Merge pull request #205004 from bmansheim/quickstart-titles

Add Quickstart: to quickstart article titles

Author: PMEds28

articles/defender-for-cloud/alerts-reference.md

@@ -367,7 +367,7 @@ Microsoft Defender for Containers provides security alerts on the cluster level
 | **Potential crypto coin miner started**<br>(K8S.NODE_CryptoCoinMinerExecution) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container or directly on a Kubernetes node, has detected a process being started in a way normally associated with digital currency mining. | Execution | Medium |
 | **Suspicious password access**<br>(K8S.NODE_SuspectPasswordFileAccess) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container or directly on a Kubernetes node, has detected suspicious attempt to access encrypted user passwords. | Persistence | Informational |
 | **Suspicious use of DNS over HTTPS**<br>(K8S.NODE_SuspiciousDNSOverHttps) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container or directly on a Kubernetes node, has detected the use of a DNS call over HTTPS in an uncommon fashion. This technique is used by attackers to hide calls out to suspect or malicious sites. | DefenseEvasion, Exfiltration | Medium |
-| **A possible connection to malicious location has been detected.**<br>(K8S.NODE_ThreatIntelCommandLineSuspectDomain) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container or directly on a Kubernetes node, has detected a connection to a location that has been reported to be malicious or unusual. This is an indicator that a compromise may have occured. | InitialAccess | Medium |
+| **A possible connection to malicious location has been detected.**<br>(K8S.NODE_ThreatIntelCommandLineSuspectDomain) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container or directly on a Kubernetes node, has detected a connection to a location that has been reported to be malicious or unusual. This is an indicator that a compromise may have occurred. | InitialAccess | Medium |
 | **Possible malicious web shell detected.**<br>(K8S.NODE_Webshell) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container detected a possible web shell. Attackers will often upload a web shell to a compute resource they have compromised to gain persistence or for further exploitation. | Persistence, Exploitation | Medium |
 | **Burst of multiple reconnaissance commands could indicate initial activity after compromise**<br>(K8S.NODE_ReconnaissanceArtifactsBurst) <sup>[1](#footnote1)</sup> | Analysis of host/device data detected execution of multiple reconnaissance commands related to gathering system or host details performed by attackers after initial compromise. | Discovery, Collection | Low |
 | **Suspicious Download Then Run Activity**<br>(K8S.NODE_DownloadAndRunCombo) <sup>[1](#footnote1)</sup> | Analysis of processes running within a container or directly on a Kubernetes node, has detected a file being downloaded then run in the same command. While this isn't always malicious, this is a very common technique attackers use to get malicious files onto victim machines. | Execution, CommandAndControl, Exploitation | Medium |
@@ -602,7 +602,9 @@ Microsoft Defender for Containers provides security alerts on the cluster level
 
 
 
-## MITRE ATT&CK tactics <a name="intentions"></a>
+<a name="intentions"></a>
+
+## MITRE ATT&CK tactics
 
 Understanding the intention of an attack can help you investigate and report the event more easily. To help with these efforts, Microsoft Defender for Cloud alerts include the MITRE tactics with many alerts.
 

articles/defender-for-cloud/configure-email-notifications.md

@@ -7,7 +7,7 @@ author: bmansheim
 ms.date: 11/09/2021
 ms.custom: mode-other
 ---
-# Configure email notifications for security alerts 
+# Quickstart: Configure email notifications for security alerts 
 
 Security alerts need to reach the right people in your organization. By default, Microsoft Defender for Cloud emails subscription owners whenever a high-severity alert is triggered for their subscription. This page explains how to customize these notifications.
 

articles/defender-for-cloud/defender-for-sql-usage.md

@@ -44,7 +44,9 @@ To enable this plan:
 
