fixes for configure guide for defender for storage

Yuval Reshef · Yuval Reshef · commit 278558cefd8f · 2023-04-24T19:00:56.000+03:00
diff --git a/articles/storage/common/azure-defender-storage-configure.md b/articles/storage/common/azure-defender-storage-configure.md
@@ -88,7 +88,7 @@ There are several ways to enable Defender for Storage on subscriptions:
 - [Azure portal](#azure-portal)
 - [Azure built-in policy](#enable-and-configure-at-scale-with-an-azure-built-in-policy)
 - IaC templates, including [Bicep](#bicep-template) and [ARM](#arm-template)
-- [REST API](#rest-api)
+- [REST API](#enable-and-configure-with-rest-api)
 
 > [!TIP]
 > You can [override or set custom configuration settings](#override-defender-for-storage-subscription-level-settings) for specific storage accounts within protected subscriptions.
@@ -203,7 +203,7 @@ If you want to turn off the **On-upload malware scanning** or **Sensitive data t
 
 To disable the entire Defender plan, set the `pricingTier` property value to `Free` and remove the `subPlan` and `extensions` properties.
 
-Learn more about the [ARM template AzAPI reference](/azure/templates/microsoft.security/pricings?pivots=deployment-language-arm-template).
+Learn more in the [ARM template reference](/azure/templates/microsoft.security/pricings?pivots=deployment-language-arm-template).
 
 ### Enable and configure with REST API 
 
@@ -251,7 +251,7 @@ You can enable and configure Microsoft Defender for Storage on specific storage
 
 - [Azure portal](#azure-portal-1)
 - IaC templates, including [Bicep](#bicep-template-1) and [ARM](#arm-template-1)
-- [REST API](#rest-api-1)
+- [REST API](#rest-api)
 
 The steps below include instructions on how to set up logging and an Event Grid for the Malware Scanning.
 
@@ -273,7 +273,7 @@ Microsoft Defender for Storage is now enabled on this storage account.
 > To configure **On-upload malware scanning** settings, such as monthly cap, select **Settings** after Defender for Storage was enabled.
 > :::image type="content" source="../../defender-for-cloud/media/azure-defender-storage-configure/malware-scan-capping.png" alt-text="Screenshot showing where to configure a monthly cap for Malware Scanning.":::
 
-If you want to disable Defender for Storage on the storage account or disable one of the features (On-upload malware scanning or Sensitive data threat detection), select **Settings**, edit the settings, and select **Save**.
+If you want to disable Defender for Storage on the storage account or disable one of the features (On-upload malware scanning or Sensitive data threat detection), select **Settings**, edit the settings, and select **Save**.
 
 ### Enable and configure with IaC templates
 
@@ -303,14 +303,11 @@ To enable and configure Microsoft Defender for Storage at the storage account le
 }
 ```
 
-To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value `-1`. The default limit is set at 5,000 GB.
+To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value `-1`. The default limit is set at 5,000 GB.
 
-If you want to turn off the **On-upload malware scanning** or **Sensitive data threat detection** features, you can change the `isEnabled` value to `false` under Sensitive data discovery.
-
-To disable the entire Defender plan, set the `pricingTier` property value to `Free` and remove the `subPlan` and `extensions` properties.
-
-Learn more about the [ARM template AzAPI reference](/azure/templates/microsoft.security/pricings?pivots=deployment-language-arm-template).
+If you want to turn off the **On-upload malware scanning** or **Sensitive data threat detection** features, you can change the `isEnabled` value to `false` under the `malwareScanning` or `sensitiveDataDiscovery` properties sections.
 
+To disable the entire Defender plan for the storage account, set the `isEnabled` property value to `false` and remove the `malwareScanning` and `sensitiveDataDiscovery` sections from the properties.
 #### Bicep template
 
 To enable and configure Microsoft Defender for Storage at the storage account level using [Bicep](../../azure-resource-manager/bicep/overview.md), add the following to your Bicep template:
@@ -337,11 +334,11 @@ resource defenderForStorageSettings 'Microsoft.Security/DefenderForStorageSettin
 }
 ```
 
-To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value `-1`. The default limit is set at 5,000 GB.
+To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value `-1`. The default limit is set at 5,000 GB.
 
-If you want to turn off the **On-upload malware scanning** or **Sensitive data threat detection** features, you can change the `isEnabled` value to `false` under Sensitive data discovery.
+If you want to turn off the **On-upload malware scanning** or **Sensitive data threat detection** features, you can change the `isEnabled` value to `false` under the `malwareScanning` or `sensitiveDataDiscovery` properties sections.
 
