Merge pull request #220401 from MicrosoftDocs/main

Publish to live, Monday 4 AM PST, 12/5

Author: ttorble

.openpublishing.redirection.defender-for-cloud.json

@@ -759,6 +759,11 @@
             "source_path_from_root": "/articles/defender-for-cloud/deploy-vulnerability-assessment-tvm.md",
             "redirect_url": "/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management",
             "redirect_document_id": true
-        }    
+        },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/plan-multicloud-security-other-resources.md",
+            "redirect_url": "/azure/defender-for-cloud/multicloud",
+            "redirect_document_id": true
+        }
       ]
 }

articles/active-directory/managed-identities-azure-resources/how-to-assign-app-role-managed-identity-powershell.md

@@ -76,18 +76,25 @@ In this article, you learn how to assign a managed identity to an application ro
     > [!NOTE]
     > Display names for applications are not unique, so you should verify that you obtain the correct application's service principal.
 
-1. Add an [app role](../develop/howto-add-app-roles-in-azure-ad-apps.md) to the application you created in step 3. You can create the role using the Azure portal or by using Microsoft Graph. For example, you could add an app role like this:
+1. Add an [app role](../develop/howto-add-app-roles-in-azure-ad-apps.md) to the application you created in step 3. You can create the role using the Azure portal or by using Microsoft Graph. For example, you could add an app role by running the following query on Graph explorer:
+
+    ```http
+    PATCH /applications/{id}/
 
-    ```json
     {
-        "allowedMemberTypes": [
-            "Application"
-        ],
-        "displayName": "Read data from MyApi",
-        "id": "0566419e-bb95-4d9d-a4f8-ed9a0f147fa6",
-        "isEnabled": true,
-        "description": "Allow the application to read data as itself.",
-        "value": "MyApi.Read.All"
+        "appRoles": [
+            {
+                "allowedMemberTypes": [
+                    "User",
+                    "Application"
+                ],
+                "description": "Read reports",
+                "id": "1e250995-3081-451e-866c-0f6efef9c638",
+                "displayName": "Report reader",
+                "isEnabled": true,
+                "value": "report.read"
+            }
+        ]
     }
     ```
 

articles/azure-monitor/containers/container-insights-logging-v2.md

@@ -36,7 +36,7 @@ Customers can enable the ContainerLogV2 schema at the cluster level. To enable t
 Follow the instructions to configure an existing ConfigMap or to use a new one.
 
 ### Configure an existing ConfigMap
-If your ConfigMap doesn't yet have the `log_collection_settings.schema` field, you'll need to append the following section in your existing ConfigMap .yaml file:
+This applies to the scenario where you have already enabled container insights for your AKS cluster and have [configured agent data collection settings](./container-insights-agent-config.md#configure-and-deploy-configmaps) using ConfigMap "_container-azm-ms-agentconfig.yaml_". If this ConfigMap doesn't yet have the `log_collection_settings.schema` field, you'll need to append the following section in this existing ConfigMap .yaml file:
 
 ```yaml
 [log_collection_settings.schema]

articles/azure-monitor/whats-new.md

@@ -8,7 +8,45 @@ ms.author: edbaynash
 
 # What's new in Azure Monitor documentation
 
-This article lists significant changes to Azure Monitor documentation.
+This article lists significant changes to Azure Monitor documentation.  
+
+## November 2022  
+  
+  
+  
+|Subservice| Article | Description |
+|---|---|---|
+General|[Cost optimization and Azure Monitor](app/tutorial-app-dashboards.md)|Complete rewrite to align with Well Architected Framework. Detailed content moved to other articles and linked from here.|
+Agents|[Collect SNMP trap data with Azure Monitor Agent](essentials/data-collection-transformations-structure.md)|New tutorial that explains how to collect Simple Network Management Protocol (SNMP) traps using Azure Monitor Agent.|
+Alerts|[Manage your alert rules](logs/logs-ingestion-api-overview.md)|Recommended alert rules are enabled for AKS and Log Analytics workspace resources in addition to VMs.|
+Alerts|[Create a new alert rule](logs/private-link-configure.md)|Resource Health alerts and Service Health alerts are created using the same simplified workflow as all other alert types.|
+Application-insights|[What is auto-instrumentation for Azure Monitor Application Insights?](agents/data-collection-text-log.md)|Our auto-instrumentation supported languages chart has been updated.|
+Application-insights|[Enable Application Insights logs\|for ASP.NET Core applications](app/api-custom-events-metrics.md)|The Azure Café sample app is now hosted and linked on Git.|
+Application-insights|[Application Map: Triage distributed applications](app/javascript.md)|App Map Filters, an exciting new feature, has been documented.|
+Application-insights|[How many Application Insights resources should I deploy?](insights/ad-assessment.md)|Clarification has been added on setting iKey dynamically in code.|
+Application-insights|[Sampling in Application Insights](insights/capacity-performance.md)|ASP.NET Core applications may be configured in code or through the `appsettings.json` file. Conflicting information was removed.|
+Application-insights|[Application Monitoring for Azure App Service and ASP.NET ](insights/dns-analytics.md)|Links to check versions have been corrected.|
+Application-insights|[Sampling overrides (preview) - Azure Monitor Application Insights for Java](insights/scom-assessment.md)|Updated OpenTelemetry Span information for Java.|
+Autoscale|[Overview of common autoscale patterns](essentials/metrics-supported.md)|Refreshed and updated.|
+Essentials|[Azure Monitor workspace (preview)](logs/query-packs.md)|Added Bicep example.|
+Essentials|[Configure remote write for Azure Monitor managed service for Prometheus using Azure Active Directory authentication (preview)](change/tutorial-outages.md)|New article|
+Essentials|[Azure Monitor managed service for Prometheus (preview)](insights/ad-assessment.md)|General restructure of Prometheus content.|
+Essentials|[Diagnostic settings in Azure Monitor](essentials/prometheus-metrics-enable.md)|All destination endpoints support TLS 1.2.|
+Essentials|[Migrate from diagnostic settings storage retention to Azure Storage lifecycle management](app/nodejs.md)|Deprecation note added|
+Logs|[Cost optimization and Azure Monitor](app/api-custom-events-metrics.md)|Added cost information and removed preview label.|
+Logs|[Diagnostic settings in Azure Monitor](app/asp-net-core.md)|Added section on controlling costs with transformations.|
+Logs|[Analyze usage in a Log Analytics workspace](app/asp-net-exceptions.md)|Added KQL query that retrieves data volumes for charged data types.|
+Logs|[Access the Azure Monitor Log Analytics API](app/java-standalone-profiler.md)|Refresh and update|
+Logs|[Collect text logs with the Log Analytics agent in Azure Monitor](app/monitor-web-app-availability.md)|New table management section with new articles on table configuration options, schema management, and custom table creation.|
+Logs|[Azure Monitor Metrics overview](essentials/data-platform-metrics.md)| Added a new Azure SDK client library for Go.|
+Logs|[Azure Monitor Log Analytics API Overview](essentials/prometheus-metrics-overview.md)| Added a new Azure SDK client library for Go.|
+Logs|[Azure Monitor Logs overview](logs/cost-logs.md)| Added a new Azure SDK client library for Go.|
+Logs|[Log queries in Azure Monitor](essentials/data-platform-metrics.md)| Added a new Azure SDK client library for Go.|
+Logs|[Set a table's log data plan to Basic or Analytics](logs/api/overview.md)|Added new tables to the list of tables that support the Basic log data plan.|
+Visualizations|[Get started with Azure Workbooks](alerts/itsmc-connector-deletion.md)|Added instructions for how to share Workbooks.|
+Visualizations|[Monitor your Azure services in Grafana](alerts/alerts-create-new-alert-rule.md)|The Grafana integration is GA, and is no longer in preview.|  
+  
+  
 
 ## October 2022  
 

articles/defender-for-cloud/TOC.yml

@@ -134,8 +134,6 @@
       - name: Automate connector deployment
         displayName: rest api
         href: plan-multicloud-security-automate-connector-deployment.md
-      - name: Other resources
-        href: plan-multicloud-security-other-resources.md
   - name: Improve your cloud security posture
