Merge pull request #271172 from dcurwin/fix-formatting-april4-2024

Fix formatting

Author: PMEds28

articles/defender-for-cloud/concept-regulatory-compliance.md

@@ -17,7 +17,7 @@ This benchmark builds on the cloud security principles defined by the Azure Secu
 
 :::image type="content" source="media/concept-regulatory-compliance/microsoft-security-benchmark.png" alt-text="Image that shows the components that make up the Microsoft cloud security benchmark." lightbox="media/concept-regulatory-compliance/microsoft-security-benchmark.png":::
 
-The compliance dashboard gives you a view of your overall compliance standing. Security for non-Azure platforms follows the same cloud-neutral security principles as Azure. Each control within the benchmark provides the same granularity and scope of technical guidance across Azure and other cloud resources. 
+The compliance dashboard gives you a view of your overall compliance standing. Security for non-Azure platforms follows the same cloud-neutral security principles as Azure. Each control within the benchmark provides the same granularity and scope of technical guidance across Azure and other cloud resources.
 
 :::image type="content" source="media/concept-regulatory-compliance/compliance-dashboard.png" alt-text="Screenshot of a sample regulatory compliance page in Defender for Cloud." lightbox="media/concept-regulatory-compliance/compliance-dashboard.png":::
 

articles/defender-for-cloud/connect-servicenow.md

@@ -15,14 +15,14 @@ Microsoft Defender for Cloud's integration with ServiceNow allows customers to c
 
 ## Prerequisites
 
-- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html).
 
 - Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
 
 - The following roles are required:
-    - To create the integration: Security Admin, Contributor, or Owner.
+  - To create the integration: Security Admin, Contributor, or Owner.
 
-## Connect ServiceNow to Defender for Cloud
+## Connect a ServiceNow account to Defender for Cloud
 
 To connect a ServiceNow account to a Defender for Cloud account:
 

articles/defender-for-cloud/container-image-mapping.md

@@ -14,11 +14,11 @@ When a vulnerability is identified in a container image stored in a container re
 
 - An Azure account with Defender for Cloud onboarded. If you don't already have an Azure account, [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - [Azure DevOps](quickstart-onboard-devops.md) or [GitHub](quickstart-onboard-github.md) environment onboarded to Microsoft Defender for Cloud.
-  - When an Azure DevOps environment is onboarded to Microsoft Defender for Cloud, the Microsoft Defender for DevOps Container Mapping will be automatically shared and installed in all connected Azure DevOps organizations. This will automatically inject tasks into all Azure Pipelines to collect data for container mapping. 
-    
-- For Azure DevOps, [Microsoft Security DevOps (MSDO) Extension](azure-devops-extension.md) installed on the Azure DevOps organization. 
+  - When an Azure DevOps environment is onboarded to Microsoft Defender for Cloud, the Microsoft Defender for DevOps Container Mapping will be automatically shared and installed in all connected Azure DevOps organizations. This will automatically inject tasks into all Azure Pipelines to collect data for container mapping.
 
-- For GitHub, [Microsoft Security DevOps (MSDO) Action](github-action.md) configured in your GitHub repositories. Additionally, the GitHub Workflow must have "**id-token: write"** permissions for federation with Defender for Cloud. For an example, see [this YAML](https://github.com/microsoft/security-devops-action/blob/7e3060ae1e6a9347dd7de6b28195099f39852fe2/.github/workflows/on-push-verification.yml). 
+- For Azure DevOps, [Microsoft Security DevOps (MSDO) Extension](azure-devops-extension.md) installed on the Azure DevOps organization.
+
+- For GitHub, [Microsoft Security DevOps (MSDO) Action](github-action.md) configured in your GitHub repositories. Additionally, the GitHub Workflow must have "**id-token: write"** permissions for federation with Defender for Cloud. For an example, see [this YAML](https://github.com/microsoft/security-devops-action/blob/7e3060ae1e6a9347dd7de6b28195099f39852fe2/.github/workflows/on-push-verification.yml).
 - [Defender CSPM](tutorial-enable-cspm-plan.md) enabled.
 - The container images must be built using [Docker](https://www.docker.com/) and the Docker client must be able to access the Docker server during the build.
 
@@ -111,4 +111,3 @@ The following is an example of an advanced query that utilizes container image m
 ## Next steps
 
 - Learn more about [DevOps security in Defender for Cloud](defender-for-devops-introduction.md).
-

articles/defender-for-cloud/create-governance-rule-servicenow.md

@@ -11,16 +11,16 @@ ai-usage: ai-assisted
 
 # Create automatic tickets with governance rules
 
-The integration of SeviceNow and Defender for Cloud allow you to create governance rules that automatically open tickets in SeviceNow for specific recommendations or severity levels. ServiceNow tickets can be created, viewed, and linked to recommendations directly from Defender for Cloud, enabling seamless collaboration between the two platforms and facilitating efficient incident management.
+The integration of ServiceNow and Defender for Cloud allow you to create governance rules that automatically open tickets in ServiceNow for specific recommendations or severity levels. ServiceNow tickets can be created, viewed, and linked to recommendations directly from Defender for Cloud, enabling seamless collaboration between the two platforms and facilitating efficient incident management.
 
 ## Prerequisites
 
-- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html).
 
 - Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
 
 - The following roles are required:
-    - To create an assignment:  Admin permissions to ServiceNow.
+  - To create an assignment:  Admin permissions to ServiceNow.
 
 ## Assign an owner with a governance rule
 

articles/defender-for-cloud/create-ticket-servicenow.md

@@ -9,18 +9,18 @@ ai-usage: ai-assisted
 #customer intent: As a user, I want to learn how to Create a ticket in Defender for Cloud for my ServiceNow account.
 ---
 
-# Create a ticket in Defender for Cloud 
+# Create a ticket in Defender for Cloud
 
 The integration between Defender for Cloud and ServiceNow allows Defender for Cloud customers to create tickets in Defender for Cloud that connects to a ServiceNow account. ServiceNow tickets are linked to recommendations directly from Defender for Cloud, allowing the two platforms to facilitate efficient incident management.
 
 ## Prerequisites
 
-- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html).
 
 - Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
 
 - The following roles are required:
-    - To create an assignment:  Admin permissions to ServiceNow.
+  - To create an assignment:  Admin permissions to ServiceNow.
 
 ## Create a new ticket based on a recommendation to ServiceNow
 

articles/defender-for-cloud/defender-for-databases-introduction.md

@@ -25,14 +25,17 @@ Check out the [pricing page](https://azure.microsoft.com/pricing/details/defende
 Defender for open-source relational database is supported on PaaS environments and not on Azure Arc-enabled machines.
 
 **Protected versions of PostgreSQL include**:
-- Single Server - General Purpose and Memory Optimized. Learn more in [PostgreSQL Single Server pricing tiers](../postgresql/concepts-pricing-tiers.md). 
+
+- Single Server - General Purpose and Memory Optimized. Learn more in [PostgreSQL Single Server pricing tiers](../postgresql/concepts-pricing-tiers.md).
 - Flexible Server - all pricing tiers.
 
 **Protected versions of MySQL include**:
+
 - Single Server - General Purpose and Memory Optimized. Learn more in [MySQL pricing tiers](../mysql/concepts-pricing-tiers.md).
 - Flexible Server - all pricing tiers.
 
 **Protected versions of MariaDB include**:
+
 - General Purpose and Memory Optimized. Learn more in [MariaDB pricing tiers](../mariadb/concepts-pricing-tiers.md).
 
 View [cloud availability](support-matrix-cloud-environment.md#cloud-support) for Defender for open-source relational databases

articles/defender-for-cloud/enable-pull-request-annotations.md

@@ -22,14 +22,14 @@ Annotations can be added by a user with access to the repository, and can be use
 **For GitHub**:
 
 - An Azure account. If you don't already have an Azure account, you can [create your Azure free account today](https://azure.microsoft.com/free/).
-- Be a [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) customer. 
+- Be a [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) customer.
 - [Connect your GitHub repositories to Microsoft Defender for Cloud](quickstart-onboard-github.md).
 - [Configure the Microsoft Security DevOps GitHub action](github-action.md).
 
 **For Azure DevOps**:
 
 - An Azure account. If you don't already have an Azure account, you can [create your Azure free account today](https://azure.microsoft.com/free/).
-- [Have write access (owner/contributer) to the Azure subscription](../active-directory/privileged-identity-management/pim-how-to-activate-role.md). 
+- [Have write access (owner/contributer) to the Azure subscription](../active-directory/privileged-identity-management/pim-how-to-activate-role.md).
 - [Connect your Azure DevOps repositories to Microsoft Defender for Cloud](quickstart-onboard-devops.md).
 - [Configure the Microsoft Security DevOps Azure DevOps extension](azure-devops-extension.md).
 
@@ -98,13 +98,13 @@ Before you can enable pull request annotations, your main branch must have enabl
 
     :::image type="content" source="media/tutorial-enable-pr-annotations/branch-policies.png" alt-text="Screenshot that shows where to locate the branch policies." lightbox="media/tutorial-enable-pr-annotations/branch-policies.png":::
 
-1. Locate the Build Validation section. 
+1. Locate the Build Validation section.
 
 1. Ensure the build validation for your repository is toggled to **On**.
 
     :::image type="content" source="media/tutorial-enable-pr-annotations/build-validation.png" alt-text="Screenshot that shows where the CI Build toggle is located." lightbox="media/tutorial-enable-pr-annotations/build-validation.png":::
 
-1. Select **Save**. 
+1. Select **Save**.
 
     :::image type="content" source="media/tutorial-enable-pr-annotations/validation-policy.png" alt-text="Screenshot that shows the build validation.":::
 
@@ -148,6 +148,7 @@ API Info:
 
 **Http Method**: PATCH
 **URLs**:
+
 - Azure DevOps Project Update: `https://management.azure.com/subscriptions/<subId>/resourcegroups/<resourceGroupName>/providers/Microsoft.Security/securityConnectors/<connectorName>/devops/default/azureDevOpsOrgs/<adoOrgName>/projects/<adoProjectName>?api-version=2023-09-01-preview`
 - Azure DevOps Org Update]: `https://management.azure.com/subscriptions/<subId>/resourcegroups/<resourceGroupName>/providers/Microsoft.Security/securityConnectors/<connectorName>/devops/default/azureDevOpsOrgs/<adoOrgName>?api-version=2023-09-01-preview`
 
@@ -173,12 +174,12 @@ Parameters / Options Available
 **Options**: Enabled | Disabled
 
 **`<Category>`**
-**Description**: Category of Findings that will be annotated on pull requests. 
+**Description**: Category of Findings that will be annotated on pull requests.
 **Options**: IaC | Code | Artifacts | Dependencies | Containers
 **Note**: Only IaC is supported currently
 
 **`<Severity>`**
-**Description**: The minimum severity of a finding that will be considered when creating PR annotations. 
+**Description**: The minimum severity of a finding that will be considered when creating PR annotations.
 **Options**: High | Medium | Low
 
 Example of enabling an Azure DevOps Org's PR Annotations for the IaC category with a minimum severity of Medium using the az cli tool.

articles/defender-for-cloud/endpoint-detection-response.md

@@ -13,7 +13,7 @@ ai-usage: ai-assisted
 
 Microsoft Defender for Cloud provides recommendations to secure and configure your endpoint detection and response solutions. By remediating these recommendations, you can ensure that your endpoint detection and response solution are compliant and secure across all environments.
 
-The endpoint detection and response recommendations allow you to: 
+The endpoint detection and response recommendations allow you to:
 
 - Identify if an endpoint detection and response solution is installed on your multicloud machines
 
@@ -27,16 +27,16 @@ The recommendations mentioned in this article are only available if you have the
 
 - [Defender for Cloud](connect-azure-subscription.md) enabled on your Azure account.
 
-- You must have either of the following plans enabled on Defender for Cloud enabled on your subscription: 
-    - [Defender for Servers plan 2](tutorial-enable-servers-plan.md)
-    - [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) 
+- You must have either of the following plans enabled on Defender for Cloud enabled on your subscription:
+  - [Defender for Servers plan 2](tutorial-enable-servers-plan.md)
+  - [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md)
 
 - You must enable [agentless scanning for virtual machines](enable-agentless-scanning-vms.md#enabling-agentless-scanning-for-machines).
 
 > [!NOTE]
 > The feature described on this page is the replacement feature for the [MMA based feature](endpoint-protection-recommendations-technical.md), which is set to be retired along with the MMA retirement in August 2024.
 >
-> Learn more about the migration and the [deprecation process of the endpoint protection related recommendations](prepare-deprecation-log-analytics-mma-agent.md#endpoint-protection-recommendations-experience). 
+> Learn more about the migration and the [deprecation process of the endpoint protection related recommendations](prepare-deprecation-log-analytics-mma-agent.md#endpoint-protection-recommendations-experience).
 
 ## Review and remediate endpoint detection and response discovery recommendations
 
@@ -140,7 +140,7 @@ This recommended action is available when:
 
 **To enable the Defender for Endpoint integration on your Defender for Servers plan on the affected VM**:
 
-1. Select the affected machine. 
+1. Select the affected machine.
 
 1. (Optional) Select multiple affected machines that have the `Upgrade Defender plan` recommended action.
 
@@ -170,7 +170,7 @@ This recommended action is available when:
 
     :::image type="content" source="media/endpoint-detection-response/remediation-steps.png" alt-text="Screenshot that shows where the remediation steps are located in the recommendation." lightbox="media/endpoint-detection-response/remediation-steps.png":::
 
-1. Follow the instructions to troubleshoot Microsoft Defender for Endpoint onboarding issues for [Windows](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide&WT.mc_id=Portal-Microsoft_Azure_Security) or [Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide&WT.mc_id=Portal-Microsoft_Azure_Security).
+1. Follow the instructions to troubleshoot Microsoft Defender for Endpoint onboarding issues for [Windows](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding) or [Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux).
 
 After the process is completed, it can take up to 24 hours until your machine appears in the Healthy resources tab.
 
@@ -218,7 +218,7 @@ When Defender for Cloud finds misconfigurations in your endpoint detection and r
 
 1. Follow the remediation steps.
 
-After the process is completed, it can take up to 24 hours until your machine appears in the Healthy resources tab. 
+After the process is completed, it can take up to 24 hours until your machine appears in the Healthy resources tab.
 
 ## Next step
 

articles/defender-for-cloud/faq-cspm.yml

@@ -19,13 +19,13 @@ sections:
       - question: |
           If I address only three out of four recommendations in a security control, will my secure score change?
         answer: |
-          No. It won't change until you remediate all of the recommendations for a single resource. To get the maximum score for a control, you must remediate all recommendations for all resources.
+            No. It doesn't change until you remediate all of the recommendations for a single resource. To get the maximum score for a control, you must remediate all recommendations for all resources.
 
 
       - question: |
           If a security control offers me zero points towards my secure score, should I ignore it?
         answer: |
-          In some cases, you'll see a control max score greater than zero, but the impact is zero. When the incremental score for fixing resources is negligible, it's rounded to zero. Don't ignore these recommendations because they still bring security improvements. The only exception is the "Additional Best Practice" control. Remediating these recommendations won't increase your score, but it will enhance your overall security.
+          In some cases, you'll see a control max score greater than zero, but the impact is zero. When the incremental score for fixing resources is negligible, it's rounded to zero. Don't ignore these recommendations because they still bring security improvements. The only exception is the "Additional Best Practice" control. Remediating these recommendations doesn't increase your score, but it enhances your overall security.
 
       - question: |
           How does scanning affect the instances?
@@ -40,7 +40,7 @@ sections:
 
           | Cloud provider  | Changes  |
           |---------|---------|
-          | Azure    | - Adds a “VM Scanner Operator” role assignment<br>- Adds a “vmScanners” resource with the relevant configurations used to manage the scanning process        |
+          | Azure    | - Adds a "VM Scanner Operator" role assignment<br>- Adds a "vmScanners" resource with the relevant configurations used to manage the scanning process        |
           | AWS     | - Adds role assignment<br>- Adds authorized audience to OpenIDConnect provider<br>- Snapshots are created next to the scanned volumes, in the same account, during the scan (typically for a few minutes)        |
           | GCP     | - Adds a role assignment |
 
@@ -52,7 +52,7 @@ sections:
       - question: |
           Can I calculate the secure score at the resource group level?
         answer: |
-          Secure score is calculated per Azure subscription, AWS account or GCP project. You can also view the secure score within the management scope such as Azure management group, AWS management account or GCP organization. There's no secure score per resource group. 
+          Secure score is calculated per Azure subscription, AWS account, or GCP project. You can also view the secure score within the management scope such as Azure management group, AWS management account, or GCP organization. There's no secure score per resource group.