Merge pull request #262093 from AlizaBernstein/WI-194508-GH-faq-track-aws-costs

WI-194508-GH-faq-track-aws-costs

Author: v-ccolin

articles/defender-for-cloud/faq-data-collection-agents.yml

@@ -7,7 +7,9 @@ metadata:
   ms.author: elkrieger
   manager: raynew
   ms.topic: faq
-  ms.date: 06/20/2023
+  ms.custom: ignite-2022
+  ms.date: 01/22/2024
+
 title: 'Common questions about data collection, agents, and workspaces'
 summary: |
   Defender for Cloud collects data from your Azure virtual machines (VMs), Virtual Machine Scale Sets, IaaS containers, and non-Azure computers (including on-premises machines) to monitor for security vulnerabilities and threats. The Log Analytics agent collects data, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis.
@@ -184,7 +186,7 @@ sections:
              ![Remove the agent](./media/platform-migration-faq/remove-the-agent.png)
           
           > [!NOTE]
-          > If a Linux VM already has a nonextension OMS agent, removing the extension removes the agent as well and you have to reinstall it.
+          > If a Linux VM already has a non-extension OMS agent, removing the extension removes the agent as well and you have to reinstall it.
           
         
       - question: |
@@ -222,6 +224,14 @@ sections:
           > [!NOTE]
           > AWS charges for retention of disk snapshots. The Defender for Cloud scanning process actively tries to minimize the period during which a snapshot is stored in your account (typically up to a few minutes). AWS might charge an overhead cost for the disk snapshots storage. Check with AWS to see what costs apply to you.
 
+      - question: |
+          How can I track AWS costs incurred for the disk snapshots created by Defender for Cloud agentless scanning?
+        answer: | 
+          Disk snapshots are created with the `CreatedBy` tag key, and the `Microsoft Defender for Cloud` tag value. The `CreatedBy` tag tracks who created the resource. 
+
+          You need to [activate the tags in the Billing and Cost Management console](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/activate-built-in-tags.html). It can take up to 24 hours for tags to activate. 
+          
+          Once you have activated the tags, AWS generates a cost allocation report as a comma-separated value (.CSV file) with your usage and cost grouped by your active tags. 
 
   - name: Workspaces
     questions:

articles/defender-for-cloud/faq-general.yml

@@ -106,8 +106,7 @@ sections:
           If the user's info isn't listed in the **Event initiated by** column, explore the event's JSON for the relevant details.
 
           :::image type="content" source="media/faq-general/tracking-pricing-changes-in-activity-log.png" alt-text="Screenshot of Azure Activity log JSON explorer.":::
-
-
+    
       - question: |
           What happens when one recommendation is in multiple policy initiatives?
         answer: |