Merge pull request #268606 from AlizaBernstein/WI-214554b-freshness-updates-march-2024

WI-214554b-freshness-updates-march-2024

Author: v-ccolin

articles/defender-for-cloud/alerts-suppression-rules.md

@@ -1,7 +1,7 @@
 ---
 title: Suppressing false positives or other unwanted security alerts
-description: This article explains how to use Microsoft Defender for Cloud's suppression rules to hide unwanted security alerts, such as false positives
-ms.date: 01/09/2023
+description: This article explains how to use Microsoft Defender for Cloud's suppression rules to hide unwanted security alerts, such as false positives.
+ms.date: 03/11/2024
 ms.topic: how-to
 ms.author: dacurwin
 author: dcurwin
@@ -69,11 +69,11 @@ To edit a rule you've created from the suppression rules page:
 
 1. From Defender for Cloud's security alerts page, select **Suppression rules** at the top of the page.
 
-    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-button.png" alt-text="Screenshot of the suppression rule button in the Security Alerts page.":::
+    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-button.png" alt-text="Screenshot that shows the suppression rule button in the Security Alerts page." lightbox="media/alerts-suppression-rules/suppression-rules-button.png":::
 
 1. The suppression rules page opens with all the rules for the selected subscriptions.
 
-    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-page.png" alt-text="Screenshot of the Suppression rules page where you can review the suppression rules and create new ones." lightbox="media/alerts-suppression-rules/suppression-rules-page.png":::
+    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-page.png" alt-text="Screenshot that shows the Suppression rules page where you can review the suppression rules and create new ones." lightbox="media/alerts-suppression-rules/suppression-rules-page.png":::
 
 1. To edit a single rule, open the three dots (...) at the end of the rule and select **Edit**.
 1. Change the details of the rule and select **Apply**.
@@ -101,6 +101,4 @@ For details and usage examples, see the [API documentation](/rest/api/defenderfo
 
 This article described the suppression rules in Microsoft Defender for Cloud that automatically dismiss unwanted alerts.
 
-Learn more about security alerts:
-
-- [Security alerts generated by Defender for Cloud](alerts-reference.md)
+Learn more about [security alerts generated by Defender for Cloud](alerts-reference.md).

articles/defender-for-cloud/concept-regulatory-compliance.md

@@ -2,26 +2,26 @@
 title: The Microsoft cloud security benchmark in Microsoft Defender for Cloud
 description: Learn about the Microsoft cloud security benchmark in Microsoft Defender for Cloud.
 ms.topic: conceptual
-ms.date: 01/10/2023
+ms.date: 03/13/2024
 ---
 
 # Microsoft cloud security benchmark in Defender for Cloud
 
-Industry standards, regulatory standards, and benchmarks are represented in Microsoft Defender for Cloud as [security standards](security-policy-concept.md), and are assigned to scopes such as Azure subscriptions, AWS accounts, and GCP projects.
+Industry standards, regulatory standards, and benchmarks are represented in Microsoft Defender for Cloud as [security standards](security-policy-concept.md). These standards are assigned to scopes such as Azure subscriptions, AWS accounts, and GCP projects.
 
 Defender for Cloud continuously assesses your hybrid cloud environment against these standards, and provides information about compliance in the **Regulatory compliance** dashboard.
 
 When you onboard subscriptions and accounts to Defender for Cloud, the [Microsoft cloud security benchmark](/security/benchmark/azure/introduction) (MCSB) automatically starts to assess resources in scope.
 
 This benchmark builds on the cloud security principles defined by the Azure Security Benchmark and applies these principles with detailed technical implementation guidance for Azure, for other cloud providers (such as AWS and GCP), and for other Microsoft clouds.
 
-:::image type="content" source="media/concept-regulatory-compliance/microsoft-security-benchmark.png" alt-text="Image that shows the components that make up the Microsoft cloud security benchmark.":::
+:::image type="content" source="media/concept-regulatory-compliance/microsoft-security-benchmark.png" alt-text="Image that shows the components that make up the Microsoft cloud security benchmark." lightbox="media/concept-regulatory-compliance/microsoft-security-benchmark.png":::
 
 The compliance dashboard gives you a view of your overall compliance standing. Security for non-Azure platforms follows the same cloud-neutral security principles as Azure. Each control within the benchmark provides the same granularity and scope of technical guidance across Azure and other cloud resources. 
 
 :::image type="content" source="media/concept-regulatory-compliance/compliance-dashboard.png" alt-text="Screenshot of a sample regulatory compliance page in Defender for Cloud." lightbox="media/concept-regulatory-compliance/compliance-dashboard.png":::
 
-From the compliance dashboard, you're able to manage all of your compliance requirements for your cloud deployments, including automatic, manual and shared responsibilities.
+From the compliance dashboard, you're able to manage all of your compliance requirements for your cloud deployments, including automatic, manual, and shared responsibilities.
 
 > [!NOTE]
 > Shared responsibilities is only compatible with Azure.

articles/defender-for-cloud/defender-for-app-service-introduction.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for App Service - the benefits and features
-description: Learn about the capabilities of Microsoft Defender for App Service and how to enable it on your subscription
-ms.date: 01/10/2023
+description: Learn about the capabilities of Microsoft Defender for App Service and how to enable it on your subscription.
+ms.date: 03/12/2024
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
@@ -17,7 +17,7 @@ To protect your Azure App Service plan with Microsoft Defender for App Service,
 
 - A supported App Service plan associated with dedicated machines. Supported plans are listed in [Availability](#availability).
 
-- Defender for Cloud's enhanced protections enabled on your subscription as described in [Quickstart: Enable enhanced security features](enable-enhanced-security.md).
+- Defender for Cloud's enhanced protections enabled on your subscription as described in [Enable enhanced security features](connect-azure-subscription.md).
 
     > [!TIP]
     > You can optionally enable individual Microsoft Defender plans, like Microsoft Defender for App Service.
@@ -35,11 +35,11 @@ To protect your Azure App Service plan with Microsoft Defender for App Service,
 
 Azure App Service is a fully managed platform for building and hosting your web apps and APIs. Since the platform is fully managed, you don't have to worry about the infrastructure. It provides management, monitoring, and operational insights to meet enterprise-grade performance, security, and compliance requirements. For more information, see [Azure App Service](https://azure.microsoft.com/services/app-service/).
 
-**Microsoft Defender for App Service** uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that will be used later.
+**Microsoft Defender for App Service** uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that can be used later.
 
 When you enable Microsoft Defender for App Service, you immediately benefit from the following services offered by this Defender plan:
 
-- **Secure** - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. Use the detailed instructions in these recommendations to harden your App Service resources.
+- **Secure** - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. To harden your App Service resources, use the detailed instructions in these recommendations.
 
 - **Detect** - Defender for App Service detects a multitude of threats to your App Service resources by monitoring:
   - the VM instance in which your App Service is running, and its management interface
@@ -65,7 +65,7 @@ Defender for Cloud monitors for many threats to your App Service resources. The
 
 ### Dangling DNS detection
 
-Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a non-existent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for *existing* dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
+Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a nonexistent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for *existing* dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
 
 Subdomain takeovers are a common, high-severity threat for organizations. When a threat actor detects a dangling DNS entry, they create their own site at the destination address. The traffic intended for the organization’s domain is then directed to the threat actor's site, and they can use that traffic for a wide range of malicious activity.
 
@@ -89,6 +89,6 @@ In this article, you learned about Microsoft Defender for App Service.
 
