Merge pull request #94588 from MicrosoftDocs/master

Like a surgeon, hey
Cuttin' for the very first time
Like a surgeon
Here's a waiver for you to sign

Author: SyntaxC4

.openpublishing.redirection.json

@@ -26604,6 +26604,11 @@
       "redirect_url": "/azure/security-center/security-center-features-retirement-july2019#custom-alert-rules-preview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-policies-overview.md",
+      "redirect_url": "/azure/security-center/tutorial-security-policy.md",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-network/virtual-network-deploy-multinic-arm-cli.md",
       "redirect_url": "/azure/virtual-machines/linux/multiple-nics",

articles/index.md

@@ -1672,21 +1672,28 @@ featureFlags:
                                                 <p>Azure Private Link</p>
                                             </a>
                                         </li>
+                                        <li>
                                             <a href="/azure/peering-service/">
                                                 <img src="media/index/peering-service.svg" alt="" />
                                                 <p>Peering Service</p>
                                             </a>
                                         </li>
-                                    </ul>
+                                        <li>
                                             <a href="/azure/firewall-manager/">
+                                                <img src="media/index/icon-networking-361-azure-firewall-manager.svg" alt="" />
                                                 <p>Azure Firewall Manager</p>
+                                            </a>
+                                        </li>
                                         <li>
+                                            <a href="/azure/internet-analyzer/">
                                                 <img src="media/index/internet-analyzer.svg" alt="" />
                                                 <p>Azure Internet Analyzer</p>
                                             </a>
                                         </li>
+                                    </ul>
                                     <h3>Security</h3>
                                     <ul>
+                                        <li>
                                             <a href="/azure/security/">
                                                 <img src="media/index/SecurityCenter.svg" alt="" />
                                                 <p>Security Information</p>
@@ -1704,13 +1711,13 @@ featureFlags:
                                                 <p>Key Vault</p>
                                             </a>
                                         </li>
-                                        <li>
                                         <li>
                                             <a href="/azure/dedicated-hsm">
                                                 <img src="media/index/dedicated-hsm.svg" alt="" />
                                                 <p>Azure Dedicated HSM</p>
                                             </a>
                                         </li>
+                                        <li>
                                             <a href="/azure/virtual-network/ddos-protection-overview">
                                                 <img src="media/index/ddos-protection.svg" alt="" />
                                                 <p>Azure DDoS protection</p>
@@ -5633,11 +5640,10 @@ featureFlags:
                                                     <div class="cardImage">
                                                         <img src="media/index/peering-service.svg" alt="" />
                                                     </div>
-                                                </div>
-                                                <div class="cardText">
+                                            </div>
+                                            <div class="cardText">
                                                     <h3>Peering Service</h3>
                                                     <p>Get optimal internet connectivity to access the Microsoft network</p>
-                                                </div>
                                             </div>
                                         </div>
                                     </div>
@@ -5652,6 +5658,8 @@ featureFlags:
                                 <a href="https://go.microsoft.com/fwlink/?linkid=2097091">
                                     <div class="cardSize">
                                         <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
                                                     <div class="cardImage">
                                                         <img src="media/index/private-link.svg" alt="" />
                                                     </div>
@@ -5666,17 +5674,38 @@ featureFlags:
                                 </a>
                             </li>
                             <li>
+                                <a href="/azure/firewall-manager/">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage">
                                                         <img src="media/index/icon-networking-361-azure-firewall-manager.svg" alt="" />
+                                                    </div>
                                                 </div>
                                                 <div class="cardText">
                                                     <h3>Azure Firewall Manager</h3>
                                                     <p>A globally distributed security management service</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
+                            <li>
+                               <a href="/azure/security-center/">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage">
                                                         <img src="media/index/SecurityCenter.svg" alt="" />
                                                     </div>
                                                 </div>
                                                 <div class="cardText">
                                                     <h3>Security Center</h3>
                                                     <p>Unify security management and enable advanced threat protection across hybrid cloud workloads</p>
+                                                </div>
                                             </div>
                                         </div>
                                     </div>

articles/security-center/TOC.yml

@@ -40,6 +40,14 @@
     href: security-center-using-recommendations.md
   - name: Cross-tenant management
     href: security-center-cross-tenant-management.md 
+  - name: Container security
+    items:
+    - name: Container security overview
+      href: container-security.md    
+    - name: Integration with Azure Container Registry
+      href: azure-container-registry-integration.md
+    - name: Integration with Azure Kubernetes Service
+      href: azure-kubernetes-service-integration.md
   - name: Threat detection alerts and incidents
     items:
     - name: Security alerts overview
@@ -54,7 +62,7 @@
       href: security-center-alerts-compute.md
     - name: Threat detection for data services
       href: security-center-alerts-data-services.md
-    - name: Threat detection for Azure service layer
+    - name: Threat detection for Azure service layers
       href: security-center-alerts-service-layer.md   
     - name: Integration with Azure Security Products
       href: security-center-alerts-integration.md
@@ -71,33 +79,47 @@
     href: security-center-secure-score.md
   - name: Upgrade to advanced security
     href: security-center-onboarding.md
-  - name: Server protection with Microsoft Defender ATP
+  - name: Protect your servers with Microsoft Defender ATP
     href: security-center-wdatp.md
-  - name: Advanced data security for SQL on Azure VMs (Public Preview)
+  - name: Use advanced data security for SQL on Azure VMs
     href: security-center-iaas-advanced-data.md
   - name: Use App Service to protect your applications
     href: security-center-app-services.md
-  - name: Working with security policies
-    href: tutorial-security-policy.md
+  - name: Use security policies
+    items:
+    - name: Overview of security policies
+      href: tutorial-security-policy.md
+    - name: Use built-in security policies
+      href: security-center-policy-definitions.md 
+    - name: Create custom security policies
+      href: custom-security-policies.md
+    - name: Manage policies with the Azure Policy REST API
+      href: configure-security-policy-azure-policy.md
+  - name: Add dynamic compliance packages
+    href: update-regulatory-compliance-packages.md
   - name: Customize the information protection policy
     href: security-center-info-protection-policy.md
   - name: Manage security solutions
     href: security-center-partner-integration.md
   - name: Automate onboarding using PowerShell
     href: security-center-powershell-onboarding.md
-  - name: Security Center settings
-    href: security-center-policies-overview.md
+  - name: Integrate with Windows Admin Center
+    href: windows-admin-center-integration.md
   - name: Compare baselines using File Integrity Monitoring
     href: security-center-file-integrity-monitoring-baselines.md
-  - name: Data collection
+  - name: Automate responses to alerts and recommendations
+    href: workflow-automation.md
+  - name: Export alerts and recommendations
+    href: continuous-export.md
+  - name: Configure your data collection
     href: security-center-enable-data-collection.md
-  - name: Built-in security policies
-    href: security-center-policy-definitions.md
-  - name: Email notifications
+  - name: Set up advanced threat protection for Azure Key Vault
+    href: advanced-threat-protection-key-vault.md
+  - name: Set up email notifications
     href: security-center-provide-security-contact-details.md
   - name: Pricing
     href: security-center-pricing.md
-  - name: Tenant-wide visibility
+  - name: Gain tenant-wide visibility
     href: security-center-management-groups.md
   - name: Implement security recommendations
     items:
@@ -167,7 +189,7 @@
   - name: Manage user data
     href: security-center-privacy.md
   - name: Azure Security Center for IoT documentation
-    href: https://docs.microsoft.com/en-us/azure/asc-for-iot/
+    href: https://docs.microsoft.com/azure/asc-for-iot/
   - name: FAQ
     href: security-center-faq.md
   - name: Azure security documentation

articles/security-center/advanced-threat-protection-key-vault.md

@@ -0,0 +1,42 @@
+---
+title: How to set up advanced threat protection for Azure Key Vault | Microsoft Docs
+description: This article explains how to set up advanced threat protection for Azure Key Vault in Azure Security Center
+services: security-center
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.topic: conceptual
+ms.date: 11/04/2019
+ms.author: memildin
+
+---
+# How to set up advanced threat protection for Azure Key Vault (Preview)
+
+Advanced threat protection for Azure Key Vault provides an additional layer of security intelligence. This tool detects potentially harmful attempts to access or exploit Key Vault accounts. Using Security Center's native advanced threat protection, you can address threats without being a security expert, and without learning additional security monitoring systems.
+
+When Security Center detects anomalous activity, it displays alerts. It also emails the subscription administrator with details of the suspicious activity and recommendations for how to investigate and remediate the identified threats. 
+
+> [!NOTE]
+> Advanced threat protection for Azure Key Vault is currently only available in North America regions.
+
+## To set up advanced threat protection from Azure Security Center
+
+By default, advanced threat protection is enabled for all of your Key Vault accounts when you subscribe to Security Center's Standard tier (see [pricing](security-center-pricing.md)). 
+
+To enable or disable the protection for a specific subscription:
+
+1. From Security Center's sidebar, click **Pricing & settings**.
+1. Select the subscription with the storage accounts for which you want to enable or disable threat protection.
+1. Click **Pricing tier**.
+1. From the **Select pricing tier by resource type** group, find the Key Vaults row and click **Enabled** or **Disabled**.
+    [![Enabling or disabling the advanced threat protection for Key Vault in Azure Security Center](media/advanced-threat-protection-key-vault/atp-for-akv-enable-atp-for-akv.png)](media/advanced-threat-protection-key-vault/atp-for-akv-enable-atp-for-akv.png#lightbox)
+1. Click **Save**.
+
+
+## Next steps
+
+In this article, you learned how to enable and disable advanced threat protection for Azure Key Vault. 
+
+For other related material, see the following article:
+
+- [Threat detection for the Azure services layers in Security Center](security-center-alerts-service-layer.md) - This article describes the alerts related to advanced threat protection for Azure Key Vault

