implementing feedback - final

Shereen-Bhar · Shereen-Bhar · commit 55eeb101474c · 2023-04-16T20:31:10.000+03:00
diff --git a/articles/defender-for-cloud/concept-agentless-containers.md b/articles/defender-for-cloud/concept-agentless-containers.md
@@ -11,7 +11,7 @@ ms.custom: template-concept
 
 You can identify security risks that exist in containers and Kubernetes realms with the agentless discovery and visibility capability across SDLC and runtime.
 
-You can maximize the coverage of your container posture issues and extend your protection beyond the reach of agent-based assessments, with container vulnerability assessment insights as part of [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md) and Kubernetes [Attack Path](attack-path-reference.md#azure-containers) analysis, to provide a holistic approach to your posture improvement.
+You can maximize the coverage of your container posture issues and extend your protection beyond the reach of agent-based assessments to provide a holistic approach to your posture improvement. This includes, for example, container vulnerability assessment insights as part of [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md) and Kubernetes [Attack Path](attack-path-reference.md#azure-containers) analysis.
 
 Learn more about [Cloud Security Posture Management](concept-cloud-security-posture-management.md).
 
@@ -37,23 +37,21 @@ All of these capabilities are available as part of the [Defender Cloud Security
 | Aspect | Details |
 |---------|---------|
 |Release state:|Preview|
-|Pricing:|Requires [Defender Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) |
+|Pricing:|Requires [Defender Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) and is billed as shown on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
 | Clouds:    | :::image type="icon" source="./media/icons/yes-icon.png"::: Azure Commercial clouds<br> :::image type="icon" source="./media/icons/no-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure China 21Vianet<br>:::image type="icon" source="./media/icons/no-icon.png"::: Connected AWS accounts<br>:::image type="icon" source="./media/icons/no-icon.png"::: Connected GCP accounts        |
+| Permissions | You need to have access as a Subscription Owner, or, User Access Admin as well as Security Admin permissions for the Azure subscription used for onboarding |
 
 ## Prerequisites
 
-### Permissions
-
-You need to have access as a Subscription Owner, or, User Access Admin as well as Security Admin permissions for the Azure subscription used for onboarding.
-
-
 You need to have a Defender for CSPM plan enabled. There's no dependency on Defender for Containers​.
 
 Learn more about [trusted versions that AKS supports](/azure/aks/supported-kubernetes-versions?tabs=azure-cli).
 
 ## Onboard Agentless Containers for CSPM
 
-Before starting the onboarding process, make sure you have [a subscription onboarded to the Defender CSPM plan](enable-enhanced-security.md#enable-enhanced-security-features-on-a-subscription).
+Onboarding Agentless Containers for CSPM will allow you to gain wide visibility into Kubernetes and containers registries across SDLC and runtime.
+
+**To onboard Agentless Containers for CSPM:**
 
 1. In the Azure portal, navigate to the Defender for Cloud's **Environment Settings** page.
 
@@ -75,7 +73,7 @@ For container registries vulnerability assessments, recommendations are availabl
 
 Learn more about [image scanning](defender-for-containers-vulnerability-assessment-azure.md).
 
-## How Agentless discovery for Kubernetes works
+### How Agentless discovery for Kubernetes works
 
 The system’s architecture is based on a snapshot mechanism at intervals.
 
@@ -100,7 +98,7 @@ By enabling the Agentless discovery for Kubernetes extension, the following proc
 
 - **Bind**: Upon discovery of an AKS cluster, MDC performs an AKS bind operation between the created identity and the Kubernetes role “Microsoft.Security/pricings/microsoft-defender-operator”. The role is visible via API and gives MDC data plane read permission inside the cluster.
 
-## Refresh intervals
+### Refresh intervals
 
 Agentless information in Defender CSPM is updated once an hour through a snapshot mechanism. It can take up to **24 hours** to see results in Cloud Security Explorer and Attack Path.
 
diff --git a/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md b/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md
@@ -36,21 +36,21 @@ When a scan is triggered, findings are available as Defender for Cloud recommend
 
 Before you can scan your ACR images:
 
-- YOu must enable one of the following plans on your subscription:
+- You must enable one of the following plans on your subscription:
 
     - [Defender CSPM](concept-cloud-security-posture-management.md). When you enable this plan, ensure you enable the **Container registries vulnerability assessments (preview)** extension.
     - [Defender for Containers](defender-for-containers-enable.md).
 
         >[!NOTE]
-        > This feature is charged per image.
+        > This feature is charged per image. Learn more about the [pricing](https://azure.microsoft.com/pricing/details/defender-for-cloud/)
 
 To find vulnerabilities in images stored in other container registries, you can import the images into ACR and scan them.
 
-    Use the ACR tools to bring images to your registry from Docker Hub or Microsoft Container Registry. When the import completes, the imported images are scanned by the built-in vulnerability assessment solution.
+Use the ACR tools to bring images to your registry from Docker Hub or Microsoft Container Registry. When the import completes, the imported images are scanned by the built-in vulnerability assessment solution.
 
-    Learn more in [Import container images to a container registry](../container-registry/container-registry-import-images.md)
+Learn more in [Import container images to a container registry](../container-registry/container-registry-import-images.md)
 
-    You can also [scan images in Amazon AWS Elastic Container Registry](defender-for-containers-vulnerability-assessment-elastic.md) directly from the Azure portal.
+You can also [scan images in Amazon AWS Elastic Container Registry](defender-for-containers-vulnerability-assessment-elastic.md) directly from the Azure portal.
 
 For a list of the types of images and container registries supported by Microsoft Defender for Containers, see [Availability](supported-machines-endpoint-solutions-clouds-containers.md?tabs=azure-aks#registries-and-images).
 
diff --git a/articles/defender-for-cloud/support-matrix-defender-for-cloud.md b/articles/defender-for-cloud/support-matrix-defender-for-cloud.md
@@ -69,6 +69,8 @@ Microsoft Defender for Cloud is available in the following Azure cloud environme
 | - [Microsoft Defender for Servers](./defender-for-servers-introduction.md)                                                                                    | GA             | GA                             | GA                             |
 | - [Microsoft Defender for App Service](./defender-for-app-service-introduction.md)                                                                            | GA             | Not Available                  | Not Available                  |
 | - [Microsoft Defender CSPM](./concept-cloud-security-posture-management.md) | GA | Not Available | Not Available |
+| - [Agentless discovery for Kubernetes](concept-agentless-containers.md) | Public Preview | Not Available                  | Not Available                  |
+| [Agentless vulnerability assessments for container images](defender-for-containers-vulnerability-assessment-azure.md), including registry scanning (\* Up to 20 unique images per billable resource) | Public Preview | Not Available                  | Not Available                  |
 | - [Microsoft Defender for DNS](./defender-for-dns-introduction.md)                                                                                            | GA             | GA                             | GA                             |
 | - [Microsoft Defender for Kubernetes](./defender-for-kubernetes-introduction.md) <sup>[1](#footnote1)</sup>                                                   | GA             | GA                             | GA                             |
 | - [Microsoft Defender for Containers](./defender-for-containers-introduction.md) <sup>[7](#footnote7)</sup>                                                  | GA             | GA                             | GA                             |
