Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into wi236734-copilot-in-mdc

Author: ElazarK

articles/backup/backup-azure-database-postgresql-support-matrix.md

@@ -30,7 +30,6 @@ Azure Database for PostgreSQL server backup is available in all regions, except
 - Cross-region backup isn't supported. Therefore, you can't back up an Azure PostgreSQL server to a vault in another region. Similarly, you can only restore a backup to a server within the same region as the vault. However, we support cross-subscription backup and restore. 
 - Private endpoint-enabled Azure PostgreSQL servers can be backed up by allowing trusted Microsoft services in the network settings.
 - Only the data is recovered during restore; _roles_ aren't restored.
-- Protection of PostgreSQL Flexible server is currently not supported.
 ## Next steps
 
 - [Back up Azure Database for PostgreSQL server](backup-azure-database-postgresql.md)

articles/defender-for-cloud/faq-permissions.yml

@@ -3,7 +3,7 @@ metadata:
   title: Common questions - permissions
   description: This FAQ answers questions about permissions in Microsoft Defender for Cloud, a product that helps you prevent, detect, and respond to threats.
   services: defender-for-cloud
-  author: elkrieger
+  author: dcurwin
   ms.author: elkrieger
   manager: raynew
   ms.topic: faq

articles/defender-for-cloud/release-notes.md

@@ -43,7 +43,7 @@ Learn more about [Copilot for Security in Defender for Cloud](copilot-security-i
 | May 28 | [Remediate security baseline recommendation](#remediate-security-baseline-recommendation) |
 | May 22 | [Configure email notifications for attack paths](#configure-email-notifications-for-attack-paths) |
 | May 9 | [Checkov integration for IaC scanning in Defender for Cloud (Preview)](#checkov-integration-for-iac-scanning-in-defender-for-cloud-preview) |
-| May 6 | [AI multicloud security posture management is publicly available for Azure and AWS (Preview)](#ai-multicloud-security-posture-management-is-publicly-available-for-azure-and-aws-preview) |
+| May 6 | [AI multicloud security posture management is available for Azure and AWS (Preview)](#ai-multicloud-security-posture-management-is-available-for-azure-and-aws-preview) |
 | May 2 | [Updated security policy management is now generally available](#updated-security-policy-management-is-now-generally-available) |
 | May 1 | [Defender for open-source databases is now available on AWS for Amazon instances (Preview)](#defender-for-open-source-databases-is-now-available-on-aws-for-amazon-instances-preview) |
 
@@ -111,7 +111,7 @@ May 7, 2024
 
 We're announcing the general availability (GA) of [permissions management](permissions-management.md) in Defender for Cloud.
 
-### AI multicloud security posture management is publicly available for Azure and AWS (Preview)
+### AI multicloud security posture management is available for Azure and AWS (Preview)
 
 May 6, 2024
 

articles/defender-for-cloud/security-policy-concept.md

@@ -1,6 +1,6 @@
 ---
 title: Security policies in Microsoft Defender for Cloud 
-description: Learn about security policies, standards, and recommendations in Microsoft Defender for Cloud.
+description: Learn about security policies, standards, and recommendations to improve your cloud security posture in Microsoft Defender for Cloud.
 ms.topic: conceptual
 ms.date: 11/27/2023
 ---
@@ -41,9 +41,9 @@ Recommendations derived from assessments against custom standards appear togethe
 
 ### Custom recommendations
 
-All customers with Azure subscriptions can create custom recommendations based on Azure Policy. With Azure Policy, you create a policy definition, assign it to a policy initiative, and merge that initiative and policy into Defender for Cloud.
+Using custom recommendations based on Kusto Query Language (KQL) is the recommended approach and is supported for all clouds, but requires enabling the [Defender CSPM plan](concept-cloud-security-posture-management.md). With these recommendations, you specify a unique name, a description, remediation steps, severity, and relevant standards. You add recommendation logic with KQL. A query editor provides a built-in query template that you can tweak, or you can write your KQL query.
 
-Custom recommendations based on Kusto Query Language (KQL) are available for all clouds, but require enabling the [Defender CSPM plan](concept-cloud-security-posture-management.md). With these recommendations, you specify a unique name, a description, steps for remediation, severity, and which standards the recommendation should be assigned to. You add recommendation logic with KQL. A query editor provides a built-in query template that you can tweak as needed, or you can write your KQL query from scratch.
+Alternatively, all Azure customers can onboard their Azure Policy custom initiatives as custom recommendations (legacy approach).
 
 For more information, see [Create custom security standards and recommendations in Microsoft Defender for Cloud](create-custom-recommendations.md).
 

articles/defender-for-cloud/upcoming-changes.md

@@ -2,7 +2,7 @@
 title: Important upcoming changes
 description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan.
 ms.topic: overview
-ms.date: 06/03/2024
+ms.date: 06/10/2024
 ---
 
 # Important upcoming changes to Microsoft Defender for Cloud
@@ -25,6 +25,7 @@ If you're looking for the latest release notes, you can find them in the [What's
 
 | Planned change | Announcement date | Estimated date for change |
 |--|--|--|
+| [SQL vulnerability assessment automatic enablement using express configuration on unconfigured servers](#sql-vulnerability-assessment-automatic-enablement-using-express-configuration-on-unconfigured-servers) | June 10, 2024 | July 10, 2024 |
 | [Changes to identity recommendations](#changes-to-identity-recommendations) | June 3, 2024 | July 2024 |
 | [Removal of FIM over AMA and release of new version over Defender for Endpoint](#removal-of-fim-over-ama-and-release-of-new-version-over-defender-for-endpoint) | May 1, 2024 | June 2024 |
 | [Deprecation of system update recommendations](#deprecation-of-system-update-recommendations) | May 1, 2024 | May 2024 |
@@ -47,6 +48,25 @@ If you're looking for the latest release notes, you can find them in the [What's
 | [Deprecating two security incidents](#deprecating-two-security-incidents) |  | November 2023 |
 | [Defender for Cloud plan and strategy for the Log Analytics agent deprecation](#defender-for-cloud-plan-and-strategy-for-the-log-analytics-agent-deprecation) |  | August 2024 |
 
+## SQL vulnerability assessment automatic enablement using express configuration on unconfigured servers
+
+**Announcement date: June 10, 2024**
+
+**Estimated date for change: July 10, 2024**
+
+Originally, SQL Vulnerability Assessment (VA) with Express Configuration was only automatically enabled on servers where Microsoft Defender for SQL was activated after the introduction of Express Configuration in December 2022. 
+
+We will be updating all Azure SQL Servers that had Microsoft Defender for SQL activated before December 2022 and had no existing SQL VA policy in place, to have SQL Vulnerability Assessment (SQL VA) automatically enabled with Express Configuration.
+
+The implementation of this change will be gradual, spanning several weeks, and does not require any action on the user’s part.
+
+> [!NOTE]
+> This change applies to Azure SQL Servers where Microsoft Defender for SQL was activated either at the Azure subscription level or at the individual server level.
+>
+> Servers with an existing classic configuration (whether valid or invalid) will not be affected by this change.
+>
+> Upon activation, the recommendation ‘SQL databases should have vulnerability findings resolved’ may appear and could potentially impact your secure score.
+
 ## Changes to identity recommendations
 
 **Announcement date: June 3, 2024**