 For related material, see the following articles:
 
-- To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md).
+- To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to monitoring solutions](export-to-siem.md).
 - For a list of the Microsoft Defender for App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-for-azure-app-service).
 - For more information on App Service plans, see [App Service plans](https://azure.microsoft.com/pricing/details/app-service/plans/).

articles/defender-for-cloud/defender-for-devops-introduction.md

@@ -1,12 +1,12 @@
 ---
 title: Microsoft Defender for Cloud DevOps security - the benefits and features
-description: Learn about the benefits and features of Microsoft DevOps security
-ms.date: 01/24/2023
+description: Learn about the benefits and features of Microsoft DevOps security.
+ms.date: 03/11/2024
 ms.topic: overview
 ms.custom: references_regions
 ---
 
-# Overview of Microsoft Defender for Cloud DevOps Security
+# Overview of Microsoft Defender for Cloud DevOps security
 
 Microsoft Defender for Cloud enables comprehensive visibility, posture management, and threat protection across multicloud environments including Azure, AWS, GCP, and on-premises resources.
 
@@ -40,7 +40,7 @@ Here, you can add [Azure DevOps](quickstart-onboard-devops.md), [GitHub](quickst
 
 The DevOps inventory table allows you to review onboarded DevOps resources and the security information related to them.
 
-:::image type="content" source="media/defender-for-devops-introduction/inventory-grid.png" alt-text="Screenshot of the devops inventory table on the DevOps security overview page." lightbox="media/defender-for-devops-introduction/bottom-of-page.png":::
+:::image type="content" source="media/defender-for-devops-introduction/inventory-grid.png" alt-text="Screenshot that shows the Devops inventory table on the DevOps security overview page." lightbox="media/defender-for-devops-introduction/bottom-of-page.png":::
 
 On this part of the screen you see:
 
@@ -67,7 +67,7 @@ On this part of the screen you see:
 
 - **Findings** - Shows the total number of code, secrets, dependency, and infrastructure-as-code findings identified in the DevOps resource.
 
-This table can be viewed as a flat view at the DevOps resource level (repositories for Azure DevOps and GitHub, projects for GitLab) or in a grouping view showing organizations/projects/groups hierarchy.  Also, the table can be filtered by subscription, resource type, finding type, or severity.
+This table can be viewed as a flat view at the DevOps resource level (repositories for Azure DevOps and GitHub, projects for GitLab) or in a grouping view showing organizations/projects/groups hierarchy. Also, you can filter the table by subscription, resource type, finding type, or severity.
 
 ## Learn more
 
@@ -77,12 +77,10 @@ This table can be viewed as a flat view at the DevOps resource level (repositori
 
 - You can learn about [securing Azure Pipelines](/azure/devops/pipelines/security/overview).
 
-- Learn about [security hardening practices for GitHub Actions](https://docs.github.com/actions/security-guides/security-hardening-for-github-actions).
+- Learn about [security hardening practices for GitHub actions](https://docs.github.com/actions/security-guides/security-hardening-for-github-actions).
 
 ## Next steps
 
-[Connect your Azure DevOps organizations](quickstart-onboard-devops.md).
-
-[Connect your GitHub organizations](quickstart-onboard-github.md).
-
-[Connect your GitLab groups](quickstart-onboard-gitlab.md).
+- [Connect your Azure DevOps organizations](quickstart-onboard-devops.md).
+- [Connect your GitHub organizations](quickstart-onboard-github.md).
+- [Connect your GitLab groups](quickstart-onboard-gitlab.md).

articles/defender-for-cloud/defender-for-dns-introduction.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for DNS - the benefits and features
-description: Learn about the benefits and features of Microsoft Defender for DNS
-ms.date: 01/10/2023
+description: Learn about the benefits and features of Microsoft Defender for DNS.
+ms.date: 03/11/2024
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
@@ -11,9 +11,9 @@ author: dcurwin
 
 [!INCLUDE [Defender for DNS note](./includes/defender-for-dns-note.md)]
 
-Microsoft Defender for DNS provides an additional layer of protection for resources that use Azure DNS's [Azure-provided name resolution](../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#azure-provided-name-resolution) capability.
+Microsoft Defender for DNS provides another layer of protection for resources that use Azure DNS's [Azure-provided name resolution](../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#azure-provided-name-resolution) capability.
 
-From within Azure DNS, Defender for DNS monitors the queries from these resources and detects suspicious activities without the need for any additional agents on your resources.
+From within Azure DNS, Defender for DNS monitors the queries from these resources and detects suspicious activities without the need for any extra agents on your resources.
 
 ## Availability
 

articles/defender-for-cloud/defender-for-key-vault-introduction.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for Key Vault - the benefits and features
 description: Learn about the benefits and features of Microsoft Defender for Key Vault.
-ms.date: 11/09/2021
+ms.date: 03/13/2024
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
@@ -12,7 +12,7 @@ ms.custom: references_regions
 
 Azure Key Vault is a cloud service that safeguards encryption keys and secrets like certificates, connection strings, and passwords.
 
-Enable **Microsoft Defender for Key Vault** for Azure-native, advanced threat protection for Azure Key Vault, providing an additional layer of security intelligence.
+Enable **Microsoft Defender for Key Vault** for Azure-native, advanced threat protection for Azure Key Vault, providing another layer of security intelligence.
 
 ## Availability
 
@@ -26,15 +26,15 @@ Enable **Microsoft Defender for Key Vault** for Azure-native, advanced threat pr
 
 Microsoft Defender for Key Vault detects unusual and potentially harmful attempts to access or exploit Key Vault accounts. This layer of protection helps you address threats even if you're not a security expert, and without the need to manage third-party security monitoring systems.
 
-When anomalous activities occur, Defender for Key Vault shows alerts and optionally sends them via email to relevant members of your organization. These alerts include the details of the suspicious activity and recommendations on how to investigate and remediate threats.
+When anomalous activities occur, Defender for Key Vault shows alerts, and optionally sends them via email to relevant members of your organization. These alerts include the details of the suspicious activity and recommendations on how to investigate and remediate threats.
 
 ## Microsoft Defender for Key Vault alerts
 
 When you get an alert from Microsoft Defender for Key Vault, we recommend you investigate and respond to the alert as described in [Respond to Microsoft Defender for Key Vault](defender-for-key-vault-usage.md). Microsoft Defender for Key Vault protects applications and credentials, so even if you're familiar with the application or user that triggered the alert, it's important to check the situation surrounding every alert.
 
 The alerts appear in Key Vault's **Security** page, the Workload protections, and Defender for Cloud's security alerts page.
 
-:::image type="content" source="./media/defender-for-key-vault-intro/key-vault-security-page.png" alt-text="Azure Key Vault's security page":::
+:::image type="content" source="./media/defender-for-key-vault-intro/key-vault-security-page.png" alt-text="Screenshot that shows the Azure Key Vault's security page" lightbox="media/defender-for-key-vault-intro/key-vault-security-page.png":::
 
 > [!TIP]
 > You can simulate Microsoft Defender for Key Vault alerts by following the instructions in [Validating Azure Key Vault threat detection in Microsoft Defender for Cloud](https://techcommunity.microsoft.com/t5/azure-security-center/validating-azure-key-vault-threat-detection-in-azure-security/ba-p/1220336).
@@ -43,7 +43,7 @@ The alerts appear in Key Vault's **Security** page, the Workload protections, an
 
 When you receive an alert from [Microsoft Defender for Key Vault](defender-for-key-vault-introduction.md), we recommend you investigate and respond to the alert as described below. Microsoft Defender for Key Vault protects applications and credentials, so even if you're familiar with the application or user that triggered the alert, it's important to verify the situation surrounding every alert.  
 
-Alerts from Microsoft Defender for Key Vault includes these elements:
+Alerts from Microsoft Defender for Key Vault include these elements:
 
 - Object ID
 - User Principal Name or IP address of the suspicious resource