Merge pull request #274911 from jenniferf-skc/mepmmdfc

Updating references to Microsoft Entra Permissions Management in DFC …

Author: v-dirichards

articles/defender-for-cloud/enable-permissions-management.md

@@ -1,16 +1,16 @@
 ---
-title: Enable permissions management (CIEM)
+title: Enable Permissions Management (CIEM)
 author: Elazark
 ms.author: elkrieger
-description: Learn how to enable permissions management for better access control and security in your cloud infrastructure.
+description: Learn how to enable Permissions Management for better access control and security in your cloud infrastructure.
 ms.topic: how-to
 ms.date: 05/07/2024
 #customer intent: As a cloud administrator, I want to learn how to enable permissions (CIEM) in order to effectively manage user access and entitlements in my cloud infrastructure.
 ---
 
-# Enable permissions management (CIEM)
+# Enable Permissions Management (CIEM)
 
-Microsoft Defender for Cloud's integration with Microsoft Entra Permissions Management provides a Cloud Infrastructure Entitlement Management (CIEM) security model that helps organizations manage and control user access and entitlements in their cloud infrastructure. CIEM is a critical component of the Cloud Native Application Protection Platform (CNAPP) solution that provides visibility into who or what has access to specific resources. It ensures that access rights adhere to the principle of least privilege (PoLP), where users or workload identities, such as apps and services, receive only the minimum levels of access necessary to perform their tasks. CIEM also helps organizations to monitor and manage permissions across multiple cloud environments, including Azure, AWS, and GCP.
+Microsoft Defender for Cloud's integration with Microsoft Entra Permissions Management (Permissions Management) provides a Cloud Infrastructure Entitlement Management (CIEM) security model that helps organizations manage and control user access and entitlements in their cloud infrastructure. CIEM is a critical component of the Cloud Native Application Protection Platform (CNAPP) solution that provides visibility into who or what has access to specific resources. It ensures that access rights adhere to the principle of least privilege (PoLP), where users or workload identities, such as apps and services, receive only the minimum levels of access necessary to perform their tasks. CIEM also helps organizations to monitor and manage permissions across multiple cloud environments, including Azure, AWS, and GCP.
 
 ## Before you start
 
@@ -24,11 +24,11 @@ Microsoft Defender for Cloud's integration with Microsoft Entra Permissions Mana
 
 - **GCP only**: [Connect your GCP project to Defender for Cloud](quickstart-onboard-gcp.md).
 
-## Enable permissions management (CIEM) for Azure
+## Enable Permissions Management (CIEM) for Azure
 
 When you enabled the Defender CSPM plan on your Azure account, the **Azure CSPM** [standard is automatically assigned to your subscription](concept-regulatory-compliance-standards.md). The Azure CSPM standard provides Cloud Infrastructure Entitlement Management (CIEM) recommendations.
 
-When Permission Management (CIEM) is disabled, the CIEM recommendations within the Azure CSPM standard won’t be calculated.
+When Permissions Management (CIEM) is disabled, the CIEM recommendations within the Azure CSPM standard won’t be calculated.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -48,17 +48,17 @@ When Permission Management (CIEM) is disabled, the CIEM recommendations within t
 
 1. Select **Save**.
 
-The applicable permissions management (CIEM) recommendations appear on your subscription within a few hours.
+The applicable Permissions Management (CIEM) recommendations appear on your subscription within a few hours.
 
 List of Azure recommendations:
 
-- Azure overprovisioned identities should have only the necessary permissions
+- Azure over-provisioned identities should have only the necessary permissions
 
 - Unused identities in your Azure environment should be revoked/removed
 
 - Super identities in your Azure environment should be revoked/removed
 
-## Enable permissions management (CIEM) for AWS
+## Enable Permissions Management (CIEM) for AWS
 
 When you enabled the Defender CSPM plan on your AWS account, the **AWS CSPM** [standard is automatically assigned to your subscription](concept-regulatory-compliance-standards.md). The AWS CSPM standard provides Cloud Infrastructure Entitlement Management (CIEM) recommendations. 
 When Permission Management is disabled, the CIEM recommendations within the AWS CSPM standard won’t be calculated.
@@ -93,19 +93,19 @@ When Permission Management is disabled, the CIEM recommendations within the AWS
 
 1. Select **Update**.
 
-The applicable permissions management (CIEM) recommendations appear on your subscription within a few hours.
+The applicable Permissions Management (CIEM) recommendations appear on your subscription within a few hours.
 
 List of AWS recommendations:
 
-- AWS overprovisioned identities should have only the necessary permissions
+- AWS over-provisioned identities should have only the necessary permissions
 
 - Unused identities in your Azure environment should be revoked/removed
 
-## Enable permissions management (CIEM) for GCP
+## Enable Permissions Management (CIEM) for GCP
 
 When you enabled the Defender CSPM plan on your GCP project, the **GCP CSPM** [standard is automatically assigned to your subscription](concept-regulatory-compliance-standards.md). The GCP CSPM standard provides Cloud Infrastructure Entitlement Management (CIEM) recommendations. 
 
-When Permission Management (CIEM) is disabled, the CIEM recommendations within the GCP CSPM standard won’t be calculated.
+When Permissions Management (CIEM) is disabled, the CIEM recommendations within the GCP CSPM standard won’t be calculated.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -119,7 +119,7 @@ When Permission Management (CIEM) is disabled, the CIEM recommendations within t
 
     :::image type="content" source="media/enable-permissions-management/settings-google.png" alt-text="Screenshot that shows where to select settings for the Defender CSPM plan for your GCP project." lightbox="media/enable-permissions-management/settings-google.png":::
 
-1. Toggle permissions management **(CIEM)** to **On**.
+1. Toggle Permissions Management **(CIEM)** to **On**.
 
 1. Select **Save**.
 
@@ -139,17 +139,16 @@ When Permission Management (CIEM) is disabled, the CIEM recommendations within t
 
 1. Select **Update**.
 
-The applicable permissions management **(CIEM)** recommendations appear on your subscription within a few hours.
+The applicable Permissions Management **(CIEM)** recommendations appear on your subscription within a few hours.
 
 List of GCP recommendations:
 
-- GCP overprovisioned identities should have only necessary permissions
+- GCP over-provisioned identities should have only necessary permissions
 
 - Unused identities in your GCP environment should be revoked/removed
 
 - Super identities in your GCP environment should be revoked/removed
 
 ## Next step
 
-> [!div class="nextstepaction"]
-> [Microsoft Entra Permissions Management](/entra/permissions-management/).
+Learn more about [Microsoft Entra Permissions Management](/entra/permissions-management/).

articles/defender-for-cloud/permissions-management.md

@@ -1,36 +1,36 @@
 ---
-title: Permissions management (CIEM)
+title: Permissions Management (CIEM)
 description: Learn about permissions (CIEM) in Microsoft Defender for Cloud and enhance the security of your cloud infrastructure.
 ms.topic: concept-article
 author: Elazark
 ms.author: elkrieger
-ms.date: 03/07/2024
+ms.date: 05/08/2024
 #customer intent: As a user, I want to understand how to manage permissions effectively so that I can enhance the security of my cloud infrastructure.
 ---
 
-# Permissions management (CIEM)
+# Permissions Management (CIEM)
 
-Microsoft Defender for Cloud's integration with Microsoft [Microsoft Entra Permissions Management](/entra/permissions-management/overview) provides a Cloud Infrastructure Entitlement Management (CIEM) security model that helps organizations manage and control user access and entitlements in their cloud infrastructure. CIEM is a critical component of the Cloud Native Application Protection Platform (CNAPP) solution that provides visibility into who or what has access to specific resources. It ensures that access rights adhere to the principle of least privilege (PoLP), where users or workload identities, such as apps and services, receive only the minimum levels of access necessary to perform their tasks. CIEM also helps organizations to monitor and manage permissions across multiple cloud environments, including Azure, AWS, and GCP.
+Microsoft Defender for Cloud's integration with [Microsoft Entra Permissions Management](/entra/permissions-management/overview) (Permissions Management) provides a Cloud Infrastructure Entitlement Management (CIEM) security model that helps organizations manage and control user access and entitlements in their cloud infrastructure. CIEM is a critical component of the Cloud Native Application Protection Platform (CNAPP) solution that provides visibility into who or what has access to specific resources. CIEM ensures that access rights adhere to the principle of least privilege (PoLP), where users or workload identities, such as apps and services, receive only the minimum levels of access necessary to perform their tasks. CIEM also helps organizations to monitor and manage permissions across multiple cloud environments, including Azure, AWS, and GCP.
 
