Merge pull request #256589 from dcurwin/may-to-might-oct30-2023

Replace may with might

Author: v-dirichards

articles/defender-for-cloud/adaptive-network-hardening.md

@@ -73,7 +73,7 @@ For example, let's say the existing NSG rule is to allow traffic from 140.20.30.
 
 ## Modify a rule  <a name ="modify-rule"> </a>
 
-You may want to modify the parameters of a rule that has been recommended. For example, you may want to change the recommended IP ranges.
+You might want to modify the parameters of a rule that has been recommended. For example, you might want to change the recommended IP ranges.
 
 Some important guidelines for modifying an adaptive network hardening rule:
 
@@ -126,7 +126,7 @@ To add an adaptive network hardening rule:
 
 ## Delete a rule <a name ="delete-rule"> </a>
 
-When necessary, you can delete a recommended rule for the current session. For example, you may determine that applying a suggested rule could block legitimate traffic.
+When necessary, you can delete a recommended rule for the current session. For example, you might determine that applying a suggested rule could block legitimate traffic.
 
 To delete an adaptive network hardening rule for your current session:
 

articles/defender-for-cloud/agentless-container-registry-vulnerability-assessment.md

@@ -39,7 +39,7 @@ Container vulnerability assessment powered by MDVM (Microsoft Defender Vulnerabi
 The triggers for an image scan are:
 
 - **One-time triggering**:
-  - each image pushed or imported to a container registry is scanned after being pushed or imported to a registry. In most cases, the scan is completed within a few minutes, but sometimes it may take up to an hour.
+  - each image pushed or imported to a container registry is scanned after being pushed or imported to a registry. In most cases, the scan is completed within a few minutes, but sometimes it might take up to an hour.
   - [Preview] each image pulled from a registry is triggered to be scanned within 24 hours.
 
   > [!NOTE]
@@ -73,7 +73,7 @@ A detailed description of the scan process is described as follows:
 
 ## If I remove an image from my registry, how long before vulnerabilities reports on that image would be removed?
 
-Azure Container Registries notifies Defender for Cloud when images are deleted, and removes the vulnerability assessment for deleted images within one hour. In some rare cases, Defender for Cloud may not be notified on the deletion, and deletion of associated vulnerabilities in such cases may take up to three days.
+Azure Container Registries notifies Defender for Cloud when images are deleted, and removes the vulnerability assessment for deleted images within one hour. In some rare cases, Defender for Cloud might not be notified on the deletion, and deletion of associated vulnerabilities in such cases might take up to three days.
 
 ## Next steps
 

articles/defender-for-cloud/alert-validation.md

@@ -187,7 +187,7 @@ You can simulate alerts for resources running on [App Service](/azure/app-servic
     :::image type="content" source="media/alert-validation/storage-atp-navigate-container.png" alt-text="Screenshot showing where to navigate to select a container." lightbox="media/alert-validation/storage-atp-navigate-container.png":::
 
 1. Navigate to an existing container or create a new one.
-1. Upload a file to that container. Avoid uploading any file that may contain sensitive data.
+1. Upload a file to that container. Avoid uploading any file that might contain sensitive data.
 
     :::image type="content" source="media/alert-validation/storage-atp-upload-image.png" alt-text="Screenshot showing where to upload a file to the container." lightbox="media/alert-validation/storage-atp-upload-image.png":::
 

articles/defender-for-cloud/concept-attack-path.md

@@ -27,9 +27,9 @@ Defender for Cloud then uses the generated graph to perform an attack path analy
 
 ## What is attack path analysis?
 
-Attack path analysis is a graph-based algorithm that scans the cloud security graph. The scans expose exploitable paths that attackers may use to breach your environment to reach your high-impact assets. Attack path analysis exposes attack paths and suggests recommendations as to how best remediate issues that will break the attack path and prevent successful breach. 
+Attack path analysis is a graph-based algorithm that scans the cloud security graph. The scans expose exploitable paths that attackers might use to breach your environment to reach your high-impact assets. Attack path analysis exposes attack paths and suggests recommendations as to how best remediate issues that will break the attack path and prevent successful breach. 
 
-When you take your environment's contextual information into account, attack path analysis identifies issues that may lead to a breach on your environment, and helps you to remediate the highest risk ones first.  For example its exposure to the internet, permissions, lateral movement, and more.
+When you take your environment's contextual information into account, attack path analysis identifies issues that might lead to a breach on your environment, and helps you to remediate the highest risk ones first.  For example its exposure to the internet, permissions, lateral movement, and more.
 
 :::image type="content" source="media/concept-cloud-map/attack-path.png" alt-text="Image that shows a sample attack path from attacker to your sensitive data.":::
 

articles/defender-for-cloud/concept-defender-for-cosmos.md

@@ -45,7 +45,7 @@ Alerts include details of the incident that triggered them, and recommendations
 Threat intelligence security alerts are triggered for: 
 
 - **Potential SQL injection attacks**: <br>
-    Due to the structure and capabilities of Azure Cosmos DB queries, many known SQL injection attacks can’t work in Azure Cosmos DB. However, there are some variations of SQL injections that can succeed and may result in exfiltrating data from your Azure Cosmos DB accounts. Defender for Azure Cosmos DB detects both successful and failed attempts, and helps you harden your environment to prevent these threats. 
+    Due to the structure and capabilities of Azure Cosmos DB queries, many known SQL injection attacks can’t work in Azure Cosmos DB. However, there are some variations of SQL injections that can succeed and might result in exfiltrating data from your Azure Cosmos DB accounts. Defender for Azure Cosmos DB detects both successful and failed attempts, and helps you harden your environment to prevent these threats. 
 
 - **Anomalous database access patterns**: <br>
     For example, access from a TOR exit node, known suspicious IP addresses, unusual applications, and unusual locations. 

articles/defender-for-cloud/data-security-posture-enable.md

@@ -38,7 +38,7 @@ Follow these steps to enable data-aware security posture. Don't forget to review
 
 - Don't forget to: [review the requirements](concept-data-security-posture-prepare.md#discovery) for AWS discovery, and [required permissions](concept-data-security-posture-prepare.md#whats-supported).
 - Check that there's no policy that blocks the connection to your Amazon S3 buckets.
-- For RDS instances: cross-account KMS encryption is supported, but additional policies on KMS access may prevent access.
+- For RDS instances: cross-account KMS encryption is supported, but additional policies on KMS access might prevent access.
 
 ### Enable for AWS resources
 

articles/defender-for-cloud/data-security.md

@@ -23,7 +23,7 @@ Defender for Cloud analyzes data from the following sources to provide visibilit
 
 ## Data sharing
 
-When you enable Defender for Storage Malware Scanning, it may share metadata, including metadata classified as customer data (e.g. SHA-256 hash), with Microsoft Defender for Endpoint.
+When you enable Defender for Storage Malware Scanning, it might share metadata, including metadata classified as customer data (e.g. SHA-256 hash), with Microsoft Defender for Endpoint.
 
 ## Data protection
 
@@ -33,7 +33,7 @@ Data is kept logically separate on each component throughout the service. All da
 
 ### Data access
 
-To provide security recommendations and investigate potential security threats, Microsoft personnel may access information collected or analyzed by Azure services, including process creation events, and other artifacts, which may unintentionally include customer data or personal data from your machines.
+To provide security recommendations and investigate potential security threats, Microsoft personnel might access information collected or analyzed by Azure services, including process creation events, and other artifacts, which might unintentionally include customer data or personal data from your machines.
 
 We adhere to the [Microsoft Online Services Data Protection Addendum](https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=17880), which states that Microsoft won't use Customer Data or derive information from it for any advertising or similar commercial purposes. We only use Customer Data as needed to provide you with Azure services, including purposes compatible with providing those services. You retain all rights to Customer Data.
 

articles/defender-for-cloud/defender-for-cloud-planning-and-operations-guide.md

@@ -28,7 +28,7 @@ In the next section, you'll learn how to plan for each one of those areas and ap
 
 ## Security roles and access controls
 
-Depending on the size and structure of your organization, multiple individuals and teams may use Defender for Cloud to perform different security-related tasks. In the following diagram, you have an example of fictitious personas and their respective roles and security responsibilities:
+Depending on the size and structure of your organization, multiple individuals and teams might use Defender for Cloud to perform different security-related tasks. In the following diagram, you have an example of fictitious personas and their respective roles and security responsibilities:
 
 :::image type="content" source="./media/defender-for-cloud-planning-and-operations-guide/defender-for-cloud-planning-and-operations-guide-fig01-new.png" alt-text="Roles.":::
 
@@ -100,7 +100,7 @@ The personas explained in the previous diagram need these Azure Role-based acces
 
 - Subscription Owner/Contributor required to dismiss alerts.
 
-- Access to the workspace may be required.
+- Access to the workspace might be required.
 
 Some other important information to consider:
 
@@ -149,7 +149,7 @@ Defender for Cloud uses the Log Analytics agent and the Azure Monitor Agent to c
 
 When automatic provisioning is enabled in the security policy, the [data collection agent](monitoring-components.md) is installed on all supported Azure VMs and any new supported VMs that are created. If the VM or computer already has the Log Analytics agent installed, Defender for Cloud uses the current installed agent. The agent's process is designed to be non-invasive and have minimal effect on VM performance.
 
-If at some point you want to disable Data Collection, you can turn it off in the security policy. However, because the Log Analytics agent may be used by other Azure management and monitoring services, the agent won't be uninstalled automatically when you turn off data collection in Defender for Cloud. You can manually uninstall the agent if needed.
+If at some point you want to disable Data Collection, you can turn it off in the security policy. However, because the Log Analytics agent might be used by other Azure management and monitoring services, the agent won't be uninstalled automatically when you turn off data collection in Defender for Cloud. You can manually uninstall the agent if needed.
 
 > [!NOTE]
 > To find a list of supported VMs, read the [Defender for Cloud common questions](faq-vms.yml).
@@ -231,7 +231,7 @@ The following example shows a suspicious RDP activity taking place:
 
 :::image type="content" source="./media/defender-for-cloud-planning-and-operations-guide/defender-for-cloud-planning-and-operations-guide-fig5-ga.png" alt-text="Suspicious activity.":::
 
-This page shows the details regarding the time that the attack took place, the source hostname, the target VM and also gives recommendation steps. In some circumstances, the source information of the attack may be empty. Read [Missing Source Information in Defender for Cloud alerts](/archive/blogs/azuresecurity/missing-source-information-in-azure-security-center-alerts) for more information about this type of behavior.
+This page shows the details regarding the time that the attack took place, the source hostname, the target VM and also gives recommendation steps. In some circumstances, the source information of the attack might be empty. Read [Missing Source Information in Defender for Cloud alerts](/archive/blogs/azuresecurity/missing-source-information-in-azure-security-center-alerts) for more information about this type of behavior.
 
 Once you identify the compromised system, you can run a [workflow automation](workflow-automation.md) that was previously created. Workflow automations are a collection of procedures that can be executed from Defender for Cloud once triggered by an alert.
 

articles/defender-for-cloud/defender-for-container-registries-introduction.md

@@ -95,7 +95,7 @@ Yes. If you have an organizational need to ignore a finding, rather than remedia
 
 ### Why is Defender for Cloud alerting me to vulnerabilities about an image that isn’t in my registry?
 
-Defender for Cloud provides vulnerability assessments for every image pushed or pulled in a registry. Some images may reuse tags from an image that was already scanned. For example, you may reassign the tag “Latest” every time you add an image to a digest. In such cases, the ‘old’ image does still exist in the registry and may still be pulled by its digest. If the image has security findings and is pulled, it'll expose security vulnerabilities.
+Defender for Cloud provides vulnerability assessments for every image pushed or pulled in a registry. Some images might reuse tags from an image that was already scanned. For example, you might reassign the tag “Latest” every time you add an image to a digest. In such cases, the ‘old’ image does still exist in the registry and might still be pulled by its digest. If the image has security findings and is pulled, it'll expose security vulnerabilities.
 
 ## Next steps
 

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -41,7 +41,7 @@ Container vulnerability assessment powered by Qualys has the following capabilit
 ## Scan triggers
 
 - **One-time triggering**
-  - Each image pushed/imported to a container registry is scanned shortly after being pushed to a registry. In most cases, the scan is completed within a few minutes, but sometimes it may take up to an hour.
+  - Each image pushed/imported to a container registry is scanned shortly after being pushed to a registry. In most cases, the scan is completed within a few minutes, but sometimes it might take up to an hour.
   - Each image pulled from a container registry is scanned if it wasn't scanned in the last seven days.
 - **Continuous rescan triggering** – Continuous rescan is required to ensure images that have been previously scanned for vulnerabilities are rescanned to update their vulnerability reports in case a new vulnerability is published.
   - **Rescan** is performed once every 7 days for: