Merge pull request #274305 from dcurwin/fix-formatting-may5-2024

Fix formatting

Author: ttorble

articles/defender-for-cloud/agentless-malware-scanning.md

@@ -35,7 +35,7 @@ Agentless malware scanning offers the following benefits to both protected and u
 You can learn more about [agentless machine scanning](concept-agentless-data-collection.md) and how to [enable agentless scanning for VMs](enable-agentless-scanning-vms.md).
 
 > [!IMPORTANT]
-> Security alerts appear on the portal only in cases where threats are detected on your environment. If you do not have any alerts it may be because there are no threats on your environment. You can [test to see if the agentless malware scanning capability has been properly onboarded and is reporting to Defender for Cloud](enable-agentless-scanning-vms.md#test-the-agentless-malware-scanners-deployment).
+> Security alerts appear on the portal only in cases where threats are detected on your environment. If you don't have any alerts it might be because there are no threats on your environment. You can [test to see if the agentless malware scanning capability has been properly onboarded and is reporting to Defender for Cloud](enable-agentless-scanning-vms.md#test-the-agentless-malware-scanners-deployment).
 
 ### Defender for Cloud security alerts
 

articles/defender-for-cloud/concept-data-security-posture-prepare.md

@@ -94,7 +94,7 @@ To protect AWS resources in Defender for Cloud, set up an AWS connector using a
   - Use all KMS keys only for RDS on source account
   - Create & full control on all KMS keys with tag prefix *DefenderForDatabases*
   - Create alias for KMS keys
-- KMS keys are created once for each region that contains RDS instances. The creation of a KMS key may incur a minimal extra cost, according to AWS KMS pricing.
+- KMS keys are created once for each region that contains RDS instances. The creation of a KMS key might incur a minimal extra cost, according to AWS KMS pricing.
 
 ### Discovering GCP storage buckets
 

articles/defender-for-cloud/data-security.md

@@ -88,7 +88,7 @@ Customers can access Defender for Cloud related data from the following data str
 
 ## Defender for Cloud and Microsoft Defender 365 Defender integration
 
-When you enable any of Defender for Cloud's paid plans you automatically gain all of the benefits of Microsoft Defender XDR. Information from Defender for Cloud will be shared with Microsoft Defender XDR. This data may contain customer data and will be stored according to [Microsoft 365 data handling guidelines](/microsoft-365/security/defender/data-privacy).
+When you enable any of Defender for Cloud's paid plans you automatically gain all of the benefits of Microsoft Defender XDR. Information from Defender for Cloud will be shared with Microsoft Defender XDR. This data might contain customer data and will be stored according to [Microsoft 365 data handling guidelines](/microsoft-365/security/defender/data-privacy).
 
 ## Next steps
 

articles/defender-for-cloud/edit-devops-connector.md

@@ -8,7 +8,7 @@ ms.custom: ignite-2023
 
 # Edit your DevOps Connector in Microsoft Defender for Cloud
 
-After onboarding your Azure DevOps, GitHub, or GitLab environments to Microsoft Defender for Cloud, you may want to change the authorization token used for the connector, add or remove organizations/groups onboarded to Defender for Cloud, or install the GitHub app to additional scope. This page provides a simple tutorial for making changes to your DevOps connectors.
+After onboarding your Azure DevOps, GitHub, or GitLab environments to Microsoft Defender for Cloud, you might want to change the authorization token used for the connector, add or remove organizations/groups onboarded to Defender for Cloud, or install the GitHub app to additional scope. This page provides a simple tutorial for making changes to your DevOps connectors.
 
 ## Prerequisites
 
@@ -34,7 +34,7 @@ After onboarding your Azure DevOps, GitHub, or GitLab environments to Microsoft
 1. Use **Edit connector account** component to make changes to onboarded inventory. If an organization/group is greyed out, please ensure that you have proper permissions to the environment and the scope is not onboarded elsewhere in the Tenant.
 
     :::image type="content" source="media/edit-devops-connector/edit-connector-2.png" alt-text="A screenshot showing how to select an account when editing a connector." lightbox="media/edit-devops-connector/edit-connector-2.png":::
-   
+
 1. To save your inventory changes, Select **Next: Review and generate >** and **Update**. Failing to select **Update** will cause any inventory changes to not be saved.
 
 ## Next steps

articles/defender-for-cloud/enable-agentless-scanning-vms.md

@@ -68,6 +68,7 @@ You can enable agentless scanning on
 For agentless scanning to cover Azure VMs with CMK encrypted disks, you need to grant Defender for Cloud additional permissions to create a secure copy of these disks. To do so, additional permissions are needed on Key Vaults used for CMK encryption for your VMs.
 
 To manually assign the permissions, follow the below instructions according to your Key Vault type:
+
 - For Key Vaults using non-RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider" (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) these permissions: Key Get, Key Wrap, Key Unwrap.
 - For Key Vaults using RBAC permissions, assign "Microsoft Defender for Cloud Servers Scanner Resource Provider” (`0c7668b5-3260-4ad0-9f53-34ed54fa19b2`) the [Key Vault Crypto Service Encryption User](/azure/key-vault/general/rbac-guide?preserve-view=true&tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations) built-in role.
 
@@ -121,7 +122,7 @@ After you enable agentless scanning, software inventory and vulnerability inform
 
 ## Test the agentless malware scanner's deployment
 
-Security alerts appear on the portal only in cases where threats are detected on your environment. If you do not have any alerts it may be because there are no threats on your environment. You can test to see that the device is properly onboarded and reporting to Defender for Cloud by creating a test file.
+Security alerts appear on the portal only in cases where threats are detected on your environment. If you do not have any alerts it might be because there are no threats on your environment. You can test to see that the device is properly onboarded and reporting to Defender for Cloud by creating a test file.
 
 ### Create a test file for Linux
 

articles/defender-for-cloud/enable-defender-for-databases-aws.md

@@ -106,9 +106,9 @@ Each relational database management system or service type has its own configura
 
 | Type | Parameter | Value |
 |--|--|--|
-| PostgreSQL and Aurora PostgreSQL | log_connections | 1| 
+| PostgreSQL and Aurora PostgreSQL | log_connections | 1|
 | PostgreSQL and Aurora PostgreSQL | log_disconnections | 1 |
-| Aurora MySQL cluster parameter group | server_audit_logging | 1 | 
+| Aurora MySQL cluster parameter group | server_audit_logging | 1 |
 | Aurora MySQL cluster parameter group | server_audit_events | - If it exists, expand the value to include CONNECT, QUERY, <br> - If it doesn't exist, add it with the value CONNECT, QUERY. |
 | Aurora MySQL cluster parameter group | server_audit_excl_users | If it exists, expand it to include rdsadmin. |
 | Aurora MySQL cluster parameter group | server_audit_incl_users | - If it exists with a value and rdsadmin as part of the include, then it won't be present in SERVER_AUDIT_EXCL_USER, and the value of include is empty. |
@@ -122,14 +122,15 @@ An option group is required for MySQL and MariaDB with the following options for
 | SERVER_AUDIT_INCL_USERS | If it exists with a value and rdsadmin is part of the include, then it won't be present in SERVER_AUDIT_EXCL_USER, and the value of include is empty. |
 
 > [!IMPORTANT]
-> You may need to reboot your instances to apply the changes.
+> You might need to reboot your instances to apply the changes.
 >
 > If you are using the default parameter group, a new parameter group will be created that includes the required parameter changes with the prefix `defenderfordatabases*`.
 >
 > If a new parameter group was created or if static parameters were updated, they won't take effect until the instance is rebooted.
 
