Merge pull request #226493 from bmansheim/pm-feedback-overview

Initial overview section from release branch

Author: PMEds28

.openpublishing.redirection.defender-for-cloud.json

@@ -383,7 +383,7 @@
         {
             "source_path_from_root": "/articles/security-center/defender-for-cloud-introduction.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-cloud-introduction",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/defender-for-container-registries-cicd.md",
@@ -473,7 +473,7 @@
         {
             "source_path_from_root": "/articles/security-center/enable-data-collection.md",
             "redirect_url": "/azure/defender-for-cloud/enable-data-collection",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/enable-enhanced-security.md",
@@ -508,7 +508,7 @@
         {
             "source_path_from_root": "/articles/security-center/get-started.md",
             "redirect_url": "/azure/defender-for-cloud/get-started",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/harden-docker-hosts.md",
@@ -553,7 +553,7 @@
         {
             "source_path_from_root": "/articles/security-center/os-coverage.md",
             "redirect_url": "/azure/defender-for-cloud/os-coverage",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/other-threat-protections.md",
@@ -568,7 +568,7 @@
         {
             "source_path_from_root": "/articles/security-center/permissions.md",
             "redirect_url": "/azure/defender-for-cloud/permissions",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/protect-network-resources.md",
@@ -653,7 +653,7 @@
         {
             "source_path_from_root": "/articles/security-center/supported-machines-endpoint-solutions-clouds.md",
             "redirect_url": "/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/security-center/tutorial-protect-resources.md",
@@ -779,6 +779,31 @@
             "source_path_from_root": "/articles/defender-for-cloud/security-center-planning-and-operations-guide.md",
             "redirect_url": "/azure/defender-for-cloud/defender-for-cloud-planning-and-operations-guide",
             "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/enhanced-security-features-overview.md",
+            "redirect_url": "/azure/defender-for-cloud/defender-for-cloud-introduction",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/os-coverage.md",
+            "redirect_url": "/azure/defender-for-cloud/monitoring-components",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/features-paas.md",
+            "redirect_url": "/azure/defender-for-cloud/support-matrix-defender-for-cloud",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers.md",
+            "redirect_url": "/azure/defender-for-cloud/support-matrix-defender-for-containers",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds-servers.md",
+            "redirect_url": "/azure/defender-for-cloud/support-matrix-defender-for-servers",
+            "redirect_document_id": true
         }
-      ]
+    ]
 }

articles/azure-monitor/logs/cost-logs.md

@@ -141,7 +141,7 @@ In some scenarios, combining this data can result in cost savings. Typically, th
 - [LinuxAuditLog](/azure/azure-monitor/reference/tables/linuxauditlog)
 - [SysmonEvent](/azure/azure-monitor/reference/tables/sysmonevent)
 - [ProtectionStatus](/azure/azure-monitor/reference/tables/protectionstatus)
-- [Update](/azure/azure-monitor/reference/tables/update) and [UpdateSummary](/azure/azure-monitor/reference/tables/updatesummary) when the Update Management solution isn't running in the workspace or solution targeting is enabled. See [What data types are included in the 500-MB data daily allowance?](../../defender-for-cloud/enhanced-security-features-overview.md#what-data-types-are-included-in-the-500-mb-data-daily-allowance).
+- [Update](/azure/azure-monitor/reference/tables/update) and [UpdateSummary](/azure/azure-monitor/reference/tables/updatesummary) when the Update Management solution isn't running in the workspace or solution targeting is enabled. See [What data types are included in the 500-MB data daily allowance?](../../defender-for-cloud/plan-defender-for-servers-data-workspace.md#log-analytics-pricing-faq).
 
 The count of monitored servers is calculated on an hourly granularity. The daily data allocation contributions from each monitored server are aggregated at the workspace level. If the workspace is in the legacy Per Node pricing tier, the Microsoft Defender for Cloud and Log Analytics allocations are combined and applied jointly to all billable ingested data.  
 

articles/defender-for-cloud/TOC.yml

@@ -7,32 +7,24 @@
   - name: What is Microsoft Defender for Cloud?
     displayName: Defender for cloud, servers, storage, sql, containers, app service, key vault, resource manager, dns, open-source relational databases, Azure cosmos db, db, Azure, defender
     href: defender-for-cloud-introduction.md
-  - name: What are the enhanced security features?
-    displayName: azure defender
-    href: enhanced-security-features-overview.md
   - name: What's new?
     displayName: changelog, news, release notes
     href: release-notes.md
   - name: Important upcoming changes
     displayName: release notes, changelog, news
     href: upcoming-changes.md
-  - name: Availability
+  - name: Common questions
     items:
-    - name: Supported platforms for servers
-      displayName: coverage, supported platforms, cloud services, virtual machines
-      href: os-coverage.md
-    - name: Servers coverage by OS, machine type, and cloud
-      displayName: coverage, machines, windows, linux, multicloud, supported features, endpoint protections
-      href: supported-machines-endpoint-solutions-clouds-servers.md
-    - name: Defender for Containers feature availability
-      displayName: Containers, features availability, environment information
-      href: supported-machines-endpoint-solutions-clouds-containers.md
-    - name: Feature coverage for Azure PaaS resources
-      displayName: Paas, resources
-      href: features-paas.md
-    - name: User roles and permissions
-      displayName: RBAC, permissions, roles, contributor, security, reader, admin, owner
-      href: permissions.md
+    - name: General questions
+      href: faq-general.yml
+    - name: Permissions questions
+      href: faq-permissions.yml
+    - name: Data collection and agent questions
+      href: faq-data-collection-agents.yml
+    - name: Azure Virtual Machines questions
+      href: faq-vms.yml
+    - name: Azure Log Analytics questions
+      href: faq-azure-monitor-logs.yml
 
 - name: Quickstarts
   items:
@@ -98,6 +90,19 @@
 
 - name: Concepts
   items:
+  - name: Interoperability and permissions
+    items:
+    - name: User roles and permissions
+      href: permissions.md
+    - name: Azure cloud support
+      displayName: coverage, supported platforms, cloud services, roles, permissions
+      href: support-matrix-defender-for-cloud.md
+    - name: Defender for Servers support matrices
+      displayName: coverage, machines, windows, linux, multicloud, supported features, endpoint protections
+      href: support-matrix-defender-for-servers.md
+    - name: Defender for Containers support matrices
+      displayName: Containers, features availability, environment information
+      href: support-matrix-defender-for-containers.md
   - name: Protect multicloud resources
     items:
     - name: The Defender for Cloud multicloud solution
@@ -165,25 +170,23 @@
       - name: Reference list of attack paths and cloud security graph components
         displayName: attack, paths, security, graph, components
         href: attack-path-reference.md
-  - name: Protect servers
+  - name: Plan Defender for Servers deployment
     items:
-    - name: Plan Defender for Servers deployment
-      items:
-      - name: Get started
-        displayName: VM, JIT, plan 1, plan 2, plans, vulnerability assessment, threat management, defender for endpoint, vulnerability scanner, Qualys, FIM, File integrity monitoring, adaptive application controls, adaptive network hardening, docker, fileless attack detection, auditd, simulate alerts
-        href: plan-defender-for-servers.md
-      - name: Review data residency and workspace design 
-        href: plan-defender-for-servers-data-workspace.md
-      - name: Determine roles and access
-        href: plan-defender-for-servers-roles.md
-      - name: Select a plan
-        href: plan-defender-for-servers-select-plan.md
-      - name: Review agents and extensions
-        href: plan-defender-for-servers-agents.md
-      - name: Scale a Defender for Servers deployment
-        href: plan-defender-for-servers-scale.md
-      - name: Common questions
-        href: faq-defender-for-servers.yml
+    - name: Get started
+      displayName: VM, JIT, plan 1, plan 2, plans, vulnerability assessment, threat management, defender for endpoint, vulnerability scanner, Qualys, FIM, File integrity monitoring, adaptive application controls, adaptive network hardening, docker, fileless attack detection, auditd, simulate alerts
+      href: plan-defender-for-servers.md
+    - name: Review data residency and workspace design 
+      href: plan-defender-for-servers-data-workspace.md
+    - name: Determine roles and access
+      href: plan-defender-for-servers-roles.md
+    - name: Select a plan
+      href: plan-defender-for-servers-select-plan.md
+    - name: Review agents and extensions
+      href: plan-defender-for-servers-agents.md
+    - name: Scale a Defender for Servers deployment
+      href: plan-defender-for-servers-scale.md
+    - name: Common questions
+      href: faq-defender-for-servers.yml
   - name: Protect cloud workloads
     items:
     - name: Agentless scanning
@@ -579,18 +582,6 @@
     href: /rest/api/defenderforcloud/
   - name: Security baseline
     href: /security/benchmark/azure/baselines/security-center-security-baseline?toc=/azure/defender-for-cloud/TOC.json
-  - name: FAQ for Microsoft Defender for Cloud
-    items:
-    - name: General questions
-      href: faq-general.yml
-    - name: Permissions questions
-      href: faq-permissions.yml
-    - name: Data collection and agent questions
-      href: faq-data-collection-agents.yml
-    - name: Virtual Machines questions
-      href: faq-vms.yml
-    - name: Existing users of Azure Log Analytics
-      href: faq-azure-monitor-logs.yml
   - name: Azure Policy built-ins
     displayName: samples, policy
     href: policy-reference.md

articles/defender-for-cloud/adaptive-application-controls.md

@@ -4,12 +4,11 @@ description: This document helps you use adaptive application control in Microso
 author: bmansheim
 ms.author: benmansheim
 ms.topic: how-to
-ms.date: 01/08/2023
+ms.date: 02/06/2023
 
 ---
 # Use adaptive application controls to reduce your machines' attack surfaces
 
-
 Learn about the benefits of Microsoft Defender for Cloud's adaptive application controls and how you can enhance your security with this data-driven, intelligent feature.
 
 ## What are adaptive application controls?
@@ -97,7 +96,7 @@ Select the recommendation, or open the adaptive application controls page to vie
       > [!TIP]
       > Both application lists include the option to restrict a specific application to certain users. Adopt the principle of least privilege whenever possible.
       > 
-      > Applications are defined by their publishers; if an application doesn't have publisher information (it's unsigned), a path rule is created for the full path of the specific application.
+      > Applications are defined by their publishers. If an application doesn't have publisher information (it's unsigned), a path rule is created for the full path of the specific application.
 
    1. To apply the rule, select **Audit**. 
 
@@ -176,21 +175,21 @@ To remediate the issues:
 
 1. To investigate further, select a group.
 
-    :::image type="content" source="./media/adaptive-application/recent-alerts.png" alt-text="Screenshot showing selecting a group the group settings page for adaptive application controls." lightbox="./media/adaptive-application/recent-alerts.png"::: 
+    :::image type="content" source="media/adaptive-application/recent-alerts.png" alt-text="Screenshot showing recent alerts.":::
 
 1. For further details, and the list of affected machines, select an alert.
 
     The security alerts page shows more details of the alerts and provides a **Take action** link with recommendations of how to mitigate the threat.
 
-    :::image type="content" source="media/adaptive-application/adaptive-application-alerts-start-time.png" alt-text="Screenshot showing the start time of adaptive application controls alerts is the time that adaptive application controls created the alert.":::
+    :::image type="content" source="media/adaptive-application/adaptive-application-alerts-start-time.png" alt-text="Screenshot of the start time of adaptive application controls alerts showing that the time is when adaptive application controls created the alert.":::
 
     > [!NOTE]
     > Adaptive application controls calculates events once every twelve hours. The "activity start time" shown in the security alerts page is the time that adaptive application controls created the alert, **not** the time that the suspicious process was active.
 
 
 ## Move a machine from one group to another
 
-When you move a machine from one group to another, the application control policy applied to it changes to the settings of the group that you moved it to. You can also move a machine from a configured group to a non-configured group; doing so removes any application control rules that were applied to the machine.
+When you move a machine from one group to another, the application control policy applied to it changes to the settings of the group that you moved it to. You can also move a machine from a configured group to a non-configured group, which removes any application control rules that were applied to the machine.
 
 1. Open the **Workload protections dashboard** and from the advanced protection area, select **Adaptive application controls**.
 
@@ -212,13 +211,13 @@ When you move a machine from one group to another, the application control polic
 
 To manage your adaptive application controls programmatically, use our REST API. 
 
