Merge pull request #225126 from TerryLanfear/sec-230125

Freshness update

Author: v-ccolin

articles/security/fundamentals/antimalware-code-samples.md

@@ -5,15 +5,14 @@ services: security
 documentationcenter: na
 author: terrylanfear
 manager: rkarlin
-editor: ''
 
 ms.assetid: 265683c8-30d7-4f2b-b66c-5082a18f7a8b
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/29/2021
+ms.date: 01/25/2023
 ms.author: terrylan 
 ms.custom: devx-track-azurepowershell
 ---

articles/security/fundamentals/antimalware.md

@@ -12,30 +12,30 @@ ms.subservice: security-fundamentals
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/29/2021
+ms.date: 01/25/2023
 ms.author: terrylan
 ---
 # Microsoft Antimalware for Azure Cloud Services and Virtual Machines
 
 Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems.
 
-The solution is built on the same antimalware platform as Microsoft Security Essentials \[MSE\], Microsoft Forefront Endpoint Protection, Microsoft System Center Endpoint Protection, Microsoft Intune, and Microsoft Defender for Cloud. Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. Protection may be deployed based on the needs of application workloads, with either basic secure-by-default or advanced custom configuration, including antimalware monitoring.
+The solution is built on the same antimalware platform as Microsoft Security Essentials (MSE), Microsoft Forefront Endpoint Protection, Microsoft System Center Endpoint Protection, Microsoft Intune, and Microsoft Defender for Cloud. Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. Protection may be deployed based on the needs of application workloads, with either basic secure-by-default or advanced custom configuration, including antimalware monitoring.
 
 When you deploy and enable Microsoft Antimalware for Azure for your applications, the following core features are available:
 
 * **Real-time protection** - monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution.
 * **Scheduled scanning** - Scans periodically to detect malware, including actively running programs.
 * **Malware remediation** - automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries.
 * **Signature updates** - automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.
-* **Antimalware Engine updates** – automatically updates the Microsoft Antimalware engine.
-* **Antimalware Platform updates** – automatically updates the Microsoft Antimalware platform.
+* **Antimalware Engine updates** - automatically updates the Microsoft Antimalware engine.
+* **Antimalware Platform updates** - automatically updates the Microsoft Antimalware platform.
 * **Active protection** - reports telemetry metadata about detected threats and suspicious resources to Microsoft Azure to ensure rapid response to the evolving threat landscape, as well as enabling real-time synchronous signature delivery through the Microsoft Active Protection System (MAPS).
 * **Samples reporting** - provides and reports samples to the Microsoft Antimalware service to help refine the service and enable troubleshooting.
-* **Exclusions** – allows application and service administrators to configure exclusions for files, processes, and drives.  
+* **Exclusions** - allows application and service administrators to configure exclusions for files, processes, and drives.  
 * **Antimalware event collection** - records the antimalware service health, suspicious activities, and remediation actions taken in the operating system event log and collects them into the customer's Azure Storage account.
 
 > [!NOTE]
-> Microsoft Antimalware can also be deployed using Microsoft Defender for Cloud. Read [Install Endpoint Protection in Microsoft Defender for Cloud](../../security-center/security-center-services.md#supported-endpoint-protection-solutions-) for more information.
+> Microsoft Antimalware can also be deployed using Microsoft Defender for Cloud. Read [Install Endpoint Protection in Microsoft Defender for Cloud](../../defender-for-cloud/integration-defender-for-endpoint.md) for more information.
 
 ## Architecture
 
@@ -46,20 +46,20 @@ The Microsoft Antimalware Client and Service is installed by default in a disabl
 When using Azure App Service on Windows, the underlying service that hosts the web app has Microsoft Antimalware enabled on it. This is used to protect Azure App Service infrastructure and does not run on customer content.
 
 > [!NOTE]
-> Microsoft Defender Antivirus is the built-in Antimalware enabled in Windows Server 2016. The Microsoft Defender Antivirus Interface is also enabled by default on some Windows Server 2016 SKU's [see here for more information](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows). 
-> The Azure VM Antimalware extension can still be added to a Windows Server 2016 Azure VM with Microsoft Defender Antivirus, but in this scenario the extension will apply any optional [configuration policies](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe) to be used by Microsoft Defender Antivirus, the extension will not deploy any additional antimalware services.
-> You can read more about this update [here](/archive/blogs/azuresecurity/update-to-azure-antimalware-extension-for-cloud-services).
+> Microsoft Defender Antivirus is the built-in Antimalware enabled in Windows Server 2016 and above.
+> The Azure VM Antimalware extension can still be added to a Windows Server 2016 and above Azure VM with Microsoft Defender Antivirus. In this scenario, the extension applies any optional [configuration policies](antimalware.md#default-and-custom-antimalware-configuration) to be used by Microsoft Defender Antivirus The extension does not deploy any other antimalware services.
+> See the [Samples](antimalware.md#samples) section of this article for more details.
 
 ### Microsoft antimalware workflow
 
 The Azure service administrator can enable Antimalware for Azure with a default or custom configuration for your Virtual Machines and Cloud Services using the following options:
 
-* Virtual Machines – In the Azure portal, under **Security Extensions**
-* Virtual Machines – Using the Visual Studio virtual machines configuration in Server Explorer
-* Virtual Machines and Cloud Services – Using the Antimalware [classic deployment model](/previous-versions/azure/ee460799(v=azure.100))
-* Virtual Machines and Cloud Services – Using Antimalware PowerShell cmdlets
+* Virtual Machines - In the Azure portal, under **Security Extensions**
+* Virtual Machines - Using the Visual Studio virtual machines configuration in Server Explorer
+* Virtual Machines and Cloud Services - Using the Antimalware [classic deployment model](/previous-versions/azure/ee460799(v=azure.100))
+* Virtual Machines and Cloud Services - Using Antimalware PowerShell cmdlets
 
-The Azure portal or PowerShell cmdlets push the Antimalware extension package file to the Azure system at a pre-determined fixed location. The Azure Guest Agent (or the Fabric Agent) launches the Antimalware Extension, applying the Antimalware configuration settings supplied as input. This step enables the Antimalware service with either default or custom configuration settings. If no custom configuration is provided, then the antimalware service is enabled with the default configuration settings. Refer to the *Antimalware configuration* section in the [Microsoft Antimalware for Azure – Code Samples](/samples/browse/?redirectedfrom=TechNet-Gallery "Microsoft Antimalware For Azure Cloud Services and VMs Code Samples") for more details.
+The Azure portal or PowerShell cmdlets push the Antimalware extension package file to the Azure system at a pre-determined fixed location. The Azure Guest Agent (or the Fabric Agent) launches the Antimalware Extension, applying the Antimalware configuration settings supplied as input. This step enables the Antimalware service with either default or custom configuration settings. If no custom configuration is provided, then the antimalware service is enabled with the default configuration settings. See the [Samples](antimalware.md#samples) section of this article for more details..
 
 Once running, the Microsoft Antimalware client downloads the latest protection engine and signature definitions from the Internet and loads them on the Azure system. The Microsoft Antimalware service writes service-related events to the system OS events log under the "Microsoft Antimalware" event source. Events include the Antimalware client health state, protection and remediation status, new and old configuration settings, engine updates and signature definitions, and others.
 
@@ -70,7 +70,7 @@ The deployment workflow including configuration steps and options supported for
 ![Microsoft Antimalware in Azure](./media/antimalware/sec-azantimal-fig1.PNG)
 
 > [!NOTE]
-> You can however use PowerShell/APIs and Azure Resource Manager templates to deploy Virtual Machine Scale Sets with the Microsoft Anti-Malware extension.  For installing an extension on an already running Virtual Machine, you can use the sample Python script [vmssextn.py](https://github.com/gbowerman/vmsstools). This script gets the existing extension config on the Scale Set and adds an extension to the list of existing extensions on the VM Scale Sets.
+> You can however use PowerShell/APIs and Azure Resource Manager templates to deploy Virtual Machine Scale Sets with the Microsoft Anti-Malware extension.  For installing an extension on an already running Virtual Machine, you can use the sample Python script [vmssextn.py](https://github.com/gbowerman/vmsstools#vmssextn). This script gets the existing extension config on the Scale Set and adds an extension to the list of existing extensions on the VM Scale Sets.
 >
 >
 
@@ -134,7 +134,7 @@ To enable and configure the Microsoft Antimalware service using Visual Studio:
     ![Virtual Machine configuration extension](./media/antimalware/sec-azantimal-fig7.PNG)
 
 > [!NOTE]
->The Visual Studio Virtual Machines configuration for Antimalware supports only JSON format configuration. The Antimalware JSON configuration settings template is included in the [Microsoft Antimalware For Azure - Code Samples](/samples/browse/?redirectedfrom=TechNet-Gallery "Microsoft Antimalware For Azure - Code Samples"), showing the supported Antimalware configuration settings.
+>The Visual Studio Virtual Machines configuration for Antimalware supports only JSON format configuration. See the [Samples](antimalware.md#samples) section of this article for more details.
 
 #### Deployment Using PowerShell cmdlets
 
@@ -146,7 +146,7 @@ To enable and configure Microsoft Antimalware using PowerShell cmdlets:
 2. Use the [Set-AzureVMMicrosoftAntimalwareExtension](/powershell/module/servicemanagement/azure.service/set-azurevmmicrosoftantimalwareextension) cmdlet to enable and configure Microsoft Antimalware for your Virtual Machine.
 
 > [!NOTE]
->The Azure Virtual Machines configuration for Antimalware supports only JSON format configuration. The Antimalware JSON configuration settings template is included in the [Microsoft Antimalware For Azure - Code Samples](/samples/browse/?redirectedfrom=TechNet-Gallery "Microsoft Antimalware For Azure - Code Samples"), showing the supported Antimalware configuration settings.
+>The Azure Virtual Machines configuration for Antimalware supports only JSON format configuration. See the [Samples](antimalware.md#samples) section of this article for more details.
 
 ### Enable and Configure Antimalware Using PowerShell cmdlets
 
@@ -157,7 +157,7 @@ To enable and configure Microsoft Antimalware using PowerShell cmdlets:
 1. Set up your PowerShell environment - Refer to the documentation at <https://github.com/Azure/azure-powershell>
 2. Use the [Set-AzureServiceExtension](/powershell/module/servicemanagement/azure.service/set-azureserviceextension) cmdlet to enable and configure Microsoft Antimalware for your Cloud Service.
 
-The Antimalware XML configuration settings template is included in the [Microsoft Antimalware For Azure - Code Samples](/samples/browse/?redirectedfrom=TechNet-Gallery "Microsoft Antimalware For Azure - Code Samples"), showing the supported Antimalware configuration settings.
+See the [Samples](antimalware.md#samples) section of this article for more details.
 
 ### Cloud Services and Virtual Machines - Configuration Using PowerShell cmdlets
 
@@ -169,6 +169,8 @@ To retrieve the Microsoft Antimalware configuration using PowerShell cmdlets:
 2. **For Virtual Machines**: Use the [Get-AzureVMMicrosoftAntimalwareExtension](/powershell/module/servicemanagement/azure.service/get-azurevmmicrosoftantimalwareextension) cmdlet to get the antimalware configuration.
 3. **For Cloud Services**: Use the [Get-AzureServiceExtension](/powershell/module/servicemanagement/azure.service/get-azureserviceextension) cmdlet to get the Antimalware configuration.
 
+## Samples
+
 ### Remove Antimalware Configuration Using PowerShell cmdlets
 
 An Azure application or service can remove the Antimalware configuration and any associated Antimalware monitoring configuration from the relevant Azure Antimalware and diagnostics service extensions associated with the Cloud Service or Virtual Machine.
@@ -215,8 +217,8 @@ The following code sample is available:
 ### Enable and configure Antimalware using PowerShell cmdlets for Azure Arc-enabled servers
 To enable and configure Microsoft Antimalware for Azure Arc-enabled servers using PowerShell cmdlets:
 
-1.	Set up your PowerShell environment using this [documentation](https://github.com/Azure/azure-powershell) on GitHub.
-2.	Use the [New-AzConnectedMachineExtension](../../azure-arc/servers/manage-vm-extensions-powershell.md) cmdlet to enable and configure Microsoft Antimalware for your Arc-enabled servers.
+1. Set up your PowerShell environment using this [documentation](https://github.com/Azure/azure-powershell) on GitHub.
+2. Use the [New-AzConnectedMachineExtension](../../azure-arc/servers/manage-vm-extensions-powershell.md) cmdlet to enable and configure Microsoft Antimalware for your Arc-enabled servers.
 
 The following code samples are available: