Merge pull request #250887 from ElazarK/WI147804-mdc-m365

WI 147804 MDC & M365 integration

Author: PMEds28

articles/defender-for-cloud/TOC.yml

@@ -39,21 +39,21 @@
       expanded: false
       items:
         - name: Connect your Azure subscriptions
-          displayName: enable, defender for cloud, activate, turn on
+          displayName: enable, defender for cloud, activate, turn on, Microsoft 365 Defender, alerts, integration, m365, m365d, m365 defender
           href: connect-azure-subscription.md
         - name: Connect your AWS accounts
-          displayName: hybrid, multicloud, multicloud, amazon, arc, AWS, accounts
+          displayName: hybrid, multicloud, multicloud, amazon, arc, AWS, accounts, Microsoft 365 Defender, alerts, integration, m365, m365d, m365 defender
           href: quickstart-onboard-aws.md
         - name: Connect your GCP projects
-          displayName: hybrid, multicloud, multicloud, google, gcp
+          displayName: hybrid, multicloud, multicloud, google, gcp, Microsoft 365 Defender, alerts, integration, m365, m365d, m365 defender
           href: quickstart-onboard-gcp.md
         - name: Connect individual non-Azure machines
           items:
             - name: Connect machines with Defender for Endpoint
               displayName: azure stack, ash, windows, linux, hybrid, defender for endpoint
               href: onboard-machines-with-defender-for-endpoint.md
             - name: Connect machines with Azure Arc
-              displayName: azure stack, ash, windows, linux, hybrid, arc, on-premises
+              displayName: azure stack, ash, windows, linux, hybrid, arc, on-premises, Microsoft 365 Defender, alerts, integration, m365, m365d, m365 defender
               href: quickstart-onboard-machines.md
     - name: Enable specific Defender plans
       expanded: false
@@ -259,6 +259,9 @@
           displayName: security, alerts, classification, incident, threat, detection,
             analytics,
           href: alerts-overview.md
+        - name: Alerts and incidents in Microsoft 365 Defender
+          displayName: Microsoft 365 Defender, alerts, integration, m365, m365d, m365 defender
+          href: concept-integration-365.md
         - name: Security alerts
           items:
             - name: Security alerts reference list

articles/defender-for-cloud/concept-integration-365.md

@@ -0,0 +1,35 @@
+---
+title: Alerts and incidents in Microsoft 365 Defender
+description: Learn about the benefits of receiving Microsoft Defender for Cloud's alerts in Microsoft 365 Defender 
+ms.topic: conceptual
+ms.date: 11/02/2023
+---
+
+# Alerts and incidents in Microsoft 365 Defender
+
+Microsoft Defender for Cloud's integration with Microsoft 365 Defender allows security teams to access Defender for Cloud alerts and incidents within the Microsoft 365 Defender portal. This integration provides richer context to investigations that span cloud resources, devices, and identities. 
+
+The partnership with Microsoft 365 Defender allows security teams to get the complete picture of an attack, including suspicious and malicious events that happen in their cloud environment. This is achieved through immediate correlations of alerts and incidents. 
+
+Microsoft 365 Defender offers a comprehensive solution that combines protection, detection, investigation, and response capabilities to protect against attacks on device, email, collaboration, identity, and cloud apps. Our detection and investigation capabilities are now extended to cloud entities, offering security operations teams a single pane of glass to significantly improve their operational efficiency. 
+
+Incidents and alerts are now part of [Microsoft 365 Defender's public API](/microsoft-365/security/defender/api-overview?view=o365-worldwide). This integration allows exporting of security alerts data to any system using a single API. As Microsoft Defender for Cloud, we're committed to providing our users with the best possible security solutions, and this integration is a significant step towards achieving that goal.
+
+## Investigation experience in Microsoft 365 Defender 
+
+The following table describes the detection and investigation experience in Microsoft 365 Defender with Defender for Cloud alerts.
+
+| Area | Description |
+|--|--|
+| Incidents | All Defender for Cloud incidents are integrated to Microsoft 365 Defender. <br> - Searching for cloud resource assets in the [incident queue](/microsoft-365/security/defender/incident-queue?view=o365-worldwide) is supported. <br> - The [attack story](/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide#attack-story) graph shows cloud resource. <br> - The [assets tab](/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide#assets) in an incident page shows the cloud resource. <br> - Each virtual machine has its own entity page containing all related alerts and activity. <br> <br> There are no duplications of incidents from other Defender workloads. |
+| Alerts  | All Defender for Cloud alerts, including multicloud, internal and external providers’ alerts, are integrated to Microsoft 365 Defender. Defenders for Cloud alerts show on the Microsoft 365 Defender [alert queue](/microsoft-365/security/defender-endpoint/alerts-queue-endpoint-detection-response?view=o365-worldwide). <br> <br> The `cloud resource` asset shows up in the Asset tab of an alert. Resources are clearly identified as an Azure, Amazon, or a Google Cloud resource. <br> <br> Defenders for Cloud alerts are automatically be associated with a tenant. <br> <br> There are no duplications of alerts from other Defender workloads.| 
+| Alert and incident correlation | Alerts and incidents are automatically correlated, providing robust context to security operations teams to understand the complete attack story in their cloud environment. |
+| Threat detection | Accurate matching of virtual entities to device entities to ensure precision and effective threat detection. |
+| Advanced hunting  |  |
+| Unified API | Defender for Cloud alerts and incidents are now included in [Microsoft 365 Defender’s public API](/microsoft-365/security/defender/api-overview?view=o365-worldwide), allowing customers to export their security alerts data into other systems using one API. |
+
+Learn more about [handling alerts in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud?view=o365-worldwide).
+
+## Next steps
+
+[Security alerts - a reference guide](alerts-reference.md)

articles/defender-for-cloud/connect-azure-subscription.md

@@ -2,7 +2,7 @@
 title: Connect your Azure subscriptions
 description: Learn how to connect your Azure subscriptions to Microsoft Defender for Cloud 
 ms.topic: install-set-up-deploy
-ms.date: 07/10/2023
+ms.date: 11/02/2023
 ms.custom: mode-other
 ---
 
@@ -16,7 +16,7 @@ Microsoft Defender for Cloud is a cloud-native application protection platform (
 - A cloud security posture management (CSPM) solution that surfaces actions that you can take to prevent breaches
 - A cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads
 
-Defender for Cloud includes Foundational CSPM capabilities for free, complemented by additional paid plans required to secure all aspects of your cloud resources. To learn more about these plans and their costs, see the Defender for Cloud [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/).
+Defender for Cloud includes Foundational CSPM capabilities and access to [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) for free. You can add additional paid plans to secure all aspects of your cloud resources. To learn more about these plans and their costs, see the Defender for Cloud [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/).
 
 Defender for Cloud helps you find and fix security vulnerabilities. Defender for Cloud also applies access and application controls to block malicious activity, detect threats using analytics and intelligence, and respond quickly when under attack.
 
@@ -95,6 +95,14 @@ If you want to disable any of the plans, toggle the individual plan to **off**.
 > [!TIP]
 > To enable Defender for Cloud on all subscriptions within a management group, see [Enable Defender for Cloud on multiple Azure subscriptions](onboard-management-group.md).
 
+## Integrate with Microsoft 365 Defender
+
+When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft 365 Defender portal. No further steps are needed.
+
+The integration between Microsoft Defender for Cloud and Microsoft 365 Defender brings your cloud environments into Microsoft 365 Defender. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft 365 Defender, SOC teams can now access all security information from a single interface. 
+
+Learn more about Defender for Cloud's [alerts in Microsoft 365 Defender](concept-integration-365.md).
+
 ## Next steps
 
 In this guide, you enabled Defender for Cloud on your Azure subscription. The next step is to set up your hybrid and multicloud environments.

articles/defender-for-cloud/data-security.md

@@ -4,7 +4,7 @@ description: Learn how data is managed and safeguarded in Microsoft Defender for
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
-ms.date: 07/18/2023
+ms.date: 11/02/2023
 ---
 # Microsoft Defender for Cloud data security
 
@@ -77,10 +77,13 @@ Customers can access Defender for Cloud related data from the following data str
 | [Azure Monitor logs](../azure-monitor/data-platform.md)                      | All security alerts.                                                                                                                                                                                                |
 | [Azure Resource Graph](../governance/resource-graph/overview.md)                      | Security alerts, security recommendations, vulnerability assessment results, secure score information, status of compliance checks, and more.                                                                       |
 | [Microsoft Defender for Cloud REST API](/rest/api/defenderforcloud/) | Security alerts, security recommendations, and more.                                                                                                                                                                |
-
 > [!NOTE]
 > If there are no Defender plans enabled on the subscription, data will be removed from Azure Resource Graph after 30 days of inactivity in the Microsoft Defender for Cloud portal. After interaction with artifacts in the portal related to the subscription, the data should be visible again within 24 hours.
 
+## Defender for Cloud and Microsoft Defender 365 Defender integration
+
+When you enable any of Defender for Cloud's paid plans you automatically gain all of the benefits of Microsoft 365 Defender. Information from Defender for Cloud will be shared with Microsoft 365 Defender. This data may contain customer data and will be stored according to [Microsoft 365 data handling guidelines](/microsoft-365/security/defender/data-privacy?view=o365-worldwide).
+
 ## Next steps
 
 In this document, you learned how data is managed and safeguarded in Microsoft Defender for Cloud.

articles/defender-for-cloud/defender-for-cloud-introduction.md

@@ -1,9 +1,8 @@
 ---
 title: What is Microsoft Defender for Cloud?
-
 description: Use Microsoft Defender for Cloud to protect your Azure, hybrid, and multicloud resources and workloads.
 ms.topic: overview
-ms.date: 07/24/2023
+ms.date: 11/02/2023
 ---
 
 # What is Microsoft Defender for Cloud?
@@ -14,11 +13,18 @@ Microsoft Defender for Cloud is a cloud-native application protection platform (
 - A cloud security posture management (CSPM) solution that surfaces actions that you can take to prevent breaches
 - A cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads
 
-![Diagram that shows the core functionality of Microsoft Defender for Cloud.](media/defender-for-cloud-introduction/defender-for-cloud-pillars.png)
+:::image type="content" source="media/defender-for-cloud-introduction/defender-for-cloud-pillars.png" alt-text="Diagram that shows the core functionality of Microsoft Defender for Cloud.":::
 
 > [!NOTE]
 > For Defender for Cloud pricing information, see the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/).
 
+When you [enable Defender for Cloud on your](connect-azure-subscription.md), you'll automatically gain access to Microsoft 365 Defender.
+
+The Microsoft 365 Defender portal provides richer context to investigations that span cloud resources, devices, and identities. In addition, security teams are able to get the complete picture of an attack, including suspicious and malicious events that happen in their cloud environment, through the immediate correlation of all alerts and incidents, including cloud alerts and incidents.
+
+You can learn more about the [integration between Microsoft Defender for Cloud and Microsoft 365 Defender](concept-integration-365.md).
+
+
 ## Secure cloud applications
 
 Defender for Cloud helps you to incorporate good security practices early during the software development process, or DevSecOps. You can protect your code management environments and your code pipelines, and get insights into your development environment security posture from a single location. Defender for Cloud empowers security teams to manage DevOps security across multi-pipeline environments.
@@ -31,7 +37,7 @@ Today’s applications require security awareness at the code, infrastructure, a
 
 ## Improve your security posture
 
-The security of your cloud and on-premises resources depends on proper configuration and deployment. Defender for Cloud recommendations identify the steps that you can take to secure your environment.
+The security of your cloud and on-premises resources depends on proper configuration and deployment. Defender for Cloud recommendations identifies the steps that you can take to secure your environment.
 
 Defender for Cloud includes Foundational CSPM capabilities for free. You can also enable advanced CSPM capabilities by enabling the Defender CSPM plan.
 

articles/defender-for-cloud/quickstart-onboard-aws.md

@@ -3,7 +3,7 @@ title: Connect your AWS account
 description: Defend your AWS resources by using Microsoft Defender for Cloud.
 ms.topic: install-set-up-deploy
 ms.custom: devx-track-linux
-ms.date: 10/22/2023
+ms.date: 11/02/2023
 ---
 
 # Connect your AWS account to Microsoft Defender for Cloud
@@ -241,6 +241,14 @@ To view all the active recommendations for your resources by resource type, use
 
 :::image type="content" source="./media/quickstart-onboard-aws/aws-resource-types-in-inventory.png" alt-text="Screenshot of AWS options in the asset inventory page's resource type filter." lightbox="media/quickstart-onboard-aws/aws-resource-types-in-inventory.png":::
 
+## Integrate with Microsoft 365 Defender
+
+When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft 365 Defender portal. No further steps are needed.
+
+The integration between Microsoft Defender for Cloud and Microsoft 365 Defender brings your cloud environments into Microsoft 365 Defender. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft 365 Defender, SOC teams can now access all security information from a single interface. 
+
+Learn more about Defender for Cloud's [alerts in Microsoft 365 Defender](concept-integration-365.md).
+
 ## Learn more
 
 Check out the following blogs:

articles/defender-for-cloud/quickstart-onboard-gcp.md

@@ -208,6 +208,14 @@ To view all the active recommendations for your resources by resource type, use
 
 :::image type="content" source="./media/quickstart-onboard-gcp/gcp-resource-types-in-inventory.png" alt-text="Screenshot of GCP options in the asset inventory page's resource type filter." lightbox="media/quickstart-onboard-gcp/gcp-resource-types-in-inventory.png":::
 
+## Integrate with Microsoft 365 Defender
+
+When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft 365 Defender portal. No further steps are needed.
+
+The integration between Microsoft Defender for Cloud and Microsoft 365 Defender brings your cloud environments into Microsoft 365 Defender. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft 365 Defender, SOC teams can now access all security information from a single interface. 
+
+Learn more about Defender for Cloud's [alerts in Microsoft 365 Defender](concept-integration-365.md).
+
 ## Next steps
 
 Connecting your GCP project is part of the multicloud experience available in Microsoft Defender for Cloud:

articles/defender-for-cloud/quickstart-onboard-machines.md

@@ -2,7 +2,7 @@
 title: Connect on-premises machines
 description: Learn how to connect your non-Azure machines to Microsoft Defender for Cloud.
 ms.topic: install-set-up-deploy
-ms.date: 06/29/2023
+ms.date: 11/02/2023
 ms.custom: mode-other
 ---
 
@@ -147,6 +147,14 @@ To verify that your machines are connected:
 
    ![Defender for Cloud icon for an Azure Arc-enabled server.](./media/quickstart-onboard-machines/arc-enabled-machine-icon.png) Azure Arc-enabled server
 
+## Integrate with Microsoft 365 Defender
+
+When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft 365 Defender portal. No further steps are needed.
+
+The integration between Microsoft Defender for Cloud and Microsoft 365 Defender brings your cloud environments into Microsoft 365 Defender. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft 365 Defender, SOC teams can now access all security information from a single interface. 
+
+Learn more about Defender for Cloud's [alerts in Microsoft 365 Defender](concept-integration-365.md).
+
 ## Clean up resources
 
 There's no need to clean up any resources for this article.