Merge pull request #266816 from ElazarK/WI214552-freshness

Stacyrch140 · web-flow · commit 59dcf42287fc · 2024-03-31T17:41:03.000-04:00
freshness started
diff --git a/articles/defender-for-cloud/alerts-schemas.md b/articles/defender-for-cloud/alerts-schemas.md
@@ -1,26 +1,30 @@
 ---
-title: Schemas for the Microsoft Defender for Cloud alerts
+title: Alerts schema
 description: This article describes the different schemas used by Microsoft Defender for Cloud for security alerts.
-ms.topic: conceptual
+ms.topic: concept-article
 ms.author: dacurwin
 author: dcurwin
-ms.date: 11/09/2021
+ms.date: 03/25/2024
+#customer intent: As a reader, I want to understand the different schemas used by Microsoft Defender for Cloud for security alerts so that I can effectively work with the alerts.
 ---
 
-# Security alerts schemas
+# Alerts schemas
 
-If your subscription has Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) enabled, you receive security alerts when Defender for Cloud detects threats to their resources.
 
-You can view these security alerts in Microsoft Defender for Cloud's pages - [overview dashboard](overview-page.md), [alerts](managing-and-responding-alerts.md), [resource health pages](investigate-resource-health.md), or [workload protections dashboard](workload-protections-dashboard.md) - and through external tools such as:
+Defender for Cloud provides alerts that help you identify, understand, and respond to security threats. Alerts are generated when Defender for Cloud detects suspicious activity or a security-related issue in your environment. You can view these alerts in the Defender for Cloud portal, or you can export them to external tools for further analysis and response.
+
+You can review security alerts from the [overview dashboard](overview-page.md), [alerts](managing-and-responding-alerts.md) page, [resource health pages](investigate-resource-health.md), or [workload protections dashboard](workload-protections-dashboard.md).
+
+The following external tools can be used to consume alerts from Defender for Cloud:
 
 - [Microsoft Sentinel](../sentinel/index.yml) - Microsoft's cloud-native SIEM. The Sentinel Connector gets alerts from Microsoft Defender for Cloud and sends them to the [Log Analytics workspace](../azure-monitor/logs/quick-create-workspace.md) for Microsoft Sentinel.
 - Third-party SIEMs - Send data to [Azure Event Hubs](../event-hubs/index.yml). Then integrate your Event Hubs data with a third-party SIEM. Learn more in [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md).
 - [The REST API](/rest/api/defenderforcloud/operation-groups?view=rest-defenderforcloud-2020-01-01&preserve-view=true) - If you're using the REST API to access alerts, see the [online Alerts API documentation](/rest/api/defenderforcloud/alerts).
 
-If you're using any programmatic methods to consume the alerts, you need the correct schema to find the fields that are relevant to you. Also, if you're exporting to an Event Hubs or trying to trigger Workflow Automation with generic HTTP connectors, use the schemas to properly parse the JSON objects.
+If you're using any programmatic methods to consume the alerts, you need the correct schema to find the fields that are relevant to you. Also, if you're exporting to an Event Hubs or trying to trigger Workflow Automation with generic HTTP connectors, schemas should be utilized to properly parse the JSON objects.
 
 >[!IMPORTANT]
-> The schema is slightly different for each of these scenarios, so make sure you select the relevant tab.
+> Since the schema is different for each of these scenarios, ensure you select the relevant tab.
 
 ## The schemas
 
@@ -148,13 +152,13 @@ The schema and a JSON representation for security alerts sent to MS Graph, are a
 
 ---
 
-## Next steps
-
-This article described the schemas that Microsoft Defenders for Cloud's threat protection tools use when sending security alert information.
-
-For more information on the ways to access security alerts from outside Defender for Cloud, see:
+## Related articles
 