articles/security-center/azure-container-registry-integration.md

@@ -0,0 +1,44 @@
+---
+title: Azure Security Center and Azure Container Registry | Microsoft Docs
+description: "Learn about Azure Security Center's integration with Azure Container Registry"
+services: security-center
+documentationcenter: na
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 11/04/2019
+ms.author: memildin
+
+---
+
+# Azure Container Registry integration with Security Center (Preview)
+
+Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. It's based on the open-source Docker Registry 2.0.
+
+When using ACR together with Azure Security Center's standard tier (see [pricing](security-center-pricing.md)), you gain deeper visibility into your registry and images' vulnerabilities.
+
+[![Azure Container Registry (ACR) recommendations inside Azure Security Center](media/azure-container-registry-integration/container-security-acr-page.png)](media/azure-container-registry-integration/container-security-acr-page.png#lightbox)
+
+## Benefits of integration
+
+Security Center identifies ACR registries in your subscription and seamlessly provides:
+
+* **Azure-native vulnerability scanning** for all pushed Linux images. Security Center scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys. This native solution is seamlessly integrated by default.
+
+* **Security recommendations** for Linux images with known vulnerabilities. Security Center provides details of each reported vulnerability and a  severity classification. Additionally, it gives guidance for how to  remediate the specific vulnerabilities found on each image pushed to registry.
+
+![Azure Security Center and Azure Container Registry (ACR) high-level overview](./media/azure-container-registry-integration/aks-acr-integration-detailed.png)
+
+## Next steps
+
+To learn more about Security Center's container security features, see:
+
+* [Azure Security Center and container security](container-security.md)
+
+* [Integration with Azure Kubernetes Service](azure-kubernetes-service-integration.md)
+
+* [Virtual Machine protection](security-center-virtual-machine-protection.md) - Describes Security Center's recommendations

articles/security-center/azure-kubernetes-service-integration.md

@@ -0,0 +1,59 @@
+---
+title: Azure Security Center and Azure Kubernetes Service | Microsoft Docs
+description: "Learn about Azure Security Center's integration with Azure Kubernetes Services"
+services: security-center
+documentationcenter: na
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 11/04/2019
+ms.author: memildin
+
+---
+
+# Azure Kubernetes Services integration with Security Center (Preview)
+Azure Kubernetes Service (AKS) is Microsoft’s managed service for developing, deploying, and managing containerized applications. 
+
+Use AKS together with Azure Security Center's standard tier (see [pricing](security-center-pricing.md)) to gain deeper visibility to your AKS nodes, cloud traffic, and security controls.
+
+Security Center brings security benefits to your AKS clusters using  data already gathered by the AKS master node. 
+
+![Azure Security Center and Azure Kubernetes Service (AKS) high-level overview](./media/azure-kubernetes-service-integration/aks-asc-integration-overview.png)
+
+Together, these two tools form the best cloud-native Kubernetes security offering. 
+
+## Benefits of integration
+
+Using the two services together provides:
+
+* **Security recommendations** - Security Center identifies your AKS resources and categorizes them: from clusters to individual virtual machines. You can then view security recommendations per resource. For more information, see [How to implement security recommendations](security-center-recommendations.md). 
+
+    > [!NOTE]
+    > If the name of a Security Center recommendation ends with a "(Preview)" tag, it's referring to the preview nature of the recommendation; not the feature.
+
+* **Environment hardening** - Security Center constantly monitors the configuration of your Kubernetes clusters, and generates security recommendations that reflect industry standards.
+
+* **Run-time protection** - Through continuous analysis of the following AKS sources, Security Center alerts you to threats and malicious activity detected at the host *and* AKS cluster level (for more information, see [Azure container service](https://docs.microsoft.com/azure/security-center/security-center-alerts-compute#azure-container-service-)):
+    * Raw security events, such as network data and process creation
+    * The Kubernetes audit log
+
+![Azure Security Center and Azure Kubernetes Service (AKS) in more detail](./media/azure-kubernetes-service-integration/aks-asc-integration-detailed.png)
+
+> [!NOTE]
+> Some of the data scanned by Azure Security Center from your Kubernetes environment may contain sensitive information.
+
+## Next steps
+
+To learn more about Security Center's container security features, see:
+
+* [Azure Security Center and container security](container-security.md)
+
+* [Integration with Azure Container Registry](azure-container-registry-integration.md)
+
+* [Virtual Machine protection](security-center-virtual-machine-protection.md) - Describes Security Center's recommendations
+
+* [Data management at Microsoft](https://www.microsoft.com/trust-center/privacy/data-management) - Describes the data policies of Microsoft services (including Azure, Intune, and Office 365), details of Microsoft’s data management, and the retention policies that affect your data