 ### Step 2. Provision the Log Analytics agent on your SQL server's host:
 
-- **SQL Server on Azure VM** - If your SQL machine is hosted on an Azure VM, you can [enable auto provisioning of the Log Analytics agent <a name="auto-provision-mma"></a>](enable-data-collection.md#auto-provision-mma). Alternatively, you can follow the manual procedure for [Onboard your Azure Stack Hub VMs](quickstart-onboard-machines.md?pivots=azure-portal#onboard-your-azure-stack-hub-vms).
+-<a name="auto-provision-mma"></a>
+
+ **SQL Server on Azure VM** - If your SQL machine is hosted on an Azure VM, you can [enable auto provisioning of the Log Analytics agent](enable-data-collection.md#auto-provision-mma). Alternatively, you can follow the manual procedure for [Onboard your Azure Stack Hub VMs](quickstart-onboard-machines.md?pivots=azure-portal#onboard-your-azure-stack-hub-vms).
 - **SQL Server on Azure Arc-enabled servers** - If your SQL Server is managed by [Azure Arc](../azure-arc/index.yml) enabled servers, you can deploy the Log Analytics agent using the Defender for Cloud recommendation “Log Analytics agent should be installed on your Windows-based Azure Arc machines (Preview)”.
 
 - **SQL Server on-prem** - If your SQL Server is hosted on an on-premises Windows machine without Azure Arc, you have two options for connecting it to Azure:

articles/defender-for-cloud/enable-data-collection.md

@@ -5,7 +5,7 @@ ms.topic: quickstart
 ms.date: 07/06/2022
 ms.custom: mode-other
 ---
-# Configure auto provisioning for agents and extensions from Microsoft Defender for Cloud
+# Quickstart: Configure auto provisioning for agents and extensions from Microsoft Defender for Cloud
 
 Microsoft Defender for Cloud collects data from your resources using the relevant agent or extensions for that resource and the type of data collection you've enabled. Use the procedures below to auto-provision the necessary agents and extensions used by Defender for Cloud to your resources.
 
@@ -127,7 +127,9 @@ Defender for Cloud's auto provisioning settings has a toggle for each type of su
 > Learn more about Azure Policy effects including deploy if not exists in [Understand Azure Policy effects](../governance/policy/concepts/effects.md).
 
 
-## Enable auto provisioning of the Log Analytics agent and extensions <a name="auto-provision-mma"></a>
+<a name="auto-provision-mma"></a>
+
+## Enable auto provisioning of the Log Analytics agent and extensions
 
 When auto provisioning is on for the Log Analytics agent, Defender for Cloud deploys the agent on all supported Azure VMs and any new ones created. For the list of supported platforms, see [Supported platforms in Microsoft Defender for Cloud](security-center-os-coverage.md).
 
@@ -208,7 +210,9 @@ To enable auto provisioning of the Log Analytics agent:
    > If you select **Yes**, don't delete the workspace(s) created by Defender for Cloud until all VMs have been reconnected to the new target workspace. This operation fails if a workspace is deleted too early.
 
 
-## Windows security event options for the Log Analytics agent <a name="data-collection-tier"></a> 
+<a name="data-collection-tier"></a>
+
+## Windows security event options for the Log Analytics agent 
 
 When you select a data collection tier in Microsoft Defender for Cloud, the security events of the selected tier are stored in your Log Analytics workspace so that you can investigate, search, and audit the events in your workspace. The Log Analytics agent also collects and analyzes the security events required for Defender for Cloud’s threat protection.
 
@@ -263,7 +267,9 @@ You can define the level of security event data to store at the workspace level.
 
 1. Select the amount of raw event data to store and select **Save**.
 
-## Manual agent provisioning <a name="manual-agent"></a>
+<a name="manual-agent"></a>
+
+## Manual agent provisioning
 
 To manually install the Log Analytics agent:
 
@@ -297,7 +303,9 @@ To manually install the Log Analytics agent:
 > [!TIP]
 > For more information about onboarding, see [Automate onboarding of Microsoft Defender for Cloud using PowerShell](powershell-onboarding.md).
 
-## Auto provisioning in cases of a pre-existing agent installation <a name="preexisting"></a>
+<a name="preexisting"></a>
+
+## Auto provisioning in cases of a pre-existing agent installation
 
 The following use cases explain how auto provisioning works in cases when there's already an agent or extension installed.
 
@@ -317,7 +325,9 @@ The following use cases explain how auto provisioning works in cases when there'
     - If you have an environment where the Log Analytics agent is installed on client workstations and reporting to an existing Log Analytics workspace, review the list of [operating systems supported by Microsoft Defender for Cloud](security-center-os-coverage.md) to make sure your operating system is supported. For more information, see [Existing log analytics customers](./faq-azure-monitor-logs.yml).
 