+- [Log Analytics workspaces](../azure-monitor/logs/quick-create-workspace.md) - Azure Monitor stores log data in a Log Analytics workspace, a container that includes data and configuration information
 - [Microsoft Sentinel](../sentinel/index.yml) - Microsoft's cloud-native SIEM
 - [Azure Event Hubs](../event-hubs/index.yml) - Microsoft's fully managed, real-time data ingestion service
-- [Continuously export Defender for Cloud data](continuous-export.md)
-- [Log Analytics workspaces](../azure-monitor/logs/quick-create-workspace.md) - Azure Monitor stores log data in a Log Analytics workspace, a container that includes data and configuration information
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Continuously export Defender for Cloud data](continuous-export.md)
diff --git a/articles/defender-for-cloud/investigate-resource-health.md b/articles/defender-for-cloud/investigate-resource-health.md
@@ -2,14 +2,14 @@
 title: Tutorial - Investigate the health of your resources
 description: 'Tutorial: Learn how to investigate the health of your resources using Microsoft Defender for Cloud.'
 ms.topic: tutorial
-ms.date: 01/24/2023
+ms.date: 02/21/2024
 ---
 
 # Tutorial: Investigate the health of your resources
 
 The resource health page provides a snapshot view of the overall health of a single resource. You can review detailed information about the resource and all recommendations that apply to that resource. Also, if you're using any of the [advanced protection plans of Microsoft Defender for Cloud](defender-for-cloud-introduction.md), you can see outstanding security alerts for that specific resource too.
 
-This single page, currently in preview, in Defender for Cloud's portal pages shows:
+This single page, in Defender for Cloud's portal pages shows:
 
 1. **Resource information** - The resource group and subscription it's attached to, the geographic location, and more.
 1. **Applied security feature** - Whether a Microsoft Defender plan is enabled for the resource.
@@ -31,21 +31,31 @@ In this tutorial you'll learn how to:
 To step through the features covered in this tutorial:
 
 - You need an Azure subscription. If you don’t have an Azure subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
-- To apply security recommendations, you must be signed in with an account that has the relevant permissions (Resource Group Contributor, Resource Group Owner, Subscription Contributor, or Subscription Owner)
-- To dismiss alerts, you must be signed in with an account that has the relevant permissions (Security Admin, Subscription Contributor, or Subscription Owner)
+
+- [Microsoft Defender for Cloud enabled on your subscription](connect-azure-subscription.md).
+
+- **To apply security recommendations**: you must be signed in with an account that has the relevant permissions (Resource Group Contributor, Resource Group Owner, Subscription Contributor, or Subscription Owner)
+
+- **To dismiss alerts**: you must be signed in with an account that has the relevant permissions (Security Admin, Subscription Contributor, or Subscription Owner)
 
 ## Access the health information for a resource
 
 > [!TIP]
 > In the following screenshots, we're opening a virtual machine, but the resource health page can show you the details for all resource types.
 
-To open the resource health page for a resource:
+**To open the resource health page for a resource**:
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. Select **Inventory**.
 
-1. Select any resource from the [asset inventory page](asset-inventory.md).
+1. Select any resource.
 
     :::image type="content" source="media/investigate-resource-health/inventory-select-resource.png" alt-text="Select a resource from the asset inventory to view the resource health page." lightbox="./media/investigate-resource-health/inventory-select-resource.png":::
 
-1. Use the left pane of the resource health page for an overview of the subscription, status, and monitoring information about the resource. You can also see whether enhanced security features are enabled for the resource:
+1. Review the left pane of the resource health page for an overview of the subscription, status, and monitoring information about the resource. You can also see whether enhanced security features are enabled for the resource:
 
     :::image type="content" source="media/investigate-resource-health/resource-health-left-pane.png" alt-text="The left pane of Microsoft Defender for Cloud's resource health page shows the subscription, status, and monitoring information about the resource. It also includes the total number of outstanding security recommendations and security alerts.":::
 
@@ -62,18 +72,24 @@ To open the resource health page for a resource:
 
 The resource health page lists the recommendations for which your resource is "unhealthy" and the alerts that are active.
 
-- To ensure your resource is hardened according to the policies applied to your subscriptions, fix the issues described in the recommendations:
-    1. From the right pane, select a recommendation.
-    1. Continue as instructed on screen.
+### Harden a resource
+
+To ensure your resource is hardened according to the policies applied to your subscriptions, fix the issues described in the recommendations:
+
+1. From the right pane, select a recommendation.
+
+1. Continue as instructed on screen.
+
+    > [!TIP]
+    > The instructions for fixing issues raised by security recommendations differ for each of Defender for Cloud's recommendations.
+    >
+    > To decide which recommendations to resolve first, look at the severity of each one and its [potential impact on your secure score](secure-score-security-controls.md).
+
+### Investigate a security alert
 
-        > [!TIP]
-        > The instructions for fixing issues raised by security recommendations differ for each of Defender for Cloud's recommendations.
-        >
-        > To decide which recommendations to resolve first, look at the severity of each one and its [potential impact on your secure score](secure-score-security-controls.md).
+1. From the right pane, select an alert.
 
-- To investigate a security alert:
-    1. From the right pane, select an alert.
-    1. Follow the instructions in [Respond to security alerts](managing-and-responding-alerts.md#respond-to-a-security-alert).
+1. Follow the instructions in [Respond to security alerts](managing-and-responding-alerts.md#respond-to-a-security-alert).
 
 ## Next steps
 
diff --git a/articles/defender-for-cloud/sql-azure-vulnerability-assessment-find.md b/articles/defender-for-cloud/sql-azure-vulnerability-assessment-find.md
@@ -3,7 +3,7 @@ title: Find vulnerabilities in your Azure SQL databases
 description: Learn how to find software vulnerabilities with the express configuration on Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics.
 author: dcurwin
 ms.author: dacurwin
-ms.date: 11/29/2022
+ms.date: 03/25/2024
 ms.service: defender-for-cloud
 ms.topic: how-to
 ---
diff --git a/articles/defender-for-cloud/sql-information-protection-policy.md b/articles/defender-for-cloud/sql-information-protection-policy.md
@@ -1,12 +1,14 @@
 ---
 title: SQL information protection policy
-description: Learn how to customize information protection policies in Microsoft Defender for Cloud.
+description: Learn how to customize information protection policies in Microsoft Defender for Cloud to secure your data effectively and meet compliance requirements.
 ms.topic: how-to
 ms.custom: devx-track-azurepowershell
 author: dcurwin
 ms.author: dacurwin
-ms.date: 11/09/2021
+ms.date: 03/25/2024
+#customer intent: As a user, I want to learn how to customize information protection policies in Microsoft Defender for Cloud so that I can secure my data effectively.
 ---
+
 # SQL information protection policy in Microsoft Defender for Cloud
 
 SQL information protection's [data discovery and classification mechanism](/azure/azure-sql/database/data-discovery-and-classification-overview) provides advanced capabilities for discovering, classifying, labeling, and reporting the sensitive data in your databases. It's built into [Azure SQL Database](/azure/azure-sql/database/sql-database-paas-overview), [Azure SQL Managed Instance](/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview), and [Azure Synapse Analytics](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is.md).
@@ -127,11 +129,13 @@ Learn more in [Grant and request tenant-wide visibility](tenant-wide-permissions
 - [Get-AzSqlInformationProtectionPolicy](/powershell/module/az.security/get-azsqlinformationprotectionpolicy): Retrieves the effective tenant SQL information protection policy.
 - [Set-AzSqlInformationProtectionPolicy](/powershell/module/az.security/set-azsqlinformationprotectionpolicy): Sets the effective tenant SQL information protection policy.
 
-## Next steps
+## Related articles
+
+- [Azure SQL Database Data Discovery and Classification](/azure/azure-sql/database/data-discovery-and-classification-overview)
 
-In this article, you learned about defining an information protection policy in Microsoft Defender for Cloud. To learn more about using SQL Information Protection to classify and protect sensitive data in your SQL databases, see [Azure SQL Database Data Discovery and Classification](/azure/azure-sql/database/data-discovery-and-classification-overview).
+- [Microsoft Defender for Cloud data security](data-security.md)
 
-For more information on security policies and data security in Defender for Cloud, see the following articles:
+## Next step
 
-- [Setting security policies in Microsoft Defender for Cloud](tutorial-security-policy.md): Learn how to configure security policies for your Azure subscriptions and resource groups
-- [Microsoft Defender for Cloud data security](data-security.md): Learn how Defender for Cloud manages and safeguards data
+> [!div class="nextstepaction"]
+> [Setting security policies in Microsoft Defender for Cloud](tutorial-security-policy.md)
