Merge pull request #105421 from memildin/asc-melvyn-faq-work

Refactoring and moving the FAQ

Author: ttorble

.openpublishing.redirection.json

@@ -29025,6 +29025,11 @@
       "redirect_url": "/azure/security-center/security-center-partner-integration",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-faq.md",
+      "redirect_url": "/azure/security-center/faq-general",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/security-center/security-center-playbooks.md",
       "redirect_url": "/azure/security-center/workflow-automation",

articles/security-center/TOC.yml

@@ -187,6 +187,20 @@
   items:
   - name: REST APIs
     href: https://docs.microsoft.com/rest/api/securitycenter/
+  - name: FAQ for Azure Security Center
+    items:
+    - name: General questions
+      href: faq-general.md
+    - name: Billing questions
+      href: faq-billing.md
+    - name: Permissions questions
+      href: faq-permissions.md
+    - name: Data collection and agent questions
+      href: faq-data-collection-agents.md
+    - name: Virtual Machines questions
+      href: faq-vms.md      
+    - name: Existing users of Azure Log Analytics
+      href: faq-azure-monitor-logs.md      
   - name: Release notes
     href: https://azure.microsoft.com/updates/?product=security-center
   - name: Features and API retirement (July 2019)
@@ -202,8 +216,6 @@
     href: security-center-privacy.md
   - name: Azure Security Center for IoT documentation
     href: https://docs.microsoft.com/azure/asc-for-iot/
-  - name: FAQ
-    href: security-center-faq.md
   - name: Azure security documentation
     href: /azure/security/
   - name: Azure updates

articles/security-center/faq-azure-monitor-logs.md

@@ -0,0 +1,47 @@
+---
+title: Azure Security Center FAQ - questions about existing MMAs
+description: This FAQ answers questions for customers already using the Microsoft Monitoring Agent and considering Azure Security Center, a product that helps you prevent, detect, and respond to threats.
+services: security-center
+documentationcenter: na
+author: memildin
+manager: rkarlin
+ms.assetid: be2ab6d5-72a8-411f-878e-98dac21bc5cb
+ms.service: security-center
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 02/25/2020
+ms.author: memildin
+
+---
+
+# FAQ for customers already using Azure Monitor logs<a name="existingloganalyticscust"></a>
+
+## Does Security Center override any existing connections between VMs and workspaces?
+
+If a VM already has the Microsoft Monitoring Agent installed as an Azure extension, Security Center does not override the existing workspace connection. Instead, Security Center uses the existing workspace. The VM will be protected provided that the "Security" or "SecurityCenterFree" solution has been installed on the workspace to which it is reporting. 
+
+A Security Center solution is installed on the workspace selected in the Data Collection screen if not present already, and the solution is applied only to the relevant VMs. When you add a solution, it's automatically deployed by default to all Windows and Linux agents connected to your Log Analytics workspace. [Solution Targeting](../operations-management-suite/operations-management-suite-solution-targeting.md) allows you to apply a scope to your solutions.
+
+If the Microsoft Monitoring Agent is installed directly on the VM (not as an Azure extension), Security Center does not install the Microsoft Monitoring Agent and security monitoring is limited.
+
+## Does Security Center install solutions on my existing Log Analytics workspaces? What are the billing implications?
+When Security Center identifies that a VM is already connected to a workspace you created, Security Center enables solutions on this workspace according to your pricing tier. The solutions are applied only to the relevant Azure VMs, via [solution targeting](../operations-management-suite/operations-management-suite-solution-targeting.md), so the billing remains the same.
+
+- **Free tier** – Security Center installs the 'SecurityCenterFree' solution on the workspace. You won't be billed for the Free tier.
+- **Standard tier** – Security Center installs the 'Security' solution on the workspace.
+
+   ![Solutions on default workspace][1]
+
+## I already have workspaces in my environment, can I use them to collect security data?
+If a VM already has the Microsoft Monitoring Agent installed as an Azure extension, Security Center uses the existing connected workspace. A Security Center solution is installed on the workspace if not present already, and the solution is applied only to the relevant VMs via [solution targeting](../operations-management-suite/operations-management-suite-solution-targeting.md).
+
+When Security Center installs the Microsoft Monitoring Agent on VMs, it uses the default workspace(s) created by Security Center.
+
+## I already have security solution on my workspaces. What are the billing implications?
+The Security & Audit solution is used to enable Security Center Standard tier features for Azure VMs. If the Security & Audit solution is already installed on a workspace, Security Center uses the existing solution. There is no change in billing.
+
+
+<!--Image references-->
+[1]: ./media/security-center-platform-migration-faq/solutions.png

articles/security-center/faq-billing.md

@@ -0,0 +1,29 @@
+---
+title: Azure Security Center FAQ - questions about billing
+description: This FAQ answers billing questions about Azure Security Center, a product that helps you prevent, detect, and respond to threats.
+services: security-center
+documentationcenter: na
+author: memildin
+manager: rkarlin
+ms.assetid: be2ab6d5-72a8-411f-878e-98dac21bc5cb
+ms.service: security-center
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 02/25/2020
+ms.author: memildin
+
+---
+
+# Billing
+
+## How does billing work for Azure Security Center?
+Security Center is offered in two tiers:
+
+The **Free tier** provides visibility into the security state of your Azure resources, basic security policy, security recommendations, and integration with security products and services from partners.
+
+The **Standard tier** adds advanced threat detection capabilities, including threat intelligence, behavioral analysis, anomaly detection, security incidents, and threat attribution reports. You can start a Standard tier free trial. To upgrade, select [Pricing Tier](https://docs.microsoft.com/azure/security-center/security-center-pricing) in the security policy. To learn more, see the [pricing page](https://azure.microsoft.com/pricing/details/security-center/).
+
+## How can I track who in my organization performed pricing tier changes in Azure Security Center
+Azure Subscriptions may have multiple administrators with permissions to change the pricing tier. To find out which user performed a pricing tier change, use the Azure Activity Log. For more information, see [here](https://techcommunity.microsoft.com/t5/Security-Identity/Tracking-Changes-in-the-Pricing-Tier-for-Azure-Security-Center/td-p/390832).