Update regulatory-compliance-dashboard.md

AlizaBernstein · AlizaBernstein · commit 65f3728b3d0a · 2024-02-11T11:43:50.000+02:00
diff --git a/articles/defender-for-cloud/regulatory-compliance-dashboard.md b/articles/defender-for-cloud/regulatory-compliance-dashboard.md
@@ -2,7 +2,7 @@
 title: Improve regulatory compliance in Microsoft Defender for Cloud
 description: Learn how to improve regulatory compliance in Microsoft Defender for Cloud.
 ms.topic: tutorial
-ms.date: 06/18/2023
+ms.date: 02/11/2024
 ---
 
 # Improve regulatory compliance
@@ -19,24 +19,19 @@ When you add any standard to your compliance dashboard (including compliance sta
 
 Compliance Manager thus provides improvement actions and status across your cloud infrastructure and all other digital assets in this central tool. For more information, see [multicloud support in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-multicloud).
 
-
-
-
 ## Before you start
 
 - By default, when you enable Defender for Cloud on an Azure subscription, AWS account, or GCP plan, the MCSB plan is enabled
-- You can add additional non-default compliance standards when at least one paid plan is enabled in Defender for Cloud.
+- You can add more non-default compliance standards when at least one paid plan is enabled in Defender for Cloud.
 - You must be signed in with an account that has reader access to the policy compliance data. The **Reader** role for the subscription has access to the policy compliance data, but the **Security Reader** role doesn't. At a minimum, you need to have **Resource Policy Contributor** and **Security Admin** roles assigned.
 
-
 ## Assess regulatory compliance
 
 The **Regulatory compliance** dashboard shows which compliance standards are enabled. It shows the controls within each standard, and security assessments for those controls. The status of these assessments reflects your compliance with the standard.
 
 The dashboard helps you to focus on gaps in standards, and to monitor compliance over time.
 
-
-1. In the Defender for Cloud portal open the **Regulatory compliance** page.
+1. In the Defender for Cloud portal, open the **Regulatory compliance** page.
 
     :::image type="content" source="./media/regulatory-compliance-dashboard/compliance-drilldown.png" alt-text="Screenshot that shows the exploration of the details of compliance with a specific standard." lightbox="media/regulatory-compliance-dashboard/compliance-drilldown.png":::
 
@@ -60,15 +55,15 @@ You can use information in the dashboard to investigate issues that might affect
 
 1. Select **Control details**.
 
-    :::image type="content" source="media/regulatory-compliance-dashboard/control-detail.png" alt-text="Screenshot that shows you where to navigate to select control details on the screen.":::
+    :::image type="content" source="media/regulatory-compliance-dashboard/control-detail.png" alt-text="Screenshot that shows you where to navigate to select control details on the screen." lightbox="media/regulatory-compliance-dashboard/control-detail.png":::
 
     - Select **Overview** to see the specific information about the Control you selected.
     - Select **Your Actions** to see a detailed view of automated and manual actions you need to take to improve your compliance posture.
     - Select **Microsoft Actions** to see all the actions Microsoft took to ensure compliance with the selected standard.  
 
 1. Under **Your Actions**, you can select a down arrow to view more details and resolve the recommendation for that resource.
 
-    :::image type="content" source="media/regulatory-compliance-dashboard/down-arrow.png" alt-text="Screenshot that shows you where the down arrow is on the screen.":::
+    :::image type="content" source="media/regulatory-compliance-dashboard/down-arrow.png" alt-text="Screenshot that shows you where the down arrow is on the screen."  lightbox="media/regulatory-compliance-dashboard/down-arrow.png":::
 
     For more information about how to apply recommendations, see [Implementing security recommendations in Microsoft Defender for Cloud](review-security-recommendations.md).
 
@@ -79,7 +74,6 @@ You can use information in the dashboard to investigate issues that might affect
 
 The regulatory compliance has both automated and manual assessments that might need to be remediated. Using the information in the regulatory compliance dashboard, improve your compliance posture by resolving recommendations directly within the dashboard.
 
-
 1. In the Defender for Cloud portal, open **Regulatory compliance**.
 
 1. Select a regulatory compliance standard, and select a compliance control to expand it.
@@ -88,24 +82,22 @@ The regulatory compliance has both automated and manual assessments that might n
 
 1. Select a particular resource to view more details and resolve the recommendation for that resource. <br>For example, in the **Azure CIS 1.1.0** standard, select the recommendation **Disk encryption should be applied on virtual machines**.
 
-    :::image type="content" source="./media/regulatory-compliance-dashboard/sample-recommendation.png" alt-text="Screenshot that shows that selecting a recommendation from a standard leads directly to the recommendation details page.":::
+    :::image type="content" source="./media/regulatory-compliance-dashboard/sample-recommendation.png" alt-text="Screenshot that shows that selecting a recommendation from a standard leads directly to the recommendation details page."  lightbox="media/regulatory-compliance-dashboard/sample-recommendation.png":::
 
 1. In this example, when you select **Take action** from the recommendation details page, you arrive in the Azure Virtual Machine pages of the Azure portal, where you can enable encryption from the **Security** tab:
 
-    :::image type="content" source="./media/regulatory-compliance-dashboard/encrypting-vm-disks.png" alt-text="Screenshot that shows the take action button on the recommendation details page leads to the remediation options.":::
+    :::image type="content" source="./media/regulatory-compliance-dashboard/encrypting-vm-disks.png" alt-text="Screenshot that shows the take action button on the recommendation details page leads to the remediation options."  lightbox="media/regulatory-compliance-dashboard/encrypting-vm-disks.png":::
 
     For more information about how to apply recommendations, see [Implementing security recommendations in Microsoft Defender for Cloud](review-security-recommendations.md).
 
