Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI195353-qualys-notice

Author: ElazarK

articles/azure-app-configuration/cli-samples.md

@@ -5,13 +5,13 @@ author: maud-lv
 ms.author: malev
 ms.service: azure-app-configuration
 ms.topic: sample
-ms.date: 08/09/2022 
+ms.date: 1/9/2024
 ms.custom: devx-track-azurecli, devdivchpfy22
 ---
 
 # Azure CLI samples
 
-The following table includes links to bash scripts for Azure App Configuration by using the [az appconfig](/cli/azure/appconfig) commands in the Azure CLI:
+The following table includes links to Azure CLI scripts for Azure App Configuration using the [az appconfig](/cli/azure/appconfig) commands in the Azure CLI:
 
 | Script | Description |
 |-|-|

articles/azure-monitor/alerts/alerts-log-alert-query-samples.md

@@ -10,13 +10,24 @@ ms.reviewer: nolavime
 
 # Sample log alert queries that include ADX and ARG
 
-A log alert rule monitors a resource by using a Log Analytics query to evaluate resource logs at a set frequency. You can include data from Azure Data Explorer and Azure Resource Graph in your log alert rule queries.
+A log alert rule monitors a resource by using a Log Analytics query to evaluate logs at a set frequency. You can include data from Azure Data Explorer and Azure Resource Graph in your log alert rule queries.
 
 This article provides examples of log alert rule queries that use Azure Data Explorer and Azure Resource Graph. For more information about creating a log alert rule, see [Create a log alert rule](./alerts-create-log-alert-rule.md).
 
-## Query that checks virtual machine health
+## Queries that check virtual machine health
 
-This query finds virtual machines that are marked as critical and that had a heartbeat more than 24 hours ago, but that haven't had a heartbeat in the last 2 minutes.
+This query finds virtual machines marked as critical that haven't had a heartbeat in the last 2 minutes.
+
+```kusto
+    arg("").Resources
+    | where type == "microsoft.compute/virtualmachines"
+    | summarize LastCall = max(case(isnull(TimeGenerated), make_datetime(1970, 1, 1), TimeGenerated)) by name, id
+    | extend SystemDown = case(LastCall < ago(2m), 1, 0)
+    | where SystemDown == 1
+```
+
+
+This query finds virtual machines marked as critical that had a heartbeat more than 24 hours ago, but that haven't had a heartbeat in the last 2 minutes.
 
 ```kusto
 {
@@ -38,15 +49,15 @@ This query finds virtual machines that are marked as critical and that had a hea
 ## Query that filters virtual machines that need to be monitored
 
 ```kusto
-{
+   {
     let RuleGroupTags = dynamic(['Linux']);
-    Perf | where ObjectName == 'Processor' and CounterName == '% Idle Time' and (InstanceName == '_Total' or InstanceName == 'total')
+    Perf | where ObjectName == 'Processor' and CounterName == '% Idle Time' and (InstanceName in ('_Total,'total'))
     | extend CpuUtilisation = (100 - CounterValue)   
     | join kind=inner hint.remote=left (arg("").Resources
-    | where type =~ 'Microsoft.Compute/virtualMachines'
+        | where type =~ 'Microsoft.Compute/virtualMachines'
     | project _ResourceId=tolower(id), tags) on _ResourceId
     | project-away _ResourceId1
-    | where (isnull(tags.monitored) or tolower(tostring(tags.monitored)) != