-four.md)

articles/defender-for-cloud/media/tutorial-security-policy/policy-screen.png

@@ -111,12 +111,12 @@ You can also [configure the Enforce and Deny options](prevent-misconfigurations.
 
 The table below lists the security controls in Microsoft Defender for Cloud. For each control, you can see the maximum number of points you can add to your secure score if you remediate *all* of the recommendations listed in the control, for *all* of your resources.
 
-The set of security recommendations provided with Defender for Cloud is tailored to the available resources in each organization's environment. You can [disable policies](tutorial-security-policy.md#disable-security-policies-and-disable-recommendations) and [exempt specific resources from a recommendation](exempt-resource.md) to further customize the recommendations.
+The set of security recommendations provided with Defender for Cloud is tailored to the available resources in each organization's environment. You can [disable recommendations](tutorial-security-policy.md#disable-a-security-recommendation) and [exempt specific resources from a recommendation](exempt-resource.md) to further customize the recommendations.
 
 We recommend every organization carefully reviews their assigned Azure Policy initiatives.
 
 > [!TIP]
-> For details about reviewing and editing your initiatives, see [Working with security policies](tutorial-security-policy.md).
+> For details about reviewing and editing your initiatives, see [manage security policies](tutorial-security-policy.md).
 
 Even though Defender for Cloud's default security initiative, the Azure Security Benchmark, is based on industry best practices and standards, there are scenarios in which the built-in recommendations listed below might not completely fit your organization. It's sometimes necessary to adjust the default initiative - without compromising security - to ensure it's aligned with your organization's own policies, industry standards, regulatory standards, and benchmarks.<br><br>
 
@@ -130,7 +130,7 @@ No. It won't change until you remediate all of the recommendations for a single
 
 ### If a recommendation isn't applicable to me, and I disable it in the policy, will my security control be fulfilled and my secure score updated?
 
-Yes. We recommend disabling recommendations when they're inapplicable in your environment. For instructions on how to disable a specific recommendation, see [Disable security policies](./tutorial-security-policy.md#disable-security-policies-and-disable-recommendations).
+Yes. We recommend disabling recommendations when they're inapplicable in your environment. For instructions on how to disable a specific recommendation, see [Disable security recommendations](./tutorial-security-policy.md#disable-a-security-recommendation).
 
 ### If a security control offers me zero points towards my secure score, should I ignore it?
 

articles/defender-for-cloud/multi-factor-authentication-enforcement.md

@@ -127,5 +127,5 @@ If you're reviewing the list of recommendations on our [Security recommendations
 This page explained, at a high level, the basic concepts and relationships between policies, initiatives, and recommendations. For related information, see:
 
 - [Create custom initiatives](custom-security-policies.md)
-- [Disable security policies to disable recommendations](tutorial-security-policy.md#disable-security-policies-and-disable-recommendations)
+- [Disable security recommendations](tutorial-security-policy.md#disable-a-security-recommendation)
 - [Learn how to edit a security policy in Azure Policy](../governance/policy/tutorials/create-and-manage.md)