Merge branch 'MicrosoftDocs:main' into patch-3

Author: cilwerner

articles/active-directory/external-identities/media/user-flow-add-custom-attributes/add-an-attribute.png

@@ -18,13 +18,13 @@ ms.collection: M365-identity-device-management
 
 For each application, you might have different requirements for the information you want to collect during sign-up. Azure AD comes with a built-in set of information stored in attributes, such as Given Name, Surname, City, and Postal Code. With Azure AD, you can extend the set of attributes stored on a guest account when the external user signs up through a user flow.
 
-You can create custom attributes in the Azure portal and use them in your self-service sign-up user flows. You can also read and write these attributes by using the [Microsoft Graph API](../../active-directory-b2c/microsoft-graph-operations.md). Microsoft Graph API supports creating and updating a user with extension attributes. Extension attributes in the Graph API are named by using the convention `extension_<extensions-app-id>_attributename`. For example:
+You can create custom attributes in the Azure portal and use them in your [self-service sign-up user flows](self-service-sign-up-user-flow.md). You can also read and write these attributes by using the [Microsoft Graph API](../../active-directory-b2c/microsoft-graph-operations.md). Microsoft Graph API supports creating and updating a user with extension attributes. Extension attributes in the Graph API are named by using the convention `extension_<extensions-app-id>_attributename`. For example:
 
 ```JSON
 "extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342"
 ```
 
-The `<extensions-app-id>` is specific to your tenant. To find this identifier, navigate to Azure Active Directory > App registrations > All applications. Search for the app that starts with "aad-extensions-app" and select it. On the app's Overview page, note the Application (client) ID.
+The `<extensions-app-id>` is specific to your tenant. To find this identifier, navigate to **Azure Active Directory** > **App registrations** > **All applications**. Search for the app that starts with "aad-extensions-app" and select it. On the app's Overview page, note the Application (client) ID.
 
 ## Create a custom attribute
 
@@ -33,23 +33,24 @@ The `<extensions-app-id>` is specific to your tenant. To find this identifier, n
 3. In the left menu, select **External Identities**.
 4. Select **Custom user attributes**. The available user attributes are listed.
 
-   ![Select user attributes for sign-up](media/user-flow-add-custom-attributes/user-attributes.png)
+   :::image type="content" source="media/user-flow-add-custom-attributes/user-attributes.png" alt-text="Screenshot of selecting custom user attributes for sign-up." lightbox="media/user-flow-add-custom-attributes/user-attributes-large-image.png":::
+
 
 5. To add an attribute, select **Add**.
 6. In the **Add an attribute** pane, enter the following values:
 
-   - **Name** - Provide a name for the custom attribute (for example, "Shoesize").
+   - **Name** - Provide a name for the custom attribute (for example, "Shoe size").
    - **Data Type** - Choose a data type (**String**, **Boolean**, or **Int**).
-   - **Description** - Optionally, enter a description of the custom attribute for internal use. This description is not visible to the user.
+   - **Description** - Optionally, enter a description of the custom attribute for internal use. This description isn't visible to the user.
 
-   ![Add an attribute](media/user-flow-add-custom-attributes/add-an-attribute.png)
+   :::image type="content" source="media/user-flow-add-custom-attributes/add-an-attribute.png" alt-text="Screenshot of adding a custom attribute.":::
 
 7. Select **Create**.
 
-The custom attribute is now available in the list of user attributes and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of user attributes.
+The custom attribute is now available in the list of user attributes and for use in your user flows. A custom attribute is only created the first time it's used in any user flow, and not when you add it to the list of user attributes.
 
-Once you've created a new user using a user flow that uses the newly created custom attribute, the object can be queried in [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer). You should now see **ShoeSize** in the list of attributes collected during the sign-up journey on the user object. You can call the Graph API from your application to get the data from this attribute after it is added to the user object.
+Once you've created a new user using a user flow that uses the newly created custom attribute, the object can be queried in [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer). You should now see **ShoeSize** in the list of attributes collected during the sign-up journey on the user object. You can call the Graph API from your application to get the data from this attribute after it's added to the user object.
 