-Integrating Entra Permissions Management with Defender for Cloud (CNAPP) strengthens cloud security by preventing security breaches caused by excessive permissions or misconfigurations. Permissions management continuously monitors and manages cloud entitlements, helping to discover attack surfaces, detect threats, right-size access permissions, and maintain compliance. This integration enhances the capabilities of Defender for Cloud in securing cloud-native applications and protecting sensitive data.
+Integrating Permissions Management with Defender for Cloud (CNAPP) strengthens cloud security by preventing security breaches caused by excessive permissions or misconfigurations. Permissions Management continuously monitors and manages cloud entitlements, helping to discover attack surfaces, detect threats, right-size access permissions, and maintain compliance. This integration enhances the capabilities of Defender for Cloud in securing cloud-native applications and protecting sensitive data.
 
 This integration brings the following insights derived from the Microsoft Entra Permissions Management suite into the Microsoft Defender for Cloud portal. For more information, see the [feature matrix](#feature-matrix).
 
 ## Common use-cases and scenarios
 
-Microsoft Entra Permissions Management capabilities integrate as a valuable component within the Defender [Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) plan. The integrated capabilities are foundational, providing the essential functionalities within Microsoft Defender for Cloud. With these added capabilities, you can track permissions analytics, unused permissions for active identities, and over-permissioned identities and mitigate them to support the best practice of least privilege.
+Permissions Management capabilities integrate as a valuable component within the Defender [Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) plan. The integrated capabilities are foundational, providing the essential functionalities within Microsoft Defender for Cloud. With these added capabilities, you can track permissions analytics, unused permissions for active identities, and over-permissioned identities and mitigate them to support the best practice of least privilege.
 
 The integration creates recommendations under the Manage Access and Permissions security control on the Recommendations page in Defender for Cloud.
 
 ## Known limitations
 
-AWS and GCP accounts that were onboarded to Microsoft Entra Permissions Management before being onboarded to Defender for Cloud can't be integrated through Microsoft Defender for Cloud.
+AWS and GCP accounts that were onboarded to Permissions Management before being onboarded to Defender for Cloud can't be integrated through Microsoft Defender for Cloud.
 
 ## Feature matrix
 
-The integration feature comes as part of Defender CSPM plan and doesn't require a Microsoft Entra Permissions Management (MEPM) license. To learn more about other capabilities that you can receive from MEPM, refer to the feature matrix:
+The integration feature comes as part of Defender CSPM plan and doesn't require a Permissions Management license. To learn more about other capabilities that you can receive from Permissions Management, refer to the feature matrix:
 
-| Category  | Capabilities                                                 | Defender for Cloud | Permissions management |
+| Category  | Capabilities                                                 | Defender for Cloud | Permissions Management |
 | --------- | ------------------------------------------------------------ | ------------------ | ---------------------- |
 | Discover  | Permissions  discovery for risky identities (including unused identities, overprovisioned  active identities, super identities) in Azure, AWS, GCP | ✓                  | ✓                      |
 | Discover  | Permissions  Creep Index (PCI) for multicloud environments (Azure, AWS, GCP) and all  identities | ✓                  | ✓                      |
@@ -39,12 +39,12 @@ The integration feature comes as part of Defender CSPM plan and doesn't require
 | Discover  | Support  for Identity Providers (including AWS IAM Identity Center, Okta, GSuite) | ❌                  | ✓                      |
 | Remediate | Automated  deletion of permissions                           | ❌                  | ✓                      |
 | Remediate | Remediate  identities by attaching / detaching the permissions | ❌                  | ✓                      |
-| Remediate | Custom  role / AWS Policy generation based on activities of identities, groups, etc. | ❌                  | ✓                      |
+| Remediate | Custom role / AWS Policy generation based on activities of identities, groups, etc. | ❌                  | ✓                      |
 | Remediate | Permissions  on demand (time-bound access) for human and workload identities via Microsoft Entra admin center, APIs, ServiceNow app. | ❌                  | ✓                      |
 | Monitor   | Machine  Learning-powered anomaly detections                 | ❌                  | ✓                      |
 | Monitor   | Activity  based, rule-based alerts                           | ❌                  | ✓                      |
 | Monitor   | Context-rich  forensic reports (for example PCI history report, user entitlement &  usage report, etc.) | ❌                  | ✓                      |
 
 ## Related content
 
-Learn how to [enable permissions management](enable-permissions-management.md) in Microsoft Defender for Cloud.
+Learn how to [enable Permissions Management](enable-permissions-management.md) in Microsoft Defender for Cloud.