 1. After you take action to resolve recommendations, you'll see the result in the compliance dashboard report because your compliance score improves.
 
-
-Assessments run approximately every 12 hours, so you will see the impact on your compliance data only after the next run of the relevant assessment.
+Assessments run approximately every 12 hours, so you'll see the impact on your compliance data only after the next run of the relevant assessment.
 
 ## Remediate a manual assessment
 
 The regulatory compliance has automated and manual assessments that might need to be remediated. Manual assessments are assessments that require input from the customer to remediate them.
 
-
 1. In the Defender for Cloud portal, open **Regulatory compliance**.
 
 1. Select a regulatory compliance standard, and select a compliance control to expand it.
@@ -126,21 +118,20 @@ The regulatory compliance has automated and manual assessments that might need t
 
     The report provides a high-level summary of your compliance status for the selected standard based on Defender for Cloud assessments data. The report's organized according to the controls of that particular standard. The report can be shared with relevant stakeholders, and might provide evidence to internal and external auditors.
 
-    :::image type="content" source="./media/regulatory-compliance-dashboard/download-report.png" alt-text="Screenshot that shows using the toolbar in Defender for Cloud's regulatory compliance dashboard to download compliance reports.":::
+    :::image type="content" source="./media/regulatory-compliance-dashboard/download-report.png" alt-text="Screenshot that shows using the toolbar in Defender for Cloud's regulatory compliance dashboard to download compliance reports."  lightbox="media/regulatory-compliance-dashboard/download-report.png":::
 
 1. To download Azure and Dynamics **certification reports** for the standards applied to your subscriptions, use the **Audit reports** option.
 
-    :::image type="content" source="media/release-notes/audit-reports-regulatory-compliance-dashboard.png" alt-text="Screenshot that shows using the toolbar in Defender for Cloud's regulatory compliance dashboard to download Azure and Dynamics certification reports.":::
+    :::image type="content" source="media/release-notes/audit-reports-regulatory-compliance-dashboard.png" alt-text="Screenshot that shows using the toolbar in Defender for Cloud's regulatory compliance dashboard to download Azure and Dynamics certification reports."  lightbox="media/release-notes/audit-reports-regulatory-compliance-dashboard.png":::
 
 1. Select the tab for the relevant reports types (PCI, SOC, ISO, and others) and use filters to find the specific reports you need:
 
-    :::image type="content" source="media/release-notes/audit-reports-list-regulatory-compliance-dashboard-ga.png" alt-text="Screenshot that shows filtering the list of available Azure Audit reports using tabs and filters.":::
+    :::image type="content" source="media/release-notes/audit-reports-list-regulatory-compliance-dashboard-ga.png" alt-text="Screenshot that shows filtering the list of available Azure Audit reports using tabs and filters."  lightbox="media/release-notes/audit-reports-list-regulatory-compliance-dashboard-ga.png":::
 
     For example, from the PCI tab you can download a ZIP file containing a digitally signed certificate demonstrating Microsoft Azure, Dynamics 365, and Other Online Services' compliance with ISO22301 framework, together with the necessary collateral to interpret and present the certificate.
 
-
  When you download one of these certification reports, you'll be shown the following privacy notice:
-    
+
  _By downloading this file, you are giving consent to Microsoft to store the current user and the selected subscriptions at the time of download. This data is used in order to notify you in case of changes or updates to the downloaded audit report. This data is used by Microsoft and the audit firms that produce the certification/reports only when notification is required._
 
 ### Check compliance offerings status
@@ -172,7 +163,7 @@ Use continuous export data to an Azure Event Hubs or a Log Analytics workspace:
     :::image type="content" source="media/regulatory-compliance-dashboard/export-compliance-data-snapshot.png" alt-text="Screenshot that shows how to continuously export a weekly snapshot of regulatory compliance data." lightbox="media/regulatory-compliance-dashboard/export-compliance-data-snapshot.png":::
 
 > [!TIP]
-> You can also manually export reports about a single point in time directly from the regulatory compliance dashboard. Generate these **PDF/CSV reports** or **Azure and Dynamics certification reports** using the **Download report** or **Audit reports** toolbar options. 
+> You can also manually export reports about a single point in time directly from the regulatory compliance dashboard. Generate these **PDF/CSV reports** or **Azure and Dynamics certification reports** using the **Download report** or **Audit reports** toolbar options.
 
 ## Trigger a workflow when assessments change
 
@@ -187,5 +178,5 @@ For example, you might want Defender for Cloud to email a specific user when a c
 To learn more, see these related pages:
 
 - [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md) - Learn how to select which standards appear in your regulatory compliance dashboard.
-- [Managing security recommendations in Defender for Cloud](review-security-recommendations.md) - Learn how to use recommendations in Defender for Cloud to help protect your Azure resources.
+- [Managing security recommendations in Defender for Cloud](review-security-recommendations.md) - Learn how to use recommendations in Defender for Cloud to help protect your multicloud resources.
 - Check out [common questions](faq-regulatory-compliance.yml) about regulatory compliance.
