Merge pull request #258481 from rayne-wiselman/rayne-ignite-PR4

Rayne ignite pr4

Author: AnnaMHuff

articles/defender-for-cloud/TOC.yml

@@ -110,10 +110,6 @@
     - name: Investigate and respond to security alerts
       displayName: triage, security, alerts, investigate,
       href: tutorial-security-incident.md
-    - name: Improve your regulatory compliance
-      displayName: regulatory, compliance, remediate, assessment, reports,
-        certificates, export, workflow, automation
-      href: regulatory-compliance-dashboard.md
     - name: Manage security policies
       displayName: security, policies, edit, disable
       href: tutorial-security-policy.md
@@ -345,26 +341,30 @@
         displayName: gcp, assessment, standards, built-in, compliance, standard, custom,
             assessment, query
         href: how-to-manage-gcp-assessments-standards.md
-      - name: Review your security recommendations
+      - name: Prevent misconfigurations with Enforce/Deny
+        displayName: recommendations, enforce, deny
+        href: prevent-misconfigurations.md
+      - name: Disable a recommendation
+        displayName: recommendation, disable, security, policy,
+        href: tutorial-security-policy.md#disable-a-security-recommendation
+    - name: Investigate and remediate security posture
+      items:
+      - name: Review security recommendations
         displayName: security, recommendations, owner, azure, resource, graph, azure
             resource graph, csv report
         href: review-security-recommendations.md
+      - name: Review exempted resources
+        href: review-exemptions.md
       - name: Remediate recommendations
         displayName: remediation, steps, recommendations, fix, actions, activity log
         href: implement-security-recommendations.md
-      - name: Improve your security posture with recommendation governance
+      - name: Drive remediation with governance rules
         displayName: security, posture, recommendation, governance, automated, rules,
             owners, status, progress
         href: governance-rules.md
-      - name: Prevent misconfigurations with Enforce/Deny
-        displayName: recommendations, enforce, deny
-        href: prevent-misconfigurations.md
-      - name: Automate responses to recommendations
+      - name: Automate remediation responses
         displayName: workflow, triggers, logic app, automation, policies, breaking change
         href: workflow-automation.md
-      - name: Disable a recommendation
-        displayName: recommendation, disable, security, policy,
-        href: tutorial-security-policy.md#disable-a-security-recommendation
     - name: Built-in security protections
       items:
         - name: Leverage Purview to protect sensitive data
@@ -667,7 +667,7 @@
                    href: powershell-sample-vulnerability-assessment-baselines.md
                  - name: Express configuration PowerShell wrapper module
                    href: express-configuration-sql-commands.md
-                 - name: Example express configuration PowerShell commands reference
+                 - name: Example - express configuration
                    href: express-configuration-powershell-commands.md
               - name: Azure CLI examples
                 href: express-configuration-azure-commands.md

articles/defender-for-cloud/agentless-container-registry-vulnerability-assessment.md

@@ -29,7 +29,7 @@ Container vulnerability assessment powered by MDVM (Microsoft Defender Vulnerabi
     | [Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/PhoenixContainerRegistryRecommendationDetailsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5) | Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. Resolving vulnerabilities can greatly improve your security posture, ensuring images are safe to use prior to deployment. | c0b7cfc6-3172-465a-b378-53c7ff2cc0d5 |
     | [Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5)  | Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. This recommendation provides visibility to vulnerable images currently running in your Kubernetes clusters. Remediating vulnerabilities in container images that are currently running is key to improving your security posture, significantly reducing the attack surface for your containerized workloads. | c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5 |
 
-- **Query vulnerability information via the Azure Resource Graph** - Ability to query vulnerability information via the [Azure Resource Graph](/azure/governance/resource-graph/overview#how-resource-graph-complements-azure-resource-manager). Learn how to [query recommendations via ARG](review-security-recommendations.md#review-recommendation-data-in-azure-resource-graph-arg).
+- **Query vulnerability information via the Azure Resource Graph** - Ability to query vulnerability information via the [Azure Resource Graph](/azure/governance/resource-graph/overview#how-resource-graph-complements-azure-resource-manager). Learn how to [query recommendations via ARG](review-security-recommendations.md).
 - **Query scan results via REST API** - Learn how to query scan results via [REST API](subassessment-rest-api.md).
 - **Support for exemptions** - Learn how to  [create exemption rules for a management group, resource group, or subscription](disable-vulnerability-findings-containers.md).
 - **Support for disabling vulnerabilities** - Learn how to [disable vulnerabilities on images](disable-vulnerability-findings-containers.md).

articles/defender-for-cloud/defender-for-cloud-introduction.md

@@ -45,7 +45,7 @@ Defender for Cloud includes Foundational CSPM capabilities for free. You can als
 | [Data-aware Security Posture](concept-data-security-posture.md) | Data-aware security posture automatically discovers datastores containing sensitive data, and helps reduce risk of data breaches. | [Enable data-aware security posture](data-security-posture-enable.md) | Defender CSPM or Defender for Storage |
 | [Attack path analysis](concept-attack-path.md#what-is-attack-path-analysis) | Model traffic on your network to identify potential risks before you implement changes to your environment. | [Build queries to analyze paths](how-to-manage-attack-path.md) | Defender CSPM |
 | [Cloud Security Explorer](concept-attack-path.md#what-is-cloud-security-explorer) | A map of your cloud environment that lets you build queries to find security risks. | [Build queries to find security risks](how-to-manage-cloud-security-explorer.md) | Defender CSPM |
-| [Security governance](governance-rules.md#building-an-automated-process-for-improving-security-with-governance-rules) | Drive security improvements through your organization by assigning tasks to resource owners and tracking progress in aligning your security state with your security policy. | [Define governance rules](governance-rules.md#defining-governance-rules-to-automatically-set-the-owner-and-due-date-of-recommendations) | Defender CSPM |
+| [Security governance](governance-rules.md) | Drive security improvements through your organization by assigning tasks to resource owners and tracking progress in aligning your security state with your security policy. | [Define governance rules](governance-rules.md) | Defender CSPM |
 | [Microsoft Entra Permissions Management](../active-directory/cloud-infrastructure-entitlement-management/index.yml) | Provide comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS, and GCP. | [Review your Permission Creep Index (CPI)](other-threat-protections.md#entra-permission-management-formerly-cloudknox) | Defender CSPM |
 
 ## Protect cloud workloads

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -34,7 +34,7 @@ Container vulnerability assessment powered by Qualys has the following capabilit
     | [Azure registry container images should have vulnerabilities resolved (powered by Qualys)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainerRegistryRecommendationDetailsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648)| Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers security posture and protect them from attacks. | dbd0cb49-b563-45e7-9724-889e799fa648 |
     | [Azure running container images should have vulnerabilities resolved - (powered by Qualys)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/KubernetesRuntimeVisibilityRecommendationDetailsBlade/assessmentKey/41503391-efa5-47ee-9282-4eff6131462c) | Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers security posture and protect them from attacks. | 41503391-efa5-47ee-9282-4eff6131462c |
 
-- **Query vulnerability information via the Azure Resource Graph** - Ability to query vulnerability information via the [Azure Resource Graph](/azure/governance/resource-graph/overview#how-resource-graph-complements-azure-resource-manager). Learn how to [query recommendations via the ARG](review-security-recommendations.md#review-recommendation-data-in-azure-resource-graph-arg).
+- **Query vulnerability information via the Azure Resource Graph** - Ability to query vulnerability information via the [Azure Resource Graph](/azure/governance/resource-graph/overview#how-resource-graph-complements-azure-resource-manager). Learn how to [query recommendations via the ARG](review-security-recommendations.md).
 
 - **Query vulnerability information via sub-assessment API** - You can get scan results via REST API. See the [subassessment list](/rest/api/defenderforcloud/sub-assessments/get).
 - **Support for exemptions** - Learn how to [create exemption rules for a management group, resource group, or subscription](disable-vulnerability-findings-containers.md).

articles/defender-for-cloud/exempt-resource.md

@@ -8,7 +8,7 @@ author: dcurwin
 ms.date: 10/29/2023
 ---
 
-# Exempt resources from recommendations in Defender for Cloud
+# Exempt resources from recommendations 
 
 
 When you investigate security recommendations in Microsoft Defender for Cloud, you usually review the list of affected resources. Occasionally, a resource will be listed that you feel shouldn't be included. Or a recommendation will show in a scope where you feel it doesn't belong. For example, a resource might have been remediated by a process not tracked by Defender for Cloud, or a recommendation might be inappropriate for a specific subscription. Or perhaps your organization has decided to accept the risks related to the specific resource or recommendation.
@@ -21,12 +21,12 @@ In such cases, you can create an exemption to:
 
 For the scope you need, you can create an exemption rule to:
 
-- Mark a specific **recommendation** or as "mitigated" or "risk accepted" for one or more subscriptions, or for an entire management group.
+- Mark a specific **recommendation** as "mitigated" or "risk accepted" for one or more subscriptions, or for an entire management group.
 - Mark **one or more resources** as "mitigated" or "risk accepted" for a specific recommendation.
 
 ## Before you start
 
-This feature is in preview. [!INCLUDE [Legalese](../../includes/defender-for-cloud-preview-legal-text.md)]. This is a premium Azure Policy capability that's offered at no more cost for customers with Microsoft Defender for Cloud's enhanced security features enabled. For other users, charges might apply in the future. [Review Azure cloud support](support-matrix-cloud-environment.md).
+This feature is in preview. [!INCLUDE [Legalese](../../includes/defender-for-cloud-preview-legal-text.md)] This is a premium Azure Policy capability that's offered at no additional cost for customers with Microsoft Defender for Cloud's enhanced security features enabled. For other users, charges might apply in the future.
 
 - You need the following permissions to make exemptions:
     - **Owner** or **Security Admin** or **Resource Policy Contributor** to create an exemption
@@ -43,7 +43,7 @@ To create an exemption rule:
 
 1. In the Defender for Cloud portal, open the **Recommendations** page, and select the recommendation you want to exempt.
 
-1. From the toolbar at the top of the page, select **Exempt**.
+1. In **Take action**, select **Exempt**.
 
     :::image type="content" source="media/exempt-resource/exempting-recommendation.png" alt-text="Create an exemption rule for a recommendation to be exempted from a subscription or management group.":::
 
@@ -74,10 +74,9 @@ After creating the exemption it can take up to 30 minutes to take effect. After
 - If you've exempted specific resources, they'll be listed in the **Not applicable** tab of the recommendation details page.
 - If you've exempted a recommendation, it will be hidden by default on Defender for Cloud's recommendations page. This is because the default options of the **Recommendation status** filter on that page are to exclude **Not applicable** recommendations. The same is true if you exempt all recommendations in a security control.
 
-    :::image type="content" source="media/exempt-resource/recommendations-filters-hiding-not-applicable.png" alt-text="Screenshot showing default filters on Microsoft Defender for Cloud's recommendations page hide the not applicable recommendations and security controls." lightbox="media/exempt-resource/recommendations-filters-hiding-not-applicable.png":::
 
 
 
 ## Next steps
 
-[Review recommendations](review-security-recommendations.md) in Defender for Cloud. 
+[Review exempted resources](review-exemptions.md) in Defender for Cloud.