 
-## Disable auto provisioning <a name="offprovisioning"></a>
+<a name="offprovisioning"></a>
+
+## Disable auto provisioning
 
 When you disable auto provisioning, agents won't be provisioned on new VMs.
 

articles/defender-for-cloud/features-paas.md

@@ -6,7 +6,9 @@ ms.author: benmansheim
 author: bmansheim
 ms.date: 02/27/2022
 ---
-# Feature coverage for Azure PaaS services <a name="paas-services"></a>
+# Feature coverage for Azure PaaS services
+
+<a name="paas-services"></a>
 
 The table below shows the availability of Microsoft Defender for Cloud features for the supported Azure PaaS resources.
 

articles/defender-for-cloud/implement-security-recommendations.md

@@ -10,7 +10,9 @@ ms.date: 11/09/2021
 
 Recommendations give you suggestions on how to better secure your resources. You implement a recommendation by following the remediation steps provided in the recommendation.
 
-## Remediation steps <a name="remediation-steps"></a>
+<a name="remediation-steps"></a>
+
+## Remediation steps
 
 After reviewing all the recommendations, decide which one to remediate first. We recommend that you prioritize the security controls with the highest potential to increase your secure score.
 
@@ -58,7 +60,9 @@ To implement a **Fix**:
 
 1. Once completed, a notification appears informing you if the remediation succeeded.
 
-## Fix actions logged to the activity log <a name="activity-log"></a>
+<a name="activity-log"></a>
+
+## Fix actions logged to the activity log
 
 The remediation operation uses a template deployment or REST API `PATCH` request to apply the configuration on the resource. These operations are logged in [Azure activity log](../azure-monitor/essentials/activity-log.md).
 

articles/defender-for-cloud/just-in-time-access-usage.md

@@ -29,7 +29,9 @@ This page teaches you how to include JIT in your security program. You'll learn
 
 <sup><a name="footnote1"></a>1</sup> For any VM protected by Azure Firewall, JIT will only fully protect the machine if it's in the same VNET as the firewall. VMs using VNET peering will not be fully protected.
 
-## Enable JIT VM access <a name="jit-configure"></a>
+<a name="jit-configure"></a>
+
+## Enable JIT VM access
 
 You can enable JIT VM access with your own custom options for one or more VMs using Defender for Cloud or programmatically. 
 
@@ -39,7 +41,9 @@ Each of these options is explained in a separate tab below.
 
 ### [**Microsoft Defender for Cloud**](#tab/jit-config-asc)
 
-### Enable JIT on your VMs from Microsoft Defender for Cloud <a name="jit-asc"></a>
+<a name="jit-asc"></a>
+
+### Enable JIT on your VMs from Microsoft Defender for Cloud
 
 :::image type="content" source="./media/just-in-time-access-usage/jit-config-security-center.gif" alt-text="Configuring JIT VM access in Microsoft Defender for Cloud.":::
 
@@ -87,7 +91,9 @@ From Defender for Cloud, you can enable and configure the JIT VM access.
 
 1. Select **Save**.
 
-### Edit the JIT configuration on a JIT-enabled VM using Defender for Cloud <a name="jit-modify"></a>
+<a name="jit-modify"></a>
+
+### Edit the JIT configuration on a JIT-enabled VM using Defender for Cloud
 
 You can modify a VM's just-in-time configuration by adding and configuring a new port to protect for that VM, or by changing any other setting related to an already protected port.
 

articles/defender-for-cloud/os-coverage.md

@@ -8,7 +8,9 @@ ms.date: 11/09/2021
 
 This page shows the platforms and environments supported by Microsoft Defender for Cloud.
 
-## Combinations of environments <a name="vm-server"></a>
+<a name="vm-server"></a>
+
+## Combinations of environments
 
 Microsoft Defender for Cloud supports virtual machines and servers on different types of hybrid environments:
 
@@ -33,11 +35,15 @@ To learn more about the specific Defender for Cloud features available on Window
 > [!NOTE]
 > Even though **Microsoft Defender for Servers** is designed to protect servers, most of its features are supported for Windows 10 machines. One feature that isn't currently supported is [Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](integration-defender-for-endpoint.md).
 
-## Managed virtual machine services <a name="virtual-machine"></a>
+<a name="virtual-machine"></a>
+
+## Managed virtual machine services
 
 Virtual machines are also created in a customer subscription as part of some Azure-managed services as well, such as Azure Kubernetes (AKS), Azure Databricks, and more. Defender for Cloud discovers these virtual machines too, and the Log Analytics agent can be installed and configured if a supported OS is available.
 
