Merge pull request #263931 from dcurwin/fix-formatting-jan23-2024

Fix formatting

Author: PMEds28

articles/defender-for-cloud/continuous-export.md

@@ -6,7 +6,7 @@ ms.author: dacurwin
 ms.topic: how-to
 ms.date: 06/19/2023
 ---
-# Continuously export Microsoft Defender for Cloud data 
+# Continuously export Microsoft Defender for Cloud data
 
 Microsoft Defender for Cloud generates detailed security alerts and recommendations. To analyze the information in these alerts and recommendations, you can export them to Azure Log Analytics, Event Hubs, or to another [SIEM, SOAR, or IT classic deployment model solution](export-to-siem.md). You can stream the alerts and recommendations as they're generated or define a schedule to send periodic snapshots of all of the new data.
 
@@ -122,7 +122,7 @@ Automating your organization's monitoring and incident response processes can gr
 
 To deploy your continuous export configurations across your organization, use the supplied Azure Policy 'DeployIfNotExist' policies to create and configure continuous export procedures.
 
-**To implement these policies**
+**To implement these policies**:
 
 1. Select the policy you want to apply from this table:
 
@@ -136,7 +136,7 @@ To deploy your continuous export configurations across your organization, use th
     >
     > 1. Open Azure Policy.
     > :::image type="content" source="./media/continuous-export/opening-azure-policy.png" alt-text="Accessing Azure Policy.":::
-    > 2. From the Azure Policy menu, select **Definitions** and search for them by name.
+    > 1. From the Azure Policy menu, select **Definitions** and search for them by name.
 
 1. From the relevant Azure Policy page, select **Assign**.
     :::image type="content" source="./media/continuous-export/export-policy-assign.png" alt-text="Assigning the Azure Policy.":::
@@ -182,7 +182,7 @@ To export data to an Azure Event Hubs or Log Analytics workspace in a different
 1. In the tenant that has the Azure Event Hubs or Log Analytics workspace, [invite a user](../active-directory/external-identities/what-is-b2b.md#easily-invite-guest-users-from-the-azure-portal) from the tenant that hosts the continuous export configuration, or alternatively configure Azure Lighthouse for the source and destination tenant.
 1. If using Microsoft Entra B2B Guest access, ensure that the user accepts the invitation to access the tenant as a guest.
 1. If you're using a Log Analytics Workspace, assign the user in the workspace tenant one of these roles: Owner, Contributor, Log Analytics Contributor, Sentinel Contributor, or Monitoring Contributor.
-1. Create and submit the request to the Azure REST API to configure the required resources. You'll need to manage the bearer tokens in both the context of the local (workspace) and the remote (continuous export) tenant. 
+1. Create and submit the request to the Azure REST API to configure the required resources. You'll need to manage the bearer tokens in both the context of the local (workspace) and the remote (continuous export) tenant.
 
 ## Continuously export to an event hub behind a firewall
 

articles/defender-for-cloud/custom-dashboards-azure-workbooks.md

@@ -256,8 +256,8 @@ To move workbooks that you've built in other Azure services into your Microsoft
 
 1. Enter the required details for saving the workbook:
    1. A name for the workbook
-   2. The desired region
-   3. Subscription, resource group, and sharing as appropriate.
+   1. The desired region
+   1. Subscription, resource group, and sharing as appropriate.
 
 You'll find your saved workbook in the **Recently modified workbooks** category.
 
@@ -268,5 +268,3 @@ This article described Defender for Cloud's integrated Azure Workbooks page with
 - Learn more about [Azure Workbooks](../azure-monitor/visualize/workbooks-overview.md)
 
 - The built-in workbooks pull their data from Defender for Cloud's recommendations. Learn about the many security recommendations in [Security recommendations - a reference guide](recommendations-reference.md)
-
-

articles/defender-for-cloud/defender-for-apis-posture.md

@@ -9,7 +9,7 @@ ms.date: 11/02/2023
 ---
 # Investigate API findings, recommendations, and alerts
 
-This article describes how to investigate API security findings, alerts, and security posture recommendations for APIs protected by [Microsoft Defender for APIs](defender-for-apis-introduction.md). 
+This article describes how to investigate API security findings, alerts, and security posture recommendations for APIs protected by [Microsoft Defender for APIs](defender-for-apis-introduction.md).
 
 ## Before you start
 
@@ -35,14 +35,16 @@ This article describes how to investigate API security findings, alerts, and sec
     :::image type="content" source="media/defender-for-apis-posture/resource-health.png" alt-text="Screenshot that shows the health of an endpoint." lightbox="media/defender-for-apis-posture/resource-health.png":::
 
 ## Remediate recommendations using Workflow Automation
-You can remediate recommendations generated by Defender for APIs using workflow automations. 
+
+You can remediate recommendations generated by Defender for APIs using workflow automations.
+
 1. In an eligible recommendation, select one or more unhealthy resources.
-2. Select **Trigger logic app**.
-3. Confirm the **Selected subscription**.
-4. Select a relevant logic app from the list.
-5. Select **Trigger**.
+1. Select **Trigger logic app**.
+1. Confirm the **Selected subscription**.
+1. Select a relevant logic app from the list.
+1. Select **Trigger**.
 
-You can browse the [Microsoft Defender for Cloud GitHub](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation/Defender%20for%20API) repository for available workflow automation. 
+You can browse the [Microsoft Defender for Cloud GitHub](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation/Defender%20for%20API) repository for available workflow automation.
 
 ## Create sample security alerts
 
@@ -59,7 +61,7 @@ In Defender CSPM, [Cloud Security Graph](concept-attack-path.md) collects data t
 When the Defender CSPM plan is enabled together with Defender for APIs, you can use Cloud Security Explorer to identify, review and analyze API security risks across your organization.
 
 1. In the Defender for Cloud portal, select **Cloud Security Explorer**.
-1. In **What would you like to search?** select the **APIs** category. 
+1. In **What would you like to search?** select the **APIs** category.
 1. Review the search results so that you can review, prioritize, and fix any API issues.
 1. Alternatively, you can select one of the templated API queries to see high risk issues like **Internet exposed API endpoints with sensitive data** or **APIs communicating over unencrypted protocols with unauthenticated API endpoints**
 

articles/defender-for-cloud/iac-template-mapping.md

@@ -6,7 +6,8 @@ ms.topic: how-to
 ms.custom: ignite-2023
 ---
 
-# Map Infrastructure as Code Templates to Cloud Resources
+# Map Infrastructure as Code templates to cloud resources
+
 Mapping Infrastructure as Code (IaC) templates to cloud resources ensures consistent, secure, and auditable infrastructure provisioning. It enables rapid response to security threats and a security-by-design approach. If there are misconfigurations in runtime resources, this mapping allows remediation at the template level, ensuring no drift and facilitating deployment via CI/CD methodology.
 
 ## Prerequisites
@@ -18,26 +19,27 @@ To allow Microsoft Defender for Cloud to map Infrastructure as Code template to
 - [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) enabled.
 - Configure your Azure Pipelines to run [Microsoft Security DevOps Azure DevOps extension](azure-devops-extension.md).
 - Tag your supported Infrastructure as Code templates and your cloud resources. (Open-source tools like [Yor_trace](https://github.com/bridgecrewio/yor) can be used to automatically tag Infrastructure as Code templates)
-   - Supported cloud platforms: AWS, Azure, GCP.
-   - Supported source code management systems: Azure DevOps.
-   - Supported template languages: Azure Resource Manager, Bicep, CloudFormation, Terraform.
+  - Supported cloud platforms: AWS, Azure, GCP.
+  - Supported source code management systems: Azure DevOps.
+  - Supported template languages: Azure Resource Manager, Bicep, CloudFormation, Terraform.
 
 > [!NOTE]
 > Microsoft Defender for Cloud will only use the following tags from Infrastructure as Code templates for mapping:
+
 > - yor_trace
 > - mapping_tag
 
-## See the mapping between your IaC template and your cloud resources 
+## See the mapping between your IaC template and your cloud resources
 
 To see the mapping between your IaC template and your cloud resources in the [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md):
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Go to **Microsoft Defender for Cloud** > **Cloud Security Explorer**.
-3. Search for and select all your cloud resources from the drop-down menu.
-4. Select + to add other filters to your query.
-5. Add the subfilter **Provisioned by** from the category **Identity & Access**.
-6. Select **Code repositories** from the category **DevOps**.
-7. After building your query, select **Search** to run the query.
+1. Go to **Microsoft Defender for Cloud** > **Cloud Security Explorer**.
+1. Search for and select all your cloud resources from the drop-down menu.
+1. Select + to add other filters to your query.
+1. Add the subfilter **Provisioned by** from the category **Identity & Access**.
+1. Select **Code repositories** from the category **DevOps**.
+1. After building your query, select **Search** to run the query.
 
 Alternatively, you can use the built-in template named “Cloud resources provisioned by IaC templates with high severity misconfigurations”.
 
@@ -50,11 +52,11 @@ Alternatively, you can use the built-in template named “Cloud resources provis
 
 To create sample IaC mapping tags within your code repositories, follow these steps:
 
-1. Add an **IaC template with tags** to your repository. To use an example template, see [here](https://github.com/microsoft/security-devops-azdevops/tree/main/samples/IaCMapping). 
-2. Select **save** to commit directly to the main branch or create a new branch for this commit.
-3. Include the **Microsoft Security DevOps** task in your Azure pipeline.
-4. Verify that the **pipeline logs** show a finding saying **“An IaC tag(s) was found on this resource”**. This means that Defender for Cloud successfully discovered tags.
+1. Add an **IaC template with tags** to your repository. To use an example template, see [here](https://github.com/microsoft/security-devops-azdevops/tree/main/samples/IaCMapping).
+1. Select **save** to commit directly to the main branch or create a new branch for this commit.
+1. Include the **Microsoft Security DevOps** task in your Azure pipeline.
+1. Verify that the **pipeline logs** show a finding saying **“An IaC tag(s) was found on this resource”**. This means that Defender for Cloud successfully discovered tags.
 
 ## Next steps
 
-- Learn more about [DevOps security in Defender for Cloud](defender-for-devops-introduction.md).
+- Learn more about [DevOps security in Defender for Cloud](defender-for-devops-introduction.md).

articles/defender-for-cloud/iac-vulnerabilities.md

@@ -1,6 +1,5 @@
 ---
 title: Discover misconfigurations in Infrastructure as Code
-
 description: Learn how to use DevOps security in Defender for Cloud to discover misconfigurations in Infrastructure as Code (IaC)
 ms.date: 01/24/2023
 ms.topic: how-to
@@ -20,9 +19,9 @@ Once you have set up the Microsoft Security DevOps GitHub action or Azure DevOps
 
 ## Configure IaC scanning and view the results in GitHub
 
-1. Sign in to [GitHub](https://www.github.com). 
+1. Sign in to [GitHub](https://www.github.com).
 
-1. Navigate to **`your repository's home page`** > **.github/workflows** > **msdevopssec.yml** that was created in the [prerequisites](github-action.md#configure-the-microsoft-security-devops-github-action-1).    
+1. Navigate to **`your repository's home page`** > **.github/workflows** > **msdevopssec.yml** that was created in the [prerequisites](github-action.md#configure-the-microsoft-security-devops-github-action-1).
 
 1. Select **Edit file**.
 
@@ -35,26 +34,26 @@ Once you have set up the Microsoft Security DevOps GitHub action or Azure DevOps
         categories: 'IaC'
     ```
 
-    > [!NOTE] 
+    > [!NOTE]
     > Categories are case sensitive.
     :::image type="content" source="media/tutorial-iac-vulnerabilities/add-to-yaml.png" alt-text="Screenshot that shows the information that needs to be added to the yaml file.":::
 
-1. Select **Start Commit** 
+1. Select **Start Commit**.
 
 1. Select **Commit changes**.
 
-    :::image type="content" source="media/tutorial-iac-vulnerabilities/commit-change.png" alt-text="Screenshot that shows where to select commit change on the githib page.":::
+    :::image type="content" source="media/tutorial-iac-vulnerabilities/commit-change.png" alt-text="Screenshot that shows where to select commit change on the GitHub page.":::
 
 1. (Optional) Add an IaC template to your repository. Skip if you already have an IaC template in your repository.
 
     For example, [commit an IaC template to deploy a basic Linux web application](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/webapp-basic-linux) to your repository.
 
     1. Select `azuredeploy.json`.
-    
+
         :::image type="content" source="media/tutorial-iac-vulnerabilities/deploy-json.png" alt-text="Screenshot that shows where the azuredeploy.json file is located.":::
 
-    1. Select **Raw**
-    
+    1. Select **Raw**.
+
     1. Copy all the information in the file.
 
         ```json
@@ -129,33 +128,32 @@ Once you have set up the Microsoft Security DevOps GitHub action or Azure DevOps
           ]
         }
         ```
-    
+
     1. On GitHub, navigate to your repository.
-    
+
     1. **Select Add file** > **Create new file**.
-    
+
         :::image type="content" source="media/tutorial-iac-vulnerabilities/create-file.png" alt-text="Screenshot that shows you where to navigate to, to create a new file." lightbox="media/tutorial-iac-vulnerabilities/create-file.png":::
 
     1. Enter a name for the file.
-    
+
     1. Paste the copied information into the file.
-    
+
     1. Select **Commit new file**.
-    
+
     The file is now added to your repository.
 
     :::image type="content" source="media/tutorial-iac-vulnerabilities/file-added.png" alt-text="Screenshot that shows that the new file you created has been added to your repository.":::
 
-
 1. Confirm the Microsoft Security DevOps scan completed:
-    1. Select **Actions**. 
-    2. Select the workflow to see the results.
+    1. Select **Actions**.
+    1. Select the workflow to see the results.
 
 1. Navigate to **Security** > **Code scanning alerts** to view the results of the scan (filter by tool as needed to see just the IaC findings).
 
 ## Configure IaC scanning and view the results in Azure DevOps
 
-**To view the results of the IaC scan in Azure DevOps**
+**To view the results of the IaC scan in Azure DevOps**:
 
 1. Sign in to [Azure DevOps](https://dev.azure.com/).
 
@@ -176,19 +174,19 @@ Once you have set up the Microsoft Security DevOps GitHub action or Azure DevOps
 
     :::image type="content" source="media/tutorial-iac-vulnerabilities/addition-to-yaml.png" alt-text="Screenshot showing you where to add this line to the YAML file.":::
 
-1.  Select **Save**.
+1. Select **Save**.
 
 1. (Optional) Add an IaC template to your repository. Skip if you already have an IaC template in your repository.
 
-1.  Select **Save** to commit directly to the main branch or Create a new branch for this commit.
+1. Select **Save** to commit directly to the main branch or Create a new branch for this commit.
 
-1.  Select **Pipeline** > **`Your created pipeline`** to view the results of the IaC scan.
+1. Select **Pipeline** > **`Your created pipeline`** to view the results of the IaC scan.
 
 1. Select any result to see the details.
 
 ## View details and remediation information on IaC rules included with Microsoft Security DevOps
 
-The IaC scanning tools that are included with Microsoft Security DevOps, are [Template Analyzer](https://github.com/Azure/template-analyzer) (which contains [PSRule](https://aka.ms/ps-rule-azure)) and [Terrascan](https://github.com/tenable/terrascan). 
+The IaC scanning tools that are included with Microsoft Security DevOps, are [Template Analyzer](https://github.com/Azure/template-analyzer) (which contains [PSRule](https://aka.ms/ps-rule-azure)) and [Terrascan](https://github.com/tenable/terrascan).
 
 Template Analyzer runs rules on ARM and Bicep templates. You can learn more about [Template Analyzer's rules and remediation details](https://github.com/Azure/template-analyzer/blob/main/docs/built-in-rules.md#built-in-rules).