     items:
       - name: Policies, initiatives, and recommendations
@@ -611,7 +609,9 @@
     - name: Cloud security explorer and attack path analysis
       href: episode-twenty.md
     - name: Latest updates in the regulatory compliance dashboard
-      href: episode-twenty-one.md  
+      href: episode-twenty-one.md
+    - name: Defender EASM
+      href: episode-twenty-two.md 
   - name: Manage user data
     href: privacy.md
   - name: Microsoft Defender for IoT documentation

articles/defender-for-cloud/episode-twenty-one.md

@@ -42,4 +42,4 @@ ms.date: 11/24/2022
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [New AWS Connector in Microsoft Defender for Cloud](episode-one.md)
+> [Defender External Attack Surface Management (Defender EASM)](episode-twenty-two.md)

articles/defender-for-cloud/episode-twenty-two.md

@@ -0,0 +1,45 @@
+---
+title: Defender EASM | Defender for Cloud in the field
+titleSuffix: Microsoft Defender for Cloud
+description: Learn about Microsoft Defender External Attack Surface Management (Defender EASM)
+ms.topic: reference
+ms.date: 12/01/2022
+---
+
+# Defender EASM | Defender for Cloud in the Field
+
+**Episode description**: In this episode of Defender for Cloud in the Field, Jamil Mirza joins Yuri Diogenes to talk about Microsoft Defender External Attack Surface Management (Defender EASM). Jamil explains how Defender EASM continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. Jamil also covers the integration with Defender for Cloud, how it works, and he demonstrates different capabilities available in Defender EASM..
+<br>
+<br>
+<iframe src="https://aka.ms/docs/player?id=5a3e2eab-52ce-4527-94e0-baae1b9cc81d" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
+
+- [01:11](/shows/mdc-in-the-field/defender-easm#time=01m11s) - What is Defender EASM?
+
+- [02:59](/shows/mdc-in-the-field/defender-easm#time=02m59s) - How does Defender EASM work?
+
+- [05:55](/shows/mdc-in-the-field/defender-easm#time=05m55s) - What type of information is discovered?
+
+- [09:50](/shows/mdc-in-the-field/defender-easm#time=09m50s) - Integration with Defender for Cloud
+
+- [11:51](/shows/mdc-in-the-field/security-explorer#time=11m51s) - Demonstration
+
+
+## Recommended resources
+  - [Learn more](concept-easm.md) about external attack surface management.
+  - Subscribe to [Microsoft Security on YouTube](https://www.youtube.com/playlist?list=PL3ZTgFEc7LysiX4PfHhdJPR7S8mGO14YS)
+  - Join our [Tech Community](https://aka.ms/SecurityTechCommunity)
+  - For more about [Microsoft Security](https://msft.it/6002T9HQY)
+
+- Follow us on social media:
+
+     - [LinkedIn](https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFk5TXZuQld2NlpBRV9BQlJqMktYSm95WWhCZ3xBQ3Jtc0tsQU13MkNPWGNFZzVuem5zc05wcnp0VGxybHprVTkwS2todWw0b0VCWUl4a2ZKYVktNGM1TVFHTXpmajVLcjRKX0cwVFNJaDlzTld4MnhyenBuUGRCVmdoYzRZTjFmYXRTVlhpZGc4MHhoa3N6ZDhFMA&q=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fmicrosoft-security%2F)
+     - [Twitter](https://twitter.com/msftsecurity)
+
+- Join our [Tech Community](https://aka.ms/SecurityTechCommunity)
+
+- Learn more about [Microsoft Security](https://msft.it/6002T9HQY)
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [New AWS Connector in Microsoft Defender for Cloud](episode-one.md)

articles/defender-for-cloud/multicloud.yml

@@ -28,6 +28,8 @@ landingContent:
             url: /azure/cloud-adoption-framework/scenarios/hybrid/
           - text: Why protect multicloud resources with Microsoft Defender for Cloud
             url: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/protect-your-google-cloud-workloads-with-microsoft-defender-for/ba-p/3073360
+          - text: Get started planning multicloud security
+            url: plan-multicloud-security-get-started.md
       - linkListType: how-to-guide
         links:
           - text: Connect your non-Azure machines to Defender for Cloud
@@ -72,8 +74,6 @@ landingContent:
             url: file-integrity-monitoring-overview.md
           - text: Scan your AWS virtual machines for vulnerabilities
             url: deploy-vulnerability-assessment-vm.md
-          - text: Create custom assessments and standards for AWS workloads
-            url: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/custom-assessments-and-standards-in-microsoft-defender-for-cloud/ba-p/3066575
       - linkListType: video
         links:
           - text: How to connect AWS to Microsoft Defender for Cloud
@@ -104,10 +104,6 @@ landingContent:
             url: defender-for-containers-enable.md?tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api&pivots=defender-for-container-gke
           - text: Enable Defender for SQL servers for your GCP SQL databases
             url: defender-for-sql-usage.md
-      - linkListType: how-to-guide
-        links:
-          - text: Create custom assessments and standards for GCP workloads
-            url: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/custom-assessments-and-standards-in-microsoft-defender-for-cloud/ba-p/3251252
       - linkListType: video
         links:
           - text: How to connect GCP to Microsoft Defender for Cloud

articles/defender-for-cloud/plan-multicloud-security-other-resources.md

@@ -457,7 +457,6 @@ The following IAM permissions are needed to discover AWS resources:
 You can check out the following blogs:
 
 - [Ignite 2021: Microsoft Defender for Cloud news](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/ignite-2021-microsoft-defender-for-cloud-news/ba-p/2882807).
-- [Custom assessments and standards in Microsoft Defender for Cloud for AWS workloads (Preview)](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/custom-assessments-and-standards-in-microsoft-defender-for-cloud/ba-p/3066575).
 - [Security posture management and server protection for AWS and GCP](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-posture-management-and-server-protection-for-aws-and/ba-p/3271388)
 
 ## Next steps