 > [!NOTE]
-> - If a parameter group already exists it will be updated accordingly. 
+>
+> - If a parameter group already exists it will be updated accordingly.
 >
 > - MARIADB_AUDIT_PLUGIN is supported in MariaDB 10.2 and higher, MySQL 8.0.25 and higher 8.0 versions and All MySQL 5.7 versions.
 >

articles/defender-for-cloud/exempt-resource.md

@@ -34,8 +34,8 @@ This feature is in preview. [!INCLUDE [Legalese](../../includes/defender-for-clo
 - You can create exemptions for recommendations included in Defender for Cloud's default [Microsoft cloud security benchmark](/security/benchmark/azure/introduction) standard, or any of the supplied regulatory standards.
 >
 > [!NOTE]
-> The Defender for Cloud exemption relies on Microsoft Cloud Security Benchmark (MCSB) initiative to evaluate and retrieve resources compliance state on the Defender for Cloud portal. If the MCSB is missing, the portal will partially work and some resources may not appear.
-   
+> The Defender for Cloud exemption relies on Microsoft Cloud Security Benchmark (MCSB) initiative to evaluate and retrieve resources compliance state on the Defender for Cloud portal. If the MCSB is missing, the portal will partially work and some resources might not appear.
+
 - Some recommendations included in Microsoft cloud security benchmark do not support exemptions, a list of those recommendations can be found [here](faq-general.yml)
 
 - Recommendations included in multiple policy initiatives must [all be exempted](faq-general.yml)

articles/defender-for-cloud/implement-security-recommendations.md

@@ -39,7 +39,7 @@ In addition to risk level, we recommend that you prioritize the security control
 
 ## Use the Fix option
 
-To simplify the remediation process, a Fix button may appear in a recommendation. The Fix button helps you quickly remediate a recommendation on multiple resources. If the Fix button is not present in the recommendation, then there is no option to apply a quick fix, and you must follow the presented remediation steps to address the recommendation.
+To simplify the remediation process, a Fix button might appear in a recommendation. The Fix button helps you quickly remediate a recommendation on multiple resources. If the Fix button is not present in the recommendation, then there is no option to apply a quick fix, and you must follow the presented remediation steps to address the recommendation.
 
 **To remediate a recommendation with the Fix button**:
 

articles/defender-for-cloud/includes/defender-for-devops-recommendations.md

@@ -198,7 +198,7 @@ ms.author: dacurwin
 
 ### [Code repositories should have secret scanning findings resolved](https://portal.azure.com/#view/Microsoft_Azure_Security/GenericRecommendationDetailsWithRulesBlade/assessmentKey/4e07c7d0-e06c-47d7-a4a9-8c7b748d1b27/showSecurityCenterCommandBar~/false)
 
-**Description**: DevOps security in Defender for Cloud has found a secret in code repositories.  This should be remediated immediately to prevent a security breach.  Secrets found in repositories can be leaked or discovered by adversaries, leading to compromise of an application or service. For Azure DevOps, the Microsoft Security DevOps CredScan tool only scans builds on which it has been configured to run. Therefore, results may not reflect the complete status of secrets in your repositories. <br> (No related policy)
+**Description**: DevOps security in Defender for Cloud has found a secret in code repositories.  This should be remediated immediately to prevent a security breach.  Secrets found in repositories can be leaked or discovered by adversaries, leading to compromise of an application or service. For Azure DevOps, the Microsoft Security DevOps CredScan tool only scans builds on which it has been configured to run. Therefore, results might not reflect the complete status of secrets in your repositories. <br> (No related policy)
 
 **Severity**: High
 

articles/defender-for-cloud/quickstart-onboard-devops.md

@@ -83,7 +83,7 @@ To connect your Azure DevOps organization to Defender for Cloud by using a nativ
 > [!NOTE]
 > To ensure proper functionality of advanced DevOps posture capabilities in Defender for Cloud, only one instance of an Azure DevOps organization can be onboarded to the Azure Tenant you're creating a connector in.
 
-Upon successful onboarding, DevOps resources (e.g., repositories, builds) will be present within the Inventory and DevOps security pages. It may take up to 8 hours for resources to appear. Security scanning recommendations may require [an additional step to configure your pipelines](azure-devops-extension.yml). Refresh intervals for security findings vary by recommendation and details can be found on the Recommendations page.
+Upon successful onboarding, DevOps resources (e.g., repositories, builds) will be present within the Inventory and DevOps security pages. It might take up to 8 hours for resources to appear. Security scanning recommendations might require [an additional step to configure your pipelines](azure-devops-extension.yml). Refresh intervals for security findings vary by recommendation and details can be found on the Recommendations page.
 
 ## Next steps