Merge pull request #221148 from MicrosoftDocs/main

12/12 OOB Publish at 7:45AM

Author: huypub

articles/azure-monitor/logs/basic-logs-configure.md

@@ -59,7 +59,7 @@ By default, all tables in your Log Analytics workspace are Analytics tables, and
 | [AMSStreamingEndpointRequests](/azure/azure-monitor/reference/tables/AMSStreamingEndpointRequests) | Azure Media Services information about requests to streaming endpoints. |
 | [ContainerAppConsoleLogs](/azure/azure-monitor/reference/tables/containerappconsoleLogs) | Azure Container Apps logs, generated within a Container Apps environment. |
 | [ContainerLogV2](/azure/azure-monitor/reference/tables/containerlogv2) | Used in [Container insights](../containers/container-insights-overview.md) and includes verbose text-based log records. |
-| [DevCenterDiagnosticLogs](/azure/azure-monitor/reference/tables/DevCenterDiagnosticLogs) | Data plane audit related to Dev Center resources, for example, dev boxes and environments stop, start, deletes. |
+| [DevCenterDiagnosticLogs](/azure/azure-monitor/reference/tables/DevCenterDiagnosticLogs) | Dev Center resources data plane audit logs. For example, dev boxes and environment stop, start, delete. |
 | [StorageBlobLogs](/azure/azure-monitor/reference/tables/StorageBlobLogs) | Azure Storage blob service logs. |
 | [StorageFileLogs](/azure/azure-monitor/reference/tables/StorageFileLogs) | Azure Storage file service logs. |
 | [StorageQueueLogs](/azure/azure-monitor/reference/tables/StorageQueueLogs) | Azure Storage queue service logs. |

articles/defender-for-cloud/TOC.yml

@@ -440,12 +440,31 @@
       href: quickstart-enable-database-protections.md
     - name: Defender for Azure SQL Databases
       items: 
-      - name: Overview
+      - name: Get started
         displayName: database
         href: defender-for-sql-introduction.md
-      - name: Customize SQL information protection policy
-        displayName: sql, database, data discovery
-        href: sql-information-protection-policy.md
+      - name: Vulnerability assessment
+        items:
+        - name: Overview
+          href: sql-azure-vulnerability-assessment-overview.md
+        - name: Enable vulnerability assessment
+          href: sql-azure-vulnerability-assessment-enable.md
+        - name: Manage vulnerability assessments
+          href: sql-azure-vulnerability-assessment-manage.md
+        - name: Find and remediate vulnerabilities
+          href: sql-azure-vulnerability-assessment-find.md
+        - name: Vulnerability assessment rules
+          href: sql-azure-vulnerability-assessment-rules.md
+        - name: Vulnerability assessment rules changelog
+          href: sql-azure-vulnerability-assessment-rules-changelog.md
+        - name: Store vulnerability scans in storage
+          href: /azure/azure-sql/database/sql-database-vulnerability-assessment-storage?toc=/azure/defender-for-cloud/toc.json
+      - name: Investigate threats
+        items:
+        - name: Overview
+          href: /azure/azure-sql/database/threat-detection-overview?toc=/azure/defender-for-cloud/toc.json
+        - name: Configure threat detection
+          href: /azure/azure-sql/database/threat-detection-configure?toc=/azure/defender-for-cloud/toc.json
     - name: Defender for SQL servers on machines
       items:
       - name: Enable Defender for SQL servers on machines

articles/defender-for-cloud/defender-for-sql-introduction.md

@@ -8,59 +8,46 @@ ms.custom: references_regions
 
 # Overview of Microsoft Defender for Azure SQL
 
-Microsoft Defender for Azure SQL includes two Microsoft Defender plans that extend Microsoft Defender for Cloud's [data security package](/azure/azure-sql/database/azure-defender-for-sql) to protect your SQL estate regardless of where it is located (Azure, multicloud, or hybrid environments). Microsoft Defender for Azure SQL includes functions that can be used to discover and mitigate potential database vulnerabilities. Defender for Azure SQL can also detect anomalous activities that may be an indication of a threat to your databases.
+Microsoft Defender for Azure SQL helps you discover and mitigate potential [database vulnerabilities](sql-azure-vulnerability-assessment-overview.md) and alerts you to [anomalous activities](#advanced-threat-protection) that may be an indication of a threat to your databases.
+
+- [Vulnerability assessment](#discover-and-mitigate-vulnerabilities): Scan databases to discover, track, and remediate vulnerabilities. Learn more about [vulnerability assessment](sql-azure-vulnerability-assessment-overview.md).
+- [Threat protection](#advanced-threat-protection): Receive detailed security alerts and recommended actions based on SQL Advanced Threat Protection to provide to mitigate threats. Learn more about [SQL Advanced Threat Protection](/azure/azure-sql/database/threat-detection-overview).
+
+When you enable **Microsoft Defender for Azure SQL**, all supported resources that exist within the subscription are protected. Future resources created on the same subscription will also be protected.
 
 ## Availability
 
 |Aspect|Details|
 |----|:----|
 |Release state:|Generally available (GA)|
 |Pricing:|**Microsoft Defender for Azure SQL** is billed as shown on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/)|
-|Protected SQL versions:|Azure SQL [single databases](/azure/azure-sql/database/single-database-overview) and [elastic pools](/azure/azure-sql/database/elastic-pool-overview)<br>[Azure SQL Managed Instance](/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview)<br>[Azure Synapse Analytics (formerly SQL DW) dedicated SQL pool](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is.md)|
+|Protected SQL versions:|Read-write replicas of:<br>- Azure SQL [single databases](/azure/azure-sql/database/single-database-overview) and [elastic pools](/azure/azure-sql/database/elastic-pool-overview)<br>- [Azure SQL Managed Instance](/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview)<br>- [Azure Synapse Analytics (formerly SQL DW) dedicated SQL pool](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is.md)|
 |Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure China 21Vianet (**Partial**: Subset of alerts and vulnerability assessment for SQL servers. Behavioral threat protections aren't available.)|
 
-## What does Microsoft Defender for Azure SQL protect?
-
-Microsoft Defender for Azure SQL databases protects:
-
-- [Azure SQL Database](/azure/azure-sql/database/sql-database-paas-overview)
-- [Azure SQL Managed Instance](/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview)
-- [Dedicated SQL pool in Azure Synapse](../synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is.md)
-
-When you enabled **Microsoft Defender for Azure SQL**, all supported resources that exist within the subscription are protected. Future resources created on the same subscription will also be protected.
-
-> [!NOTE]
-> Microsoft Defender for Azure SQL database currently works for read-write replicas only.
-
 ## What are the benefits of Microsoft Defender for Azure SQL?
 
-This plan includes functionality for identifying and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate threats to your databases.
+### Discover and mitigate vulnerabilities
 
-A vulnerability assessment service discovers, tracks, and helps you remediate potential database vulnerabilities. Assessment scans provide an overview of your SQL machines' security state, and details of any security findings.
+A vulnerability assessment service discovers, tracks, and helps you remediate potential database vulnerabilities. Assessment scans provide an overview of your SQL machines' security state, and details of any security findings. Defender for Azure SQL helps you identify and mitigate potential database vulnerabilities and detecting anomalous activities that could indicate threats to your databases.
 
 Learn more about [vulnerability assessment for Azure SQL Database](/azure/azure-sql/database/sql-vulnerability-assessment).
 
-An advanced threat protection service continuously monitors your SQL servers for threats such as SQL injection, brute-force attacks, and privilege abuse. This service provides action-oriented security alerts in Microsoft Defender for Cloud with details of the suspicious activity, guidance on how to mitigate to the threats, and options for continuing your investigations with Microsoft Sentinel. Learn more about [advanced threat protection](/azure/azure-sql/database/threat-detection-overview).
-
-> [!TIP]
-> View the list of security alerts for SQL servers [in the alerts reference page](alerts-reference.md#alerts-sql-db-and-warehouse).
+### Advanced threat protection
 
-## What kind of alerts does Microsoft Defender for Azure SQL provide?
+An advanced threat protection service continuously monitors your SQL servers for threats such as SQL injection, brute-force attacks, and privilege abuse. This service provides action-oriented security alerts in Microsoft Defender for Cloud with details of the suspicious activity, guidance on how to mitigate to the threats, and options for continuing your investigations with Microsoft Sentinel. Learn more about [advanced threat protection](/azure/azure-sql/database/threat-detection-overview).
 
 Threat intelligence enriched security alerts are triggered when there's:
 
 - **Potential SQL injection attacks** - including vulnerabilities detected when applications generate a faulty SQL statement in the database
 - **Anomalous database access and query patterns** - for example, an abnormally high number of failed sign-in attempts with different credentials (a brute force attempt)
 - **Suspicious database activity** - for example, a legitimate user accessing an SQL Server from a breached computer which communicated with a crypto-mining C&C server
 
-Alerts include details of the incident that triggered them, as well as recommendations on how to investigate and remediate threats.
+Alerts include details of the incident that triggered them, as well as recommendations on how to investigate and remediate threats. Learn more about the [security alerts for SQL servers](alerts-reference.md#alerts-sql-db-and-warehouse).
 
 ## Next steps
 
-In this article, you learned about Microsoft Defender for Azure SQL.
-
-For related information, see these resources:
+In this article, you learned about Microsoft Defender for Azure SQL. Now you can:
 
+- [Enable Microsoft Defender for Azure SQL](quickstart-enable-database-protections.md)
 - [How Microsoft Defender for Azure SQL can protect SQL servers anywhere](https://www.youtube.com/watch?v=V7RdB6RSVpc).
 - [Set up email notifications for security alerts](configure-email-notifications.md)
-- [Learn more about Microsoft Sentinel](../sentinel/index.yml)

articles/defender-for-cloud/defender-for-sql-on-machines-vulnerability-assessment.md

@@ -1,5 +1,5 @@
 ---
-title: Using Microsoft Defender for Cloud's integrated vulnerability assessment scanner for SQL servers
+title: Scan for vulnerabilities on on-premises and Azure Arc-enabled SQL servers
 description: Learn about Microsoft Defender for SQL servers on machines' integrated vulnerability assessment scanner
 ms.topic: how-to
 ms.author: benmansheim

articles/defender-for-cloud/includes/appliesto-sqldb-sqlmi-asa.md

@@ -0,0 +1 @@
+[!INCLUDE applies-md] :::image type="icon" source="../media/applies-to/yes-icon.svg" border="false"::: Azure SQL Database :::image type="icon" source="../media/applies-to/yes-icon.svg" border="false"::: Azure SQL Managed Instance :::image type="icon" source="../media/applies-to/yes-icon.svg" border="false"::: Azure Synapse Analytics

articles/defender-for-cloud/includes/updated-for-az.md

@@ -0,0 +1 @@
+[!NOTE] This article uses the Azure Az PowerShell module, which is the recommended PowerShell module for interacting with Azure. To get started with the Az PowerShell module, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.