 ## Next steps
 
-[Add a self-service sign-up user flow to an app](self-service-sign-up-user-flow.md)
+[Add a self-service sign-up user flow to an app](self-service-sign-up-user-flow.md)

articles/active-directory/external-identities/media/user-flow-add-custom-attributes/user-attributes-large-image.png

@@ -122,10 +122,10 @@
       - name: Cloud Security Posture Management (CSPM)
         displayName: CSPM, cloud security, posture, management
         href: concept-cloud-security-posture-management.md
-      - name: Microsoft Cloud Security Benchmark (MCSB)
+      - name: Microsoft cloud security benchmark (MCSB)
         href: concept-regulatory-compliance.md
-      - name: What is the Cloud Security Graph
-        displayName: What are the Cloud Security Graph, Attack Path Analysis, and the Cloud Security Explorer?
+      - name: What is the cloud security graph
+        displayName: What are the cloud security graph, attack path analysis, and the cloud security explorer?
         href: concept-attack-path.md
       - name: External attack surface management (EASM)
         displayName: EASM, attack surface management
@@ -167,7 +167,7 @@
       items:
       - name: Identify and remediate attack paths
         href: how-to-manage-attack-path.md
-      - name: Build queries with Cloud Security Explorer
+      - name: Build queries with cloud security explorer
         href: how-to-manage-cloud-security-explorer.md
   - name: Security recommendations
     items:

articles/active-directory/external-identities/media/user-flow-add-custom-attributes/user-attributes.png

@@ -1,6 +1,6 @@
 ---
 title: Harden your Windows and Linux OS with Azure security baseline and Microsoft Defender for Cloud
-description: Learn how Microsoft Defender for Cloud uses the guest configuration to compare your OS hardening with the guidance from Microsoft Cloud Security Benchmark
+description: Learn how Microsoft Defender for Cloud uses the guest configuration to compare your OS hardening with the guidance from Microsoft cloud security benchmark
 ms.topic: how-to
 ms.custom: ignite-2022
 ms.author: benmansheim
@@ -11,7 +11,7 @@ ms.date: 11/09/2021
 
 To reduce a machine's attack surface and avoid known risks, it's important to configure the operating system (OS) as securely as possible.
 
-The Microsoft Cloud Security Benchmark has guidance for OS hardening which has led to security baseline documents for [Windows](../governance/policy/samples/guest-configuration-baseline-windows.md) and [Linux](../governance/policy/samples/guest-configuration-baseline-linux.md).
+The Microsoft cloud security benchmark has guidance for OS hardening which has led to security baseline documents for [Windows](../governance/policy/samples/guest-configuration-baseline-windows.md) and [Linux](../governance/policy/samples/guest-configuration-baseline-linux.md).
 
 Use the security recommendations described in this article to assess the machines in your environment and:
 
@@ -35,7 +35,7 @@ Microsoft Defender for Cloud includes two recommendations that check whether the
 - For **Windows** machines, [Vulnerabilities in security configuration on your Windows machines should be remediated (powered by Guest Configuration)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/8c3d9ad0-3639-4686-9cd2-2b2ab2609bda) compares the configuration with the [Windows security baseline](../governance/policy/samples/guest-configuration-baseline-windows.md).
 - For **Linux** machines, [Vulnerabilities in security configuration on your Linux machines should be remediated (powered by Guest Configuration)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/1f655fb7-63ca-4980-91a3-56dbc2b715c6) compares the configuration with the [Linux security baseline](../governance/policy/samples/guest-configuration-baseline-linux.md).
 
-These recommendations use the guest configuration feature of Azure Policy to compare the OS configuration of a machine with the baseline defined in the [Microsoft Cloud Security Benchmark](/security/benchmark/azure/overview).
+These recommendations use the guest configuration feature of Azure Policy to compare the OS configuration of a machine with the baseline defined in the [Microsoft cloud security benchmark](/security/benchmark/azure/overview).
 
 ## Compare machines in your subscriptions with the OS security baselines
 
@@ -103,4 +103,4 @@ To learn more about these configuration settings, see:
 
 - [Windows security baseline](../governance/policy/samples/guest-configuration-baseline-windows.md)
 - [Linux security baseline](../governance/policy/samples/guest-configuration-baseline-linux.md)
-- [Microsoft Cloud Security Benchmark](/security/benchmark/azure/overview)
+- [Microsoft cloud security benchmark](/security/benchmark/azure/overview)

articles/active-directory/external-identities/user-flow-add-custom-attributes.md

@@ -104,6 +104,6 @@ To learn about how to respond to these attack paths, see [Identify and remediate
 ## Next steps
 
 For related information, see the following:
-- [What are the Cloud Security Graph, Attack Path Analysis, and the Cloud Security Explorer?](concept-attack-path.md)
+- [What are the cloud security graph, attack path analysis, and the cloud security explorer?](concept-attack-path.md)
 - [Identify and remediate attack paths](how-to-manage-attack-path.md)
-- [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md)
+- [Cloud security explorer](how-to-manage-cloud-security-explorer.md)

articles/defender-for-cloud/TOC.yml

@@ -1,43 +1,43 @@
 ---
-title: What are the Cloud Security Graph, Attack Path Analysis, and the Cloud Security Explorer?
+title: What are the cloud security graph, attack path analysis, and the cloud security explorer?
 description: Learn how to prioritize remediation of cloud misconfigurations and vulnerabilities based on risk. 
 titleSuffix: Defender for Cloud attack path.
 ms.topic: conceptual
 ms.custom: ignite-2022
 ms.date: 09/21/2022
 ---
 
-# What are the Cloud Security Graph, Attack Path Analysis, and the Cloud Security Explorer? 
+# What are the cloud security graph, attack path analysis, and the cloud security explorer? 
 