-## Cloud Services <a name="cloud-services"></a>
+<a name="cloud-services"></a>
+
+## Cloud Services
 
 Virtual machines that run in a cloud service are also supported. Only cloud services web and worker roles that run in production slots are monitored. To learn more about cloud services, see [Overview of Azure Cloud Services](../cloud-services/cloud-services-choose-me.md).
 

articles/defender-for-cloud/other-threat-protections.md

@@ -11,7 +11,9 @@ In addition to its built-in [advanced protection plans](defender-for-cloud-intro
 > [!TIP]
 > To enable Defender for Cloud's threat protection capabilities, you must enable enhanced security features on the subscription containing the applicable workloads.
 
-## Threat protection for Azure network layer <a name="network-layer"></a>
+<a name="network-layer"></a>
+
+## Threat protection for Azure network layer
 Defender for Cloud network-layer analytics are based on sample [IPFIX data](https://en.wikipedia.org/wiki/IP_Flow_Information_Export), which are packet headers collected by Azure core routers. Based on this data feed, Defender for Cloud uses machine learning models to identify and flag malicious traffic activities. Defender for Cloud also uses the Microsoft Threat Intelligence database to enrich IP addresses.
 
 Some network configurations restrict Defender for Cloud from generating alerts on suspicious network activity. For Defender for Cloud to generate network alerts, ensure that:
@@ -32,7 +34,9 @@ For more information, see:
 - [The list of threat protection alerts for Azure Cosmos DB](alerts-reference.md#alerts-azurecosmos)
 
 
-## Display recommendations in Microsoft Defender for Cloud Apps <a name="azure-mcas"></a>
+<a name="azure-mcas"></a>
+
+## Display recommendations in Microsoft Defender for Cloud Apps
 
 Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security) is a cloud access security broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
 
@@ -42,9 +46,13 @@ If you've enabled Microsoft Defender for Cloud Apps, and selected the integratio
 > Defender for Cloud stores security-related customer data in the same geo as its resource. If Microsoft hasn't yet deployed Defender for Cloud in the resource's geo, then it stores the data in the United States. When Microsoft Defender for Cloud Apps is enabled, this information is stored in accordance with the geo location rules of Microsoft Defender for Cloud Apps. For more information, see [Data storage for non-regional services](https://azuredatacentermap.azurewebsites.net/).
 
 
-## Stream security alerts from other Microsoft services <a name="alerts-other"></a>
+<a name="alerts-other"></a>
+
+## Stream security alerts from other Microsoft services
 
-### Display Azure WAF alerts in Defender for Cloud <a name="azure-waf"></a>
+<a name="azure-waf"></a>
+
+### Display Azure WAF alerts in Defender for Cloud
 
 Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities.
 
@@ -53,7 +61,9 @@ Web applications are increasingly targeted by malicious attacks that exploit com
 If you have created [WAF Security solution](partner-integration.md#add-data-sources), your WAF alerts are streamed to Defender for Cloud with no additional configurations. For more information on the alerts generated by WAF, see [Web application firewall CRS rule groups and rules](../web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md?tabs=owasp31#crs911-31).
 
 
-### Display Azure DDoS Protection alerts in Defender for Cloud <a name="azure-ddos"></a>
+<a name="azure-ddos"></a>
+
+### Display Azure DDoS Protection alerts in Defender for Cloud
 
 Distributed denial of service (DDoS) attacks are known to be easy to execute. They've become a great security concern, particularly if you're moving your applications to the cloud. A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can target any endpoint that can be reached through the internet.
 

articles/defender-for-cloud/powershell-onboarding.md

@@ -5,7 +5,7 @@ ms.topic: quickstart
 ms.date: 11/09/2021
 ms.custom: mode-api
 ---
-# Automate onboarding of Microsoft Defender for Cloud using PowerShell
+# Quickstart: Automate onboarding of Microsoft Defender for Cloud using PowerShell
 
 You can secure your Azure workloads programmatically, using the Microsoft Defender for Cloud PowerShell module. Using PowerShell enables you to automate tasks and avoid the human error inherent in manual tasks. This is especially useful in large-scale deployments that involve dozens of subscriptions with hundreds and thousands of resources, all of which must be secured from the beginning.