status

Author: alexbuckgit

articles/governance/blueprints/samples/iso27001-ase-sql-workload/control-mapping.md

@@ -11,11 +11,7 @@ ms.topic: sample
 The following article details how the Azure Blueprints ISO 27001 ASE/SQL Workload blueprint sample
 maps to the ISO 27001 controls.
 
-The following mappings are to the **ISO 27001:2013** controls. Use the navigation on the right to
-jump directly to a specific control mapping. Many of the mapped controls are implemented with an [Azure Policy](../../../policy/overview.md)
-initiative. To review the complete initiative, open **Policy** in the Azure portal and select the
-**Definitions** page. Then, find and select the **\[Preview\] Audit ISO 27001:2013 controls and deploy
-specific VM Extensions to support audit requirements** built-in policy initiative.
+The following mappings are to the **ISO 27001:2013** controls. Use the navigation on the right to jump directly to a specific control mapping. Many of the mapped controls are implemented with an [Azure Policy](../../../policy/overview.md) initiative. To review the complete initiative, open **Policy** in the Azure portal and select the **Definitions** page. Then, find and select the **\[Preview\] Audit ISO 27001:2013 controls and deploy specific VM Extensions to support audit requirements** built-in policy initiative.
 
 > [!IMPORTANT]
 > Each control below is associated with one or more [Azure Policy](../../../policy/overview.md)
@@ -44,21 +40,13 @@ appropriate separation of duties.
 
 ## A.8.2.1 Classification of information
 
-Azure's [SQL Vulnerability Assessment service](../../../../defender-for-cloud/sql-azure-vulnerability-assessment-overview.md)
-can help you discover sensitive data stored in your databases and includes recommendations to
-classify that data. This blueprint assigns an [Azure Policy](../../../policy/overview.md) definition
-to audit that vulnerabilities identified during SQL Vulnerability Assessment scan are remediated.
+Azure's [SQL Vulnerability Assessment service](../../../../defender-for-cloud/sql-azure-vulnerability-assessment-overview.md) can help you discover sensitive data stored in your databases and includes recommendations to classify that data. This blueprint assigns an [Azure Policy](../../../policy/overview.md) definition to audit that vulnerabilities identified during SQL Vulnerability Assessment scan are remediated.
 
 - Vulnerabilities on your SQL databases should be remediated
 
 ## A.9.1.2 Access to networks and network services
 
-Azure implements [Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-to manage who has access to Azure resources. This blueprint helps you control access to Azure
-resources by assigning seven [Azure Policy](../../../policy/overview.md) definitions. These policies
-audit use of resource types and configurations that may allow more permissive access to resources.
-Understanding resources that are in violation of these policies can help you take corrective actions
-to ensure access Azure resources is restricted to authorized users.
+Azure implements [Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) to manage who has access to Azure resources. This blueprint helps you control access to Azure resources by assigning seven [Azure Policy](../../../policy/overview.md) definitions. These policies audit use of resource types and configurations that may allow more permissive access to resources. Understanding resources that are in violation of these policies can help you take corrective actions to ensure access Azure resources is restricted to authorized users.
 
 - Show audit results from Linux VMs that have accounts without passwords
 - Show audit results from Linux VMs that allow remote connections from accounts without passwords
@@ -104,11 +92,7 @@ corrective action to ensure authenticators aren't compromised.
 
 ## A.9.2.5 Review of user access rights
 
-Azure implements [Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-to help you manage who has access to resources in Azure. Using the Azure portal, you can
-review who has access to Azure resources and their permissions. This blueprint assigns four [Azure
-Policy](../../../policy/overview.md) definitions to audit accounts that should be prioritized for
-review, including depreciated accounts and external accounts with elevated permissions.
+Azure implements [Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) to help you manage who has access to resources in Azure. Using the Azure portal, you can review who has access to Azure resources and their permissions. This blueprint assigns four [Azure Policy](../../../policy/overview.md) definitions to audit accounts that should be prioritized for review, including depreciated accounts and external accounts with elevated permissions.
 
 - Deprecated accounts should be removed from your subscription
 - Deprecated accounts with owner permissions should be removed from your subscription
@@ -117,13 +101,7 @@ review, including depreciated accounts and external accounts with elevated permi
 
 ## A.9.2.6 Removal or adjustment of access rights
 
-Azure implements [Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-to help you manage who has access to resources in Azure. Using [Azure Active
-Directory](../../../../active-directory/fundamentals/active-directory-whatis.md) and Azure RBAC, you can
-update user roles to reflect organizational changes. When needed, accounts can be blocked from
-signing in (or removed), which immediately removes access rights to Azure resources. This blueprint
-assigns two [Azure Policy](../../../policy/overview.md) definitions to audit depreciated account
-that should be considered for removal.
+Azure implements [Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) to help you manage who has access to resources in Azure. Using [Azure Active Directory](../../../../active-directory/fundamentals/active-directory-whatis.md) and Azure RBAC, you can update user roles to reflect organizational changes. When needed, accounts can be blocked from signing in (or removed), which immediately removes access rights to Azure resources. This blueprint assigns two [Azure Policy](../../../policy/overview.md) definitions to audit depreciated account that should be considered for removal.
 
 - Deprecated accounts should be removed from your subscription
 - Deprecated accounts with owner permissions should be removed from your subscription
@@ -156,8 +134,7 @@ with policy.
 
 ## A.10.1.1 Policy on the use of cryptographic controls
 
-This blueprint helps you enforce your policy on the use of cryptograph controls by assigning 13 [Azure Policy](../../../policy/overview.md)
-definitions that enforce specific cryptograph controls and audit use of weak cryptographic settings.
+This blueprint helps you enforce your policy on the use of cryptograph controls by assigning 13 [Azure Policy](../../../policy/overview.md) definitions that enforce specific cryptograph controls and audit use of weak cryptographic settings.
 Understanding where your Azure resources may have non-optimal cryptographic configurations can help
 you take corrective actions to ensure resources are configured in accordance with your information
 security policy. Specifically, the policies assigned by this blueprint require encryption for blob

articles/governance/blueprints/samples/iso27001-shared/control-mapping.md

@@ -46,21 +46,13 @@ appropriate separation of duties.
 ## A.8.2.1 Classification of information
 
 Azure's
-[SQL Vulnerability Assessment service](../../../../defender-for-cloud/sql-azure-vulnerability-assessment-overview.md)
-can help you discover sensitive data stored in your databases and includes recommendations to
-classify that data. This blueprint assigns an [Azure Policy](../../../policy/overview.md) definition
-to audit that vulnerabilities identified during SQL Vulnerability Assessment scan are remediated.
+[SQL Vulnerability Assessment service](../../../../defender-for-cloud/sql-azure-vulnerability-assessment-overview.md) can help you discover sensitive data stored in your databases and includes recommendations to classify that data. This blueprint assigns an [Azure Policy](../../../policy/overview.md) definition to audit that vulnerabilities identified during SQL Vulnerability Assessment scan are remediated.
 
 - Vulnerabilities on your SQL databases should be remediated
 
 ## A.9.1.2 Access to networks and network services
 
-[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-helps to manage who has access to Azure resources. This blueprint helps you control access to Azure
-resources by assigning seven [Azure Policy](../../../policy/overview.md) definitions. These policies
-audit use of resource types and configurations that may allow more permissive access to resources.
-Understanding resources that are in violation of these policies can help you take corrective actions
-to ensure access Azure resources is restricted to authorized users.
+[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) helps to manage who has access to Azure resources. This blueprint helps you control access to Azure resources by assigning seven [Azure Policy](../../../policy/overview.md) definitions. These policies audit use of resource types and configurations that may allow more permissive access to resources. Understanding resources that are in violation of these policies can help you take corrective actions to ensure access Azure resources is restricted to authorized users.
 
 - Show audit results from Linux VMs that have accounts without passwords
 - Show audit results from Linux VMs that allow remote connections from accounts without passwords
@@ -107,11 +99,7 @@ corrective action to ensure authenticators aren't compromised.
 
 ## A.9.2.5 Review of user access rights
 
-[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-helps you manage who has access to resources in Azure. Using the Azure portal, you can review who
-has access to Azure resources and their permissions. This blueprint assigns four [Azure
-Policy](../../../policy/overview.md) definitions to audit accounts that should be prioritized for
-review, including depreciated accounts and external accounts with elevated permissions.
+[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) helps you manage who has access to resources in Azure. Using the Azure portal, you can review who has access to Azure resources and their permissions. This blueprint assigns four [Azure Policy](../../../policy/overview.md) definitions to audit accounts that should be prioritized for review, including depreciated accounts and external accounts with elevated permissions.
 
 - Deprecated accounts should be removed from your subscription
 - Deprecated accounts with owner permissions should be removed from your subscription
@@ -120,13 +108,8 @@ review, including depreciated accounts and external accounts with elevated permi
 
 ## A.9.2.6 Removal or adjustment of access rights
 
-[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-helps you manage who has access to resources in Azure. Using [Azure Active
-Directory](../../../../active-directory/fundamentals/active-directory-whatis.md) and Azure RBAC, you
-can update user roles to reflect organizational changes. When needed, accounts can be blocked from
-signing in (or removed), which immediately removes access rights to Azure resources. This blueprint
-assigns two [Azure Policy](../../../policy/overview.md) definitions to audit depreciated account
-that should be considered for removal.
+[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) helps you manage who has access to resources in Azure. Using [Azure Active
+Directory](../../../../active-directory/fundamentals/active-directory-whatis.md) and Azure RBAC, you can update user roles to reflect organizational changes. When needed, accounts can be blocked from signing in (or removed), which immediately removes access rights to Azure resources. This blueprint assigns two [Azure Policy](../../../policy/overview.md) definitions to audit depreciated account that should be considered for removal.
 
 - Deprecated accounts should be removed from your subscription
 - Deprecated accounts with owner permissions should be removed from your subscription

articles/governance/blueprints/samples/iso27001-shared/index.md

@@ -13,8 +13,7 @@ and policy guardrails that help toward ISO 27001 attestation. This blueprint hel
 cloud-based architectures that offer solutions to scenarios that have accreditation or compliance
 requirements.
 
-The [ISO 27001 App Service Environment/SQL Database workload](../iso27001-ase-sql-workload/index.md)
-blueprint sample extends this sample.
+The [ISO 27001 App Service Environment/SQL Database workload](../iso27001-ase-sql-workload/index.md) blueprint sample extends this sample.
 
 ## Architecture
 

articles/governance/blueprints/samples/swift-2020/control-mapping.md

@@ -32,11 +32,7 @@ audit requirements** built-in policy initiative.
 
 ## 1.2 and 5.1 Account Management
 
-This blueprint helps you review accounts that may not comply with your organization's account
-management requirements. This blueprint assigns [Azure Policy](../../../policy/overview.md)
-definitions that audit external accounts with read, write and owner permissions on a subscription
-and deprecated accounts. By reviewing the accounts audited by these policies, you can take
-appropriate action to ensure account management requirements are met.
+This blueprint helps you review accounts that may not comply with your organization's account management requirements. This blueprint assigns [Azure Policy](../../../policy/overview.md) definitions that audit external accounts with read, write and owner permissions on a subscription and deprecated accounts. By reviewing the accounts audited by these policies, you can take appropriate action to ensure account management requirements are met.
 
 - Deprecated accounts should be removed from your subscription
 - Deprecated accounts with owner permissions should be removed from your subscription
@@ -91,12 +87,7 @@ separation of duties.
 
 ## 1.3, 5.1, and 6.4 Least Privilege | Review of User Privileges
 
-[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md)
-helps you manage who has access to resources in Azure. Using the Azure portal, you can review who
-has access to Azure resources and their permissions. This blueprint assigns
-[Azure Policy](../../../policy/overview.md) definitions to audit accounts that should be prioritized
-for review. Reviewing these account indicators can help you ensure least privilege controls are
-implemented.
+[Azure role-based access control (Azure RBAC)](../../../../role-based-access-control/overview.md) helps you manage who has access to resources in Azure. Using the Azure portal, you can review who has access to Azure resources and their permissions. This blueprint assigns [Azure Policy](../../../policy/overview.md) definitions to audit accounts that should be prioritized for review. Reviewing these account indicators can help you ensure least privilege controls are implemented.
 
 - A maximum of 3 owners should be designated for your subscription
 - Show audit results from Windows VMs that are not joined to the specified domain
@@ -210,12 +201,7 @@ been configured.
 
 ## 1.1 User-Installed Software
 
-Adaptive application control in Azure Security Center is an intelligent, automated end-to-end
-application filtering solution that can block or prevent specific software from running on your
-virtual machines. Application control can help you enforce and monitor compliance with software
-restriction policies. This blueprint assigns an [Azure Policy](../../../policy/overview.md)
-definition that helps you monitor virtual machines where an application allowlist is recommended
-but has not yet been configured.
+Adaptive application control in Azure Security Center is an intelligent, automated end-to-end application filtering solution that can block or prevent specific software from running on your virtual machines. Application control can help you enforce and monitor compliance with software restriction policies. This blueprint assigns an [Azure Policy](../../../policy/overview.md) definition that helps you monitor virtual machines where an application allowlist is recommended but has not yet been configured.
 
 - Adaptive application controls for defining safe applications should be enabled on your machines
 - Virtual machines should be migrated to new Azure Resource Manager resources

articles/governance/management-groups/azure-management.md

@@ -43,11 +43,7 @@ covers the different services used at [Monitoring Azure applications and resourc
 
 ## Configure
 
-Configure refers to the initial deployment and configuration of resources and ongoing maintenance.
-Automation of these tasks allows you to eliminate redundancy, minimizing your time and effort and
-increasing your accuracy and efficiency. [Azure Automation](../../automation/overview.md)
-provides the bulk of services for automating configuration tasks. While runbooks handle process
-automation, configuration and update management help manage configuration.
+Configure refers to the initial deployment and configuration of resources and ongoing maintenance. Automation of these tasks allows you to eliminate redundancy, minimizing your time and effort and increasing your accuracy and efficiency. [Azure Automation](../../automation/overview.md) provides the bulk of services for automating configuration tasks. While runbooks handle process automation, configuration and update management help manage configuration.
 
 ## Govern