 One of the biggest challenges that security teams face today is the number of security issues they face on a daily basis. There are numerous security issues that need to be resolve and never enough resources to address them all. 
 
 Defender for Cloud's contextual security capabilities assists security teams to assess the risk behind each security issue, and identify the highest risk issues that need to be resolved soonest. Defender for Cloud assists security teams to reduce the risk of an impactful breach to their environment in the most effective way. 
 
-## What is Cloud Security Graph?
+## What is cloud security graph?
 
-The Cloud Security Graph is a graph-based context engine that exists within Defender for Cloud. The Cloud Security Graph collects data from your multicloud environment and other data sources. For example, the cloud assets inventory, connections and lateral movement possibilities between resources, exposure to internet, permissions, network connections, vulnerabilities and more. The data collected is then used to build a graph representing your multicloud environment. 
+The cloud security graph is a graph-based context engine that exists within Defender for Cloud. The cloud security graph collects data from your multicloud environment and other data sources. For example, the cloud assets inventory, connections and lateral movement possibilities between resources, exposure to internet, permissions, network connections, vulnerabilities and more. The data collected is then used to build a graph representing your multicloud environment. 
 
-Defender for Cloud then uses the generated graph to perform an Attack Path Analysis and find the issues with the highest risk that exist within your environment. You can also query the graph using the Cloud Security Explorer.  
+Defender for Cloud then uses the generated graph to perform an attack path analysis and find the issues with the highest risk that exist within your environment. You can also query the graph using the cloud security explorer.  
 
 :::image type="content" source="media/concept-cloud-map/security-map.png" alt-text="Screenshot of a conceptualized graph that shows the complexity of security graphing." lightbox="media/concept-cloud-map/security-map.png":::
 
-## What is Attack Path Analysis?
+## What is attack path analysis?
 
-Attack Path Analysis is a graph-based algorithm that scans the Cloud Security Graph. The scans expose exploitable paths that attackers may use to breach your environment to reach your high-impact assets. Attack Path Analysis exposes those attack paths and suggests recommendations as to how best remediate the issues that will break the attack path and prevent successful breach. 
+Attack path analysis is a graph-based algorithm that scans the cloud security graph. The scans expose exploitable paths that attackers may use to breach your environment to reach your high-impact assets. Attack path analysis exposes those attack paths and suggests recommendations as to how best remediate the issues that will break the attack path and prevent successful breach. 
 
-By taking your environment's contextual information into account such as, internet exposure, permissions, lateral movement, and more. Attack Path Analysis identifies issues that may lead to a breach on your environment, and helps you to remediate the highest risk ones first. 
+By taking your environment's contextual information into account such as, internet exposure, permissions, lateral movement, and more. Attack path analysis identifies issues that may lead to a breach on your environment, and helps you to remediate the highest risk ones first. 
 
 :::image type="content" source="media/concept-cloud-map/attack-path.png" alt-text="Image that shows a sample attack path from attacker to your sensitive data.":::
 
-Learn how to use [Attack Path Analysis](how-to-manage-attack-path.md).
+Learn how to use [attack path analysis](how-to-manage-attack-path.md).
 
-## What is Cloud Security Explorer?
+## What is cloud security explorer?
 
-Using the Cloud Security Explorer, you can proactively identify security risks in your multicloud environment by running graph-based queries on the Cloud Security Graph. Your security team can use the query builder to search for and locate risks, while taking your organization's specific contextual and conventional information into account. 
+Using the cloud security explorer, you can proactively identify security risks in your multicloud environment by running graph-based queries on the cloud security graph. Your security team can use the query builder to search for and locate risks, while taking your organization's specific contextual and conventional information into account. 
 
-Cloud Security Explorer provides you with the ability to perform proactive exploration features. You can search for security risks within your organization by running graph-based path-finding queries on top the contextual security data that is already provided by Defender for Cloud. Such as, cloud misconfigurations, vulnerabilities, resource context, lateral movement possibilities between resources and more.
+Cloud security explorer provides you with the ability to perform proactive exploration features. You can search for security risks within your organization by running graph-based path-finding queries on top the contextual security data that is already provided by Defender for Cloud. Such as, cloud misconfigurations, vulnerabilities, resource context, lateral movement possibilities between resources and more.
 
-Learn how to use the [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md), or check out the list of [insights and connections](attack-path-reference.md#insights-and-connections).
+Learn how to use the [cloud security explorer](how-to-manage-cloud-security-explorer.md), or check out the list of [insights and connections](attack-path-reference.md#insights-and-connections).
 
 ## Next steps