-To disable the entire Defender plan, set the `pricingTier` property value to `Free` and remove the `subPlan` and `extensions` properties.
+To disable the entire Defender plan for the storage account, set the `isEnabled` property value to `false` and remove the `malwareScanning` and `sensitiveDataDiscovery` sections from the properties.
 
 Learn more about the [Bicep template AzAPI reference](/azure/templates/microsoft.security/pricings?pivots=deployment-language-bicep&source=docs).
 
@@ -350,7 +347,8 @@ Learn more about the [Bicep template AzAPI reference](/azure/templates/microsoft
 To enable and configure Microsoft Defender for Storage at the storage account level using REST API, create a PUT request with this endpoint. Replace the `subscriptionId` , `resourceGroupName`, and `accountName` in the endpoint URL with your own Azure subscription ID, resource group and storage account names accordingly.
 
 ```http
-PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/pricings/StorageAccounts?api-version=2023-01-01
+PUT
+https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Storage/storageAccounts/{accountName}/providers/Microsoft.Security/defenderForStorageSettings/current?api-version=2022-12-01-preview
 ```
 
 And add the following request body:
@@ -368,16 +366,16 @@ And add the following request body:
         "sensitiveDataDiscovery": {
             "isEnabled": true
         },
-        "overrideSubscriptionLevelSettings": false
+        "overrideSubscriptionLevelSettings": true
     }
 }
 ```
 
-To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value `-1`. The default limit is set at 5,000 GB.
+To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value `-1`. The default limit is set at 5,000 GB.
 
-If you want to turn off the **On-upload malware scanning** or **Sensitive data threat detection** features, you can change the `isEnabled` value to `false` under Sensitive data discovery.
+If you want to turn off the **On-upload malware scanning** or **Sensitive data threat detection** features, you can change the `isEnabled` value to `false` under the `malwareScanning` or `sensitiveDataDiscovery` properties sections.
 
-To disable the entire Defender plan, set the `pricingTier` property value to `Free` and remove the `subPlan` and `extensions` properties.
+To disable the entire Defender plan for the storage account, set the `isEnabled` property value to `false` and remove the `malwareScanning` and `sensitiveDataDiscovery` sections from the properties.
 
 Learn more about the [updating Defender plans with the REST API](/rest/api/defenderforcloud/pricings/update) in HTTP, Java, Go and JavaScript.
 
@@ -399,20 +397,18 @@ Request URL:
 
 ```http
 PUT
-https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resourcegroup-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>
-/providers/Microsoft.Security/antiMalwareSettings/current/providers/Microsoft.Insights/
-diagnosticSettings/service?api-version=2021-05-01-preview
+https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{accountName}/providers/Microsoft.Security/DefenderForStorageSettings/current/providers/Microsoft.Insights/diagnosticSettings/service?api-version=2021-05-01-preview
 ```
 
 Request Body:
 
 ```json
 {
     "properties": {
-        "workspaceId": "/subscriptions/704601a1-0ac4-4d5d-aecd-322835fbde2f/resourcegroups/demorg/providers/microsoft.operationalinsights/workspaces/malwarescanningscanresultworkspace",
+        "workspaceId": "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}",
         "logs": [
             {
-                "categoryGroup": "allLogs",
+                "category": "ScanResults",
                 "enabled": true,
                 "retentionPolicy": {
                     "enabled": true,
@@ -443,8 +439,7 @@ Request URL:
 
 ```http
 PUT
-https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resourcegroup-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name> 
-/providers/Microsoft.Security/DefenderForStorageSettings/current?api-version=2022-12-01-preview
+https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{accountName}/providers/Microsoft.Security/DefenderForStorageSettings/current?api-version=2022-12-01-preview
 ```
 
 Request Body:
@@ -458,7 +453,7 @@ Request Body:
                 "isEnabled": true, 
                 "capGBPerMonth": 5000 
             }, 
-            "scanResultsEventGridTopicResourceId": "/subscriptions/704601a1-0ac4-4d5d-aecd-322835fbde2f/resourceGroups/DemoRG/providers/Microsoft.EventGrid/topics/ScanResultsEGCustomTopic" 
+            "scanResultsEventGridTopicResourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.EventGrid/topics/{EventGridTopicName}" 
         }, 
         "sensitiveDataDiscovery": { 
             "isEnabled": true 
@@ -529,7 +524,7 @@ To override Defender for Storage subscription-level settings to configure settin
     
     ```http
     PUT
-    PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/providers/Microsoft.Security/DefenderForStorageSettings/current?api-version=2022-12-01-preview
+    https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/providers/Microsoft.Security/DefenderForStorageSettings/current?api-version=2022-12-01-preview
     ```
     
     Request Body:
