You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/faq-general.yml
+14-14Lines changed: 14 additions & 14 deletions
Original file line number
Diff line number
Diff line change
@@ -44,7 +44,7 @@ sections:
44
44
- question: |
45
45
How can I see the current security state of my Azure, multicloud, and on-premises resources?
46
46
answer: |
47
-
The **Defender for Cloud Overview** page shows the overall security posture of your environment broken down by Compute, Networking, Storage & data, and Applications. Each resource type has an indicator showing identified security vulnerabilities. Clicking each tile displays a list of security issues identified by Defender for Cloud, along with an inventory of the resources in your subscription.
47
+
The **Defender for Cloud Overview** page shows the overall security posture of your environment broken down by Compute, Networking, Storage & data, and Applications. Each resource type has an indicator showing identified security vulnerabilities. Selecting each tile displays a list of security issues identified by Defender for Cloud, along with an inventory of the resources in your subscription.
48
48
49
49
50
50
@@ -73,7 +73,7 @@ sections:
73
73
* [Network security groups](../virtual-network/network-security-groups-overview.md) and rules to control traffic to virtual machines
74
74
* Provisioning of a web application firewall to help defend against attacks targeting your web applications
75
75
* Deploying missing system updates
76
-
* Addressing OS configurations that do not match the recommended baselines
76
+
* Addressing OS configurations that don't match the recommended baselines
77
77
78
78
Only recommendations that are enabled in Security Policies are shown here.
79
79
@@ -92,7 +92,7 @@ sections:
92
92
- question: |
93
93
What's the difference between threats detected and alerted on by Microsoft Security Response Center versus Microsoft Defender for Cloud?
94
94
answer: |
95
-
The Microsoft Security Response Center (MSRC) performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties. When MSRC becomes aware that customer data has been accessed by an unlawful or unauthorized party or that the customer’s use of Azure does not comply with the terms for Acceptable Use, a security incident manager notifies the customer. Notification typically occurs by sending an email to the security contacts specified in Microsoft Defender for Cloud or the Azure subscription owner if a security contact is not specified.
95
+
The Microsoft Security Response Center (MSRC) performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties. When MSRC becomes aware that customer data was accessed by an unlawful or unauthorized party or that the customer's use of Azure doesn't comply with the terms for Acceptable Use, a security incident manager notifies the customer. Notification typically occurs by sending an email to the security contacts specified in Microsoft Defender for Cloud or the Azure subscription owner if a security contact isn't specified.
96
96
97
97
Defender for Cloud is an Azure service that continuously monitors the customer's Azure, multicloud, and on-premises environment and applies analytics to automatically detect a wide range of potentially malicious activity. These detections are surfaced as security alerts in the workload protection dashboard.
98
98
@@ -112,7 +112,7 @@ sections:
112
112
- question: |
113
113
What happens when one recommendation is in multiple policy initiatives?
114
114
answer: |
115
-
Sometimes, a security recommendation appears in more than one policy initiative. If you've got multiple instances of the same recommendation assigned to the same subscription, and you create an exemption for the recommendation, it will affect all of the initiatives that you have permission to edit.
115
+
Sometimes, a security recommendation appears in more than one policy initiative. If you have multiple instances of the same recommendation assigned to the same subscription, and you create an exemption for the recommendation, it affects all of the initiatives that you have permission to edit.
116
116
117
117
If you try to create an exemption for this recommendation, you'll see one of the two following messages:
118
118
@@ -149,7 +149,7 @@ sections:
149
149
- Privileged containers should be avoided
150
150
- Running containers as root user should be avoided
151
151
- Services should listen on allowed ports only
152
-
- SQL servers should have an Microsoft Entra administrator provisioned
152
+
- SQL servers should have a Microsoft Entra administrator provisioned
153
153
- Usage of host networking and ports should be restricted
154
154
- Usage of pod HostPath volume mounts should be restricted to a known list to restrict node access from compromised containers
155
155
@@ -159,7 +159,7 @@ sections:
159
159
answer: |
160
160
To investigate why the recommendations are still being generated, verify the following configuration options in your MFA CA policy:
161
161
162
-
- You've included the accounts in the **Users** section of your MFA CA policy (or one of the groups in the **Groups** section)
162
+
- You included the accounts in the **Users** section of your MFA CA policy (or one of the groups in the **Groups** section)
163
163
- The Azure Management app ID (797f4846-ba00-4fd7-ba43-dac1f8f63013), or all apps, are included in the **Apps** section of your MFA CA policy
164
164
- The Azure Management app ID isn't excluded in the **Apps** section of your MFA CA policy
165
165
- OR condition is used with only MFA, or AND condition is used with MFA
@@ -211,7 +211,7 @@ sections:
211
211
answer: |
212
212
There are some limitations to Defender for Cloud's identity and access protections:
213
213
214
-
- Identity recommendations aren't available for subscriptions with more than 6,000 accounts. In these cases, these types of subscriptions will be listed under Not applicable tab.
214
+
- Identity recommendations aren't available for subscriptions with more than 6,000 accounts. In these cases, these types of subscriptions are listed under Not applicable tab.
215
215
- Identity recommendations aren't available for Cloud Solution Provider (CSP) partner's admin agents.
216
216
- Identity recommendations don't identify accounts that are managed with a privileged identity management (PIM) system. If you're using a PIM tool, you might see inaccurate results in the **Manage access and permissions** control.
217
217
- Identity recommendations don't support Microsoft Entra conditional access policies with included Directory Roles instead of users and groups.
@@ -220,7 +220,7 @@ sections:
220
220
- question: |
221
221
What operating systems for my EC2 instances are supported?
222
222
answer: |
223
-
For a list of the AMIs with the SSM Agent preinstalled see [this page in the AWS docs](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html#ami-preinstalled-agent).
223
+
For a list of the AMIs with the SSM Agent preinstalled, see [this page in the AWS docs](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html#ami-preinstalled-agent).
224
224
225
225
For other operating systems, the SSM Agent should be installed manually using the following instructions:
| Simple notification service SNS | `sns:Check*` <br> `sns:List*` |
272
272
| SSM | `ssm:Describe*` <br> `ssm:List*` |
273
273
| SQS | `sqs:List*` <br> `sqs:Receive*` |
274
274
| STS | `sts:GetCallerIdentity` |
@@ -302,7 +302,7 @@ sections:
302
302
answer: |
303
303
There's no cost for enabling a continuous export. Costs might be incurred for ingestion and retention of data in your Log Analytics workspace, depending on your configuration there.
304
304
305
-
Many alerts are only provided when you've enabled Defender plans for your resources. A good way to preview the alerts you'll get in your exported data is to see the alerts shown in Defender for Cloud's pages in the Azure portal.
305
+
Many alerts are only provided when you enabled Defender plans for your resources. A good way to preview the alerts you get in your exported data is to see the alerts shown in Defender for Cloud's pages in the Azure portal.
306
306
307
307
Learn more about [Log Analytics workspace pricing](https://azure.microsoft.com/pricing/details/monitor/).
308
308
@@ -316,7 +316,7 @@ sections:
316
316
answer: |
317
317
No. Continuous export is built for streaming of **events**:
318
318
319
-
- **Alerts** received before you enabled export won't be exported.
319
+
- **Alerts** received before you enabled export aren't exported.
320
320
- **Recommendations** are sent whenever a resource's compliance state changes. For example, when a resource turns from healthy to unhealthy. Therefore, as with alerts, recommendations for resources that haven't changed state since you enabled export won't be exported.
321
321
- **Secure score** per security control or subscription is sent when a security control's score changes by 0.01 or more.
322
322
- **Regulatory compliance status** is sent when the status of the resource's compliance changes.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments