Merge pull request #259311 from dcurwin/wi-185240-servicenow-requirements-nov22-2023

PMEds28 · web-flow · commit 343fff68f04e · 2023-11-22T10:11:15.000Z
Change to security admin
diff --git a/articles/defender-for-cloud/integration-servicenow.md b/articles/defender-for-cloud/integration-servicenow.md
@@ -12,15 +12,15 @@ ms.date: 11/13/2023
 
 ServiceNow is a cloud-based workflow automation and enterprise-oriented solution that enables organizations to manage and track digital workflows within a unified, robust platform. ServiceNow helps to improve operational efficiencies by streamlining and automating routine work tasks and delivers resilient services that help increase your productivity.  
 
-ServiceNow is now integrated with Microsoft Defender for Cloud, which enables customers to connect ServiceNow to their Defender for Cloud environment to prioritize remediation of recommendations that impact your business. Microsoft Defender for Cloud integrates with the ITSM module (incident management). As part of this connection, customers will be able to create/view ServiceNow tickets (linked to recommendations) from Microsoft Defender for Cloud.   
+ServiceNow is now integrated with Microsoft Defender for Cloud, which enables customers to connect ServiceNow to their Defender for Cloud environment to prioritize remediation of recommendations that impact your business. Microsoft Defender for Cloud integrates with the ITSM module (incident management). As part of this connection, customers can create/view ServiceNow tickets (linked to recommendations) from Microsoft Defender for Cloud.
 
 ## Common use cases and scenarios
 
-As part of the integration, you can create and monitor tickets in ServiceNow directly from Microsoft Defender for Cloud:   
+As part of the integration, you can create and monitor tickets in ServiceNow directly from Microsoft Defender for Cloud:
 
-- **Incident**: An incident is an unplanned interruption of reduction in the quality of an IT service. It can be reported by a user or monitoring system. ServiceNow’s incident management module helps IT teams track and manage incidents, from initial reporting to resolution. 
-- **Problem**: A problem is the underlying cause of one or more incidents. It’s often a recurring or persistent issue that needs to be addressed to prevent future incidents.   
-- **Change**: A change is a planned alternation or addition to an IT service or its supporting infrastructure. A change management module helps IT teams plan, approve, and execute changes in a controlled and systematic manner. It minimizes the risk of service disruptions and maintains service quality.   
+- **Incident**: An incident is an unplanned interruption of reduction in the quality of an IT service. It can be reported by a user or monitoring system. ServiceNow’s incident management module helps IT teams track and manage incidents, from initial reporting to resolution.
+- **Problem**: A problem is the underlying cause of one or more incidents. It’s often a recurring or persistent issue that needs to be addressed to prevent future incidents.
+- **Change**: A change is a planned alternation or addition to an IT service or its supporting infrastructure. A change management module helps IT teams plan, approve, and execute changes in a controlled and systematic manner. It minimizes the risk of service disruptions and maintains service quality.
 
 ## Preview prerequisites
 
@@ -32,42 +32,42 @@ As part of the integration, you can create and monitor tickets in ServiceNow dir
 
 ## Create an application registry in ServiceNOW
 
-To onboard ServiceNow to Defender for Cloud, you need a Client ID and Client Secret for the ServiceNow instance. If you don't have a Client ID and Client Secret, follow these steps to create them: 
+To onboard ServiceNow to Defender for Cloud, you need a Client ID and Client Secret for the ServiceNow instance. If you don't have a Client ID and Client Secret, follow these steps to create them:
 
 1. Sign in to ServiceNow with an account that has permission to modify the Application Registry.
-1. Browse to **System OAuth**, click **Application Registry**.
+1. Browse to **System OAuth**, and select **Application Registry**.
 
    :::image type="content" border="true" source="./media/integration-servicenow/app-registry.png" alt-text="Screenshot of application registry.":::
 
-1. In the upper right corner, click **New**.
+1. In the upper right corner, select **New**.
 
    :::image type="content" border="true" source="./media/integration-servicenow/new.png" alt-text="Screenshot of where to start a new instance.":::
 
 1. Select **Create an OAuth API endpoint for external clients**.
 
    :::image type="content" border="true" source="./media/integration-servicenow/endpoint.png" alt-text="Screenshot of where to create an OAUTH API endpoint.":::
 
-1. Complete the OAuth Client application details to create a Client ID and Client 
+1. Complete the OAuth Client application details to create a Client ID and Client
 Secret:
    - **Name**: A descriptive name (for example, MDCIntegrationSNOW)
    - **Client ID**: Client ID is automatically generated by the ServiceNow OAuth server.
    - **Client Secret**: Enter a secret, or leave it blank to automatically generate the Client Secret for the OAuth application.
-   - **Refresh Token Lifespan**: Time in seconds that the refresh token is valid. 
+   - **Refresh Token Lifespan**: Time in seconds that the refresh token is valid.
    - **Access Token Lifespan**: Time in seconds that the access token is valid.
 
    >[!NOTE]
    >The default value of Refresh Token Lifespan is too small. Increase the value as much as possible so that you don't need to refresh the token soon.
 
    :::image type="content" border="true" source="./media/integration-servicenow/app-details.png" alt-text="Screenshot of application details.":::
 
-1. Click **Submit** to save the API Client ID and Client Secret. 
+1. Select **Submit** to save the API Client ID and Client Secret.
 
 After you complete these steps, you can use this integration name (MDCIntegrationSNOW in our example) to connect ServiceNow to Microsoft Defender for Cloud.
 
 ## Create ServiceNow Integration with Microsoft Defender for Cloud
 
-1. Sign in to [the Azure portal](https://aka.ms/integrations) as at least a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) and navigate to **Microsoft Defender for Cloud** > **Environment settings**.
-1. Click **Integrations** to connect your environment to a third-party ticketing system, which is ServiceNow in this scenario.
+1. Sign in to [the Azure portal](https://aka.ms/integrations) as at least a Security Admin and navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+1. Select **Integrations** to connect your environment to a third-party ticketing system, which is ServiceNow in this scenario.
 
    :::image type="content" border="true" source="./media/integration-servicenow/integrations.png" alt-text="Screenshot of integrations.":::
 
@@ -76,44 +76,44 @@ After you complete these steps, you can use this integration name (MDCIntegratio
    :::image type="content" border="true" source="./media/integration-servicenow/add-servicenow.png" alt-text="Screenshot of how to add ServiceNow.":::
 
    Use the instance URL, name, password, Client ID, and Client Secret that you previously created for the application registry to help complete the ServiceNow general information.
-   
-   Based on your permissions, you can create an **Integration** by using: 
-   
+
+   Based on your permissions, you can create an **Integration** by using:
+
    - Management group
    - Subscription (API only, to reduce subscription level onboardings)
    - Master connector
-   - Connector 
+   - Connector
 
-   For simplicity, We recommend creating the integration on the higher scope based on the user permissions. For example, if you have permission for a management group, you could create a single integration of a management group rather than create integrations in each one of the subscriptions. 
+   For simplicity, We recommend creating the integration on the higher scope based on the user permissions. For example, if you have permission for a management group, you could create a single integration of a management group rather than create integrations in each one of the subscriptions.
 
 1. Choose **Default** or **Customized** based on your requirement.
-   
+
    The default option creates a Title, Description and Short description in the backend. The customized option lets you choose other fields such as **Incident data**, **Problems data**, and **Changes data**.
 
    :::image type="content" border="true" source="./media/integration-servicenow/customize-fields.png" alt-text="Screenshot of how to customize fields.":::
 
-   If you click the drop-down menu, you see **Assigned to**, **Caller**,  and **Short description** are grayed out because those are necessary fields. You can choose other fields such as **Assignment group**, **Description**, **Impact**, or **Urgency**.
+   If you select the drop-down menu, you see **Assigned to**, **Caller**,  and **Short description** are grayed out because those are necessary fields. You can choose other fields such as **Assignment group**, **Description**, **Impact**, or **Urgency**.
 
    :::image type="content" border="true" source="./media/integration-servicenow/customize-fields.png" alt-text="Screenshot of how to customize fields.":::
 
-1. A notice appears after successful creation of integration. 
+1. A notice appears after successful creation of integration.
 
    :::image type="content" border="true" source="./media/integration-servicenow/notice.png" alt-text="Screenshot of notice after successful creation of integration.":::
 
-You can review the integrations in ARG both on the individual integration or on all integrations. 
+You can review the integrations in ARG both on the individual integration or on all integrations.
 
 :::image type="content" border="true" source="./media/integration-servicenow/all-integrations.png" alt-text="Screenshot of all integrations.":::
 
-You can review an integration, or all integrations, in [Azure Resource Graph (ARG)](/azure/governance/resource-graph), an Azure service that gives you the ability to query across multiple subscriptions. On the Integrations page, click **Open in ARG** to explore the details in ARG.
+You can review an integration, or all integrations, in [Azure Resource Graph (ARG)](/azure/governance/resource-graph), an Azure service that gives you the ability to query across multiple subscriptions. On the Integrations page, select **Open in ARG** to explore the details in ARG.
 
 :::image type="content" border="true" source="./media/integration-servicenow/open.png" alt-text="Screenshot of how to open in ARG.":::
 
 ## Create a new ticket from Microsoft Defender for Cloud recommendation to ServiceNow
 
 Security admins can now create and assign tickets directly from the Microsoft Defender for Cloud portal.
 
-1. Navigate to **Microsoft Defender for Cloud** > **Recommendations** and select any recommendation with unhealthy resources that you want to create a ServiceNow ticket for and assign an owner to. 
-1. Click the resource from the unhealthy resources and click **Create assignment**.
+1. Navigate to **Microsoft Defender for Cloud** > **Recommendations** and select any recommendation with unhealthy resources that you want to create a ServiceNow ticket for and assign an owner to.
+1. Select the resource from the unhealthy resources and select **Create assignment**.
 
    :::image type="content" border="true" source="./media/integration-servicenow/create-assignment.png" alt-text="Screenshot of how to create an assignment.":::
 
@@ -124,16 +124,16 @@ Security admins can now create and assign tickets directly from the Microsoft De
    - ServiceNow ticket type – Choose **incident**, **change request**, or **problem**.
 
    >[!NOTE]
-   >In ServiceNow, there are several types of tickets that can be used to manage and track different types of incidents, requests, and tasks. Only incident, change request, and problem are supported with this integration. 
+   >In ServiceNow, there are several types of tickets that can be used to manage and track different types of incidents, requests, and tasks. Only incident, change request, and problem are supported with this integration.
 
    :::image type="content" border="true" source="./media/integration-servicenow/assignment-type.png" alt-text="Screenshot of how to complete the assignment type.":::
 
    To assign an affected recommendation to an owner who resides in ServiceNow, we provide a new unified experience for all platforms. Under **Assignment details**, complete the following fields:
-   
-   - **Assigned to**: Choose the owner whom you would like to assign the affected recommendation to. 
-   - **Caller**: Represents the user defining the assignment. 
-   - **Description and Short Description**: If you chose a default integration earlier, description, and short description are automatically completed. 
-   - **Remediation timeframe**: Choose the remediation timeframe to desired deadline for the recommendation to be remediated. 
+
+   - **Assigned to**: Choose the owner whom you would like to assign the affected recommendation to.
+   - **Caller**: Represents the user defining the assignment.
+   - **Description and Short Description**: If you chose a default integration earlier, description, and short description are automatically completed.
+   - **Remediation timeframe**: Choose the remediation timeframe to desired deadline for the recommendation to be remediated.
    - **Apply Grace Period**: You can apply a grace period so that the resources that are given a due date don’t affect your Secure Score until they’re overdue.
    - **Set Email Notifications**: You can send a reminder to the owners or the owner’s direct manager.
 
@@ -143,19 +143,19 @@ Security admins can now create and assign tickets directly from the Microsoft De
 
    :::image type="content" border="true" source="./media/integration-servicenow/ticket.png" alt-text="Screenshot of a ticket ID.":::
 
-   Click the Ticket ID to go to the newly created incident in the ServiceNow portal.
+   Select the Ticket ID to go to the newly created incident in the ServiceNow portal.
 
    :::image type="content" border="true" source="./media/integration-servicenow/incident.png" alt-text="Screenshot of an incident.":::
 
    >[!NOTE]
-   >When integration is deleted, all the assignments will be deleted. It could take up to 24 hrs. 
+   >When integration is deleted, all the assignments will be deleted. It could take up to 24 hrs.
 
 ## Bidirectional synchronization  
 
 ServiceNow and Microsoft Defender for Cloud automatically synchronize the status of the tickets between the platforms, which includes:
 
-- A verification that a ticket state is still **In progress**. If the ticket state is changed to **Resolved**, **Cancelled**, or **Closed** in ServiceNow, the change is synchronized to Microsoft Defender for Cloud and delete the assignment.
-- When the ticket owner is changed in ServiceNow, the assignment owner is updated in Microsoft Defender for Cloud. 
+- A verification that a ticket state is still **In progress**. If the ticket state is changed to **Resolved**, **Canceled**, or **Closed** in ServiceNow, the change is synchronized to Microsoft Defender for Cloud and delete the assignment.
+- When the ticket owner is changed in ServiceNow, the assignment owner is updated in Microsoft Defender for Cloud.
 
 >[!NOTE]
 >Synchronization occurs every 24 hrs.
