Merge pull request #105782 from memildin/asc-melvyn-20200129

Brought consistency to threat protection terminology

Author: PMEds28

articles/security-center/advanced-threat-protection-key-vault.md

@@ -1,5 +1,5 @@
 ---
-title: Set up advanced threat protection for Azure Key Vault
+title: Threat protection for Azure Key Vault
 description: This article explains how to set up advanced threat protection for Azure Key Vault in Azure Security Center
 services: security-center
 author: memildin

articles/security-center/container-security.md

@@ -57,9 +57,9 @@ AKS provides security controls and visibility into the security posture of your
 
 For details of the relevant Security Center recommendations that might appear for this feature, see the [container section](recommendations-reference.md#recs-containers) of the recommendations reference table.
 
-## Run-time protection - Real-time threat detection
+## Run-time protection - Real-time threat protection
 
-Security Center provides real-time threat detection for your containerized environments and generates alerts for suspicious activities. You can use this information to quickly remediate security issues and improve the security of your containers.
+Security Center provides real-time threat protection for your containerized environments and generates alerts for suspicious activities. You can use this information to quickly remediate security issues and improve the security of your containers.
 
 We detect threats at the host and AKS cluster level. For full details, see [threat protection for Azure containers](threat-protection.md#azure-containers).
 

articles/security-center/faq-billing.md

@@ -23,7 +23,7 @@ Security Center is offered in two tiers:
 
 - The **free tier** provides visibility into the security state of your Azure resources, basic security policy, security recommendations, and integration with security products and services from partners.
 
-- The **standard tier** adds advanced threat detection capabilities, including threat intelligence, behavioral analysis, anomaly detection, security incidents, and threat attribution reports. You can start a Standard tier free trial. To upgrade, select [Pricing Tier](https://docs.microsoft.com/azure/security-center/security-center-pricing) in the security policy. To learn more, see the [pricing page](https://azure.microsoft.com/pricing/details/security-center/).
+- The **standard tier** adds threat protection capabilities that includes security alerts, threat intelligence, behavioral analysis, anomaly detection, and threat attribution reports. You can start a standard tier free trial. To upgrade, select [Pricing Tier](https://docs.microsoft.com/azure/security-center/security-center-pricing) in the security policy. To learn more, see the [pricing page](https://azure.microsoft.com/pricing/details/security-center/).
 
 ## How can I track who in my organization performed pricing tier changes in Azure Security Center
 Azure Subscriptions may have multiple administrators with permissions to change the pricing tier. To find out which user performed a pricing tier change, use the Azure Activity Log. For more information, see [here](https://techcommunity.microsoft.com/t5/Security-Identity/Tracking-Changes-in-the-Pricing-Tier-for-Azure-Security-Center/td-p/390832).

articles/security-center/monitor-container-security.md

@@ -25,7 +25,7 @@ Azure Security Center covers the following three aspects of container security:
 
 - **Hardening your Azure Kubernetes Service clusters** - Security Center provides recommendations when it finds vulnerabilities in the configuration of your Azure Kubernetes Service clusters. For details of the specific recommendations that may appear, see the [Kubernetes Service recommendations](recommendations-reference.md#recs-containers).
 
-- **Runtime protection** - If you're on Security Center's standard pricing tier, you'll get real-time threat detection for your containerized environments. Security Center generates alerts for suspicious activities at the host and AKS cluster level. For details of the relevant security alerts that might appear, see the [Alerts for Azure Kubernetes Service clusters](alerts-reference.md#alerts-akscluster) and [Alerts for containers - host level](alerts-reference.md#alerts-containerhost) sections of the alerts reference table.
+- **Runtime protection** - If you're on Security Center's standard pricing tier, you'll get real-time threat protection for your containerized environments. Security Center generates alerts for suspicious activities at the host and AKS cluster level. For details of the relevant security alerts that might appear, see the [Alerts for Azure Kubernetes Service clusters](alerts-reference.md#alerts-akscluster) and [Alerts for containers - host level](alerts-reference.md#alerts-containerhost) sections of the alerts reference table.
 
 ## Scanning your ARM-based container registries for vulnerabilities 
 

articles/security-center/security-center-container-recommendations.md

@@ -30,7 +30,7 @@ Azure Security Center provides the following capabilities to help you secure you
 
     ![container tab](./media/security-center-container-recommendations/container-cis-benchmark.png)
 
-- **Real time container threat detection**<br> Security Center provides real-time threat detection for your containers on Linux machines with AuditD component. The alerts identify several suspicious Docker activities, such as the creation of a privileged container on host, an indication of Secure Shell (SSH) server running inside a Docker container, or the use of crypto miners. You can use this information to quickly remediate security issues and improve the security of your containers.
+- **Real time container threat protection**<br> Security Center provides real-time threat protection for your containers on Linux machines with AuditD component. The alerts identify several suspicious Docker activities, such as the creation of a privileged container on host, an indication of Secure Shell (SSH) server running inside a Docker container, or the use of crypto miners. You can use this information to quickly remediate security issues and improve the security of your containers.
 
     ![container tab](./media/security-center-container-recommendations/docker-threat-detection.png)
 

articles/security-center/security-center-cross-tenant-management.md

@@ -47,7 +47,7 @@ The views and actions are basically the same. Here are some examples:
 - **Remediate recommendations**: Monitor and remediate a [recommendation](security-center-recommendations.md) for many resources from various tenants at one time. You can then immediately tackle the vulnerabilities that present the highest risk across all tenants.
 - **Manage Alerts**: Detect [alerts](security-center-alerts-overview.md) throughout the different tenants. Take action on resources that are out of compliance with actionable [remediation steps](security-center-managing-and-responding-alerts.md).
 
-- **Manage advanced cloud defense features and more**: Manage the various threat detection and protection services, such as [just-in-time (JIT) VM access](security-center-just-in-time.md), [Adaptive Network Hardening](security-center-adaptive-network-hardening.md), [adaptive application controls](security-center-adaptive-application.md), and more.
+- **Manage advanced cloud defense features and more**: Manage the various threat protection services, such as [just-in-time (JIT) VM access](security-center-just-in-time.md), [Adaptive Network Hardening](security-center-adaptive-network-hardening.md), [adaptive application controls](security-center-adaptive-application.md), and more.
 
 ## Next steps
 This article explains how cross-tenant management works in Security Center. To learn more about Security Center, see the following:

articles/security-center/security-center-enable-data-collection.md

@@ -14,7 +14,7 @@ ms.author: memildin
 # Data collection in Azure Security Center
 Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) computers to monitor for security vulnerabilities and threats. Data is collected using the Log Analytics Agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user. The Log Analytics Agent also copies crash dump files to your workspace.
 
-Data collection is required to provide visibility into missing updates, misconfigured OS security settings, endpoint protection status, and health and threat detections. 
+Data collection is required to provide visibility into missing updates, misconfigured OS security settings, endpoint protection status, and health and threat protection. 
 
 This article describes how to install a Log Analytics Agent and set a Log Analytics workspace in which to store the collected data. Both operations are required to enable data collection. 
 
@@ -137,7 +137,7 @@ When you select a workspace in which to store your data, all the workspaces acro
 
 
 ## Data collection tier
-Selecting a data collection tier in Azure Security Center will only affect the storage of security events in your Log Analytics workspace. The Log Analytics agent will still collect and analyze the security events required for Azure Security Center’s threat detections, regardless of which tier of security events you choose to store in your Log Analytics workspace (if any). Choosing to store security events in your workspace will enable investigation, search, and auditing of those events in your workspace. 
+Selecting a data collection tier in Azure Security Center will only affect the storage of security events in your Log Analytics workspace. The Log Analytics agent will still collect and analyze the security events required for Azure Security Center’s threat protection, regardless of which tier of security events you choose to store in your Log Analytics workspace (if any). Choosing to store security events in your workspace will enable investigation, search, and auditing of those events in your workspace. 
 > [!NOTE]
 > Storing data in log analytics might incur additional charges for data storage. For more information, see the [pricing page](https://azure.microsoft.com/pricing/details/security-center/).
 > 

articles/security-center/security-center-intro.md

@@ -35,7 +35,7 @@ To help you protect yourself against these challenges, Security Center provides
 
 -   **Strengthen security posture**: Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure.
 
--   **Protect against threats**: Security Center assesses your workloads and raises threat prevention recommendations and threat detection alerts.
+-   **Protect against threats**: Security Center assesses your workloads and raises threat prevention recommendations and security alerts.
 
 -   **Get secure faster**: In Security Center, everything is done in cloud speed. Because it is natively integrated, deployment of Security Center is easy, providing you with autoprovisioning and protection with Azure services.
 
@@ -47,7 +47,7 @@ Because Security Center is natively part of Azure, PaaS services in Azure - incl
 
 In addition, Security Center protects non-Azure servers and virtual machines in the cloud or on premises, for both Windows and Linux servers, by installing the Microsoft Monitoring Agent on them. Azure virtual machines are auto-provisioned in Security Center.
 
-The events collected from the agents and from Azure are correlated in the security analytics engine to provide you tailored recommendations (hardening tasks), that you should follow to make sure your workloads are secure, and threat detection alerts. You should investigate such alerts as soon as possible to make sure malicious attacks aren't taking place on your workloads.
+The events collected from the agents and from Azure are correlated in the security analytics engine to provide you tailored recommendations (hardening tasks), that you should follow to make sure your workloads are secure, and security alerts. You should investigate such alerts as soon as possible to make sure malicious attacks aren't taking place on your workloads.
 
 When you enable Security Center, the security policy built-in to Security Center is reflected in Azure Policy as a built in initiative under Security Center category. The built-in initiative is automatically assigned to all Security Center registered subscriptions (Free or Standard tiers). The built-in initiative contains only Audit policies. For more information about Security Center policies in Azure Policy, see [Working with security policies](tutorial-security-policy.md).
 
@@ -108,10 +108,9 @@ Security Center's threat protection includes fusion kill-chain analysis, which a
 
 ![Security Center attack recommendation](media/security-center-intro/sc-attack-recommendation.png)
 
-### Advanced threat protection
+### Integration with Microsoft Defender Advanced threat protection
 
-With Security Center, you get native integration with Windows Defender Advanced Threat Protection out of the box. This means that without any configuration, your Windows virtual machines and servers are fully integrated with Security Center's recommendations and assessments. Advanced threat detection is also
-offered out of the box for Linux virtual machines and servers.
+Security Center includes automatic, native integration with Microsoft Defender Advanced Threat Protection. This means that without any configuration, your Windows and Linux machines are fully integrated with Security Center's recommendations and assessments.
 
 In addition, Security Center lets you automate application control policies on server environments. The adaptive application controls in Security Center enable end-to-end app whitelisting across your Windows servers. You don't need to create the rules and check violations, it's all done automatically for you.
 
@@ -134,7 +133,7 @@ recommendations for how to mitigate them.
 
 ### Protect IoT and hybrid cloud workloads
 
-Azure Security Center for IoT (Internet of Things) simplifies hybrid workload protection by delivering unified visibility and control, adaptive threat prevention, and intelligent threat detection and response across workloads running on edge, on-premises, in Azure, and in other clouds. For more information, see [Azure Security Center for IoT](https://docs.microsoft.com/azure/asc-for-iot/).
+Azure Security Center for IoT (Internet of Things) simplifies hybrid workload protection by delivering unified visibility and control, adaptive threat prevention, and intelligent threat protection and response across workloads running on edge, on-premises, in Azure, and in other clouds. For more information, see [Azure Security Center for IoT](https://docs.microsoft.com/azure/asc-for-iot/).
 
 ## Get secure faster
 
@@ -153,6 +152,5 @@ Extensive log collection - logs from Windows and Linux are all leveraged in the
 ## Next steps
 
 - To get started with Security Center, you need a subscription to Microsoft Azure. If you do not have a subscription, you can sign up for a [free trial](https://azure.microsoft.com/free/).
-- Security Center’s Free pricing tier is enabled with your Azure subscription. To take advantage of advanced security management and threat detection capabilities, you must upgrade to the Standard pricing tier. The Standard tier can be tried for free. See the [Security Center pricing page](https://azure.microsoft.com/pricing/details/security-center/) for more information.
-- If you’re ready to enable Security Center Standard now, the [Quickstart: Onboard your Azure subscription to Security Center Standard](security-center-get-started.md) walks you through the steps.
-
+- Security Center’s free pricing tier is enabled with your Azure subscription. To take advantage of advanced security management and threat protection capabilities, you must upgrade to the standard pricing tier. The standard tier can be tried for free for 30 days. For more information, see the [Security Center pricing page](https://azure.microsoft.com/pricing/details/security-center/).
+- If you’re ready to enable Security Center standard now, the [Quickstart: Onboard your Azure subscription to Security Center Standard](security-center-get-started.md) walks you through the steps.

articles/security-center/security-center-managing-and-responding-alerts.md

@@ -62,7 +62,7 @@ Security Center automatically collects, analyzes, and integrates log data from y
 
 1. The remediation steps suggested by Security Center vary according to the security alert. Follow them for each alert. 
 
-    In some cases, in order to mitigate a threat detection alert, you may have to use other Azure controls or services to implement the recommended remediation. 
+    In some cases, in order to mitigate a security alert, you may have to use other Azure controls or services to implement the recommended remediation. 
 
     The following topics guide you through the different alerts, according to resource types:
 

articles/security-center/security-center-onboarding.md

@@ -18,10 +18,10 @@ ms.author: memildin
 # Onboarding to Azure Security Center Standard for enhanced security
 Upgrade to Security Center Standard to take advantage of enhanced security management and threat protection for your hybrid cloud workloads. You can try Standard free. See the Security Center [pricing page](https://azure.microsoft.com/pricing/details/security-center/) for more information.
 
-Security Center Standard includes:
+Security Center standard tier includes:
 
 - **Hybrid security** – Get a unified view of security across all of your on-premises and cloud workloads. Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security standards. Collect, search, and analyze security data from a variety of sources, including firewalls and other partner solutions.
-- **Advanced threat detection** - Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. Leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. Streamline investigation with interactive tools and contextual threat intelligence.
+- **Security alerts** - Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. Leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. Streamline investigation with interactive tools and contextual threat intelligence.
 - **Access and application controls** - Block malware and other unwanted applications by applying whitelisting recommendations adapted to your specific workloads and powered by machine learning. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs, drastically reducing exposure to brute force and other network attacks.
 
 ## Detecting unprotected resources
@@ -35,7 +35,7 @@ You can upgrade an entire Azure subscription to the Standard tier, which is inhe
 >
 
 ## Upgrade an Azure subscription or workspace
-To upgrade a subscription or workspace to Standard:
+To upgrade a subscription or workspace to standard:
 1. Under the Security Center main menu, select **Getting started**.
   ![Getting started](./media/security-center-onboarding/get-started.png)
 2. Under **Upgrade**, Security Center lists subscriptions and workspaces eligible for onboarding.