-The relevant API documentation is available in [the Adaptive application Controls section of Defender for Cloud's API docs](https://learn.microsoft.com/rest/api/defenderforcloud/adaptive-application-controls).
+The relevant API documentation is available in [the Adaptive application Controls section of Defender for Cloud's API docs](/rest/api/defenderforcloud/adaptive-application-controls).
 
 Some of the functions available from the REST API include:
 
 * **List** retrieves all your group recommendations and provides a JSON with an object for each group.
 
-* **Get** retrieves the JSON with the full recommendation data (list of machines, publisher/path rules, etc.).
+* **Get** retrieves the JSON with the full recommendation data (that is, list of machines, publisher/path rules, and so on).
 
 * **Put** configures your rule (use the JSON you retrieved with **Get** as the body for this request).
 

articles/defender-for-cloud/alerts-overview.md

@@ -14,7 +14,7 @@ This article describes security alerts and notifications in Microsoft Defender f
 ## What are security alerts?
 Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.
 
-- Security alerts are triggered by advanced detections in Defender for Cloud, and are available when you enable [enhanced security features](enhanced-security-features-overview.md).
+- Security alerts are triggered by advanced detections in Defender for Cloud, and are available when you enable Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).
 - Each alert provides details of affected resources, issues, and remediation recommendations.
 - Defender for Cloud classifies alerts and prioritizes them by severity in the Defender for Cloud portal.
 - Alerts data is retained for 90 days.

articles/defender-for-cloud/alerts-schemas.md

@@ -9,7 +9,7 @@ ms.date: 11/09/2021
 
 # Security alerts schemas
 
-If your subscription has enhanced security features enabled, you'll receive security alerts when Defender for Cloud detects threats to their resources.
+If your subscription has Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) enabled, you'll receive security alerts when Defender for Cloud detects threats to their resources.
 
 You can view these security alerts in Microsoft Defender for Cloud's pages - [overview dashboard](overview-page.md), [alerts](tutorial-security-incident.md), [resource health pages](investigate-resource-health.md), or [workload protections dashboard](workload-protections-dashboard.md) - and through external tools such as:
 

articles/defender-for-cloud/alerts-suppression-rules.md

@@ -15,7 +15,7 @@ This page explains how you can use alerts suppression rules to suppress false po
 |Aspect|Details|
 |----|:----|
 |Release state:|General availability (GA)|
-|Pricing:|Free<br>(Security alerts are generated by [Defender plans](enable-enhanced-security.md))|
+|Pricing:|Free<br>(Most security alerts are only available with [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads))|
 |Required roles and permissions:|**Security admin** and **Owner** can create/delete rules.<br>**Security reader** and **Reader** can view rules.|
 |Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Azure China 21Vianet)|
 

articles/defender-for-cloud/asset-inventory.md

@@ -12,7 +12,7 @@ The asset inventory page of Microsoft Defender for Cloud shows the [security pos
 
 Use this view and its filters to address such questions as:
 
-- Which of my subscriptions with [Defender plans](defender-for-cloud-introduction.md#cwp---identify-unique-workload-security-requirements) enabled have outstanding recommendations?
+- Which of my subscriptions with [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) enabled have outstanding recommendations?
 - Which of my machines with the tag 'Production' are missing the Log Analytics agent?
 - How many of my machines tagged with a specific tag have outstanding recommendations?
 - Which machines in a specific resource group have a known vulnerability (using a CVE number)?

articles/defender-for-cloud/auto-deploy-azure-monitoring-agent.md

@@ -107,7 +107,7 @@ When you auto-provision the Log Analytics agent in Defender for Cloud, you can c
 
 If you want to collect security events when you auto-provision the Azure Monitor Agent, you can create a [Data Collection Rule](../azure-monitor/essentials/data-collection-rule-overview.md) to collect the required events.
 
-Like for Log Analytics workspaces, Defender for Cloud users are eligible for [500-MB of free data](enhanced-security-features-overview.md#faq---pricing-and-billing) daily on defined data types that include security events.
+Like for Log Analytics workspaces, Defender for Cloud users are eligible for [500-MB of free data](plan-defender-for-servers-data-workspace.md#log-analytics-pricing-faq) daily on defined data types that include security events.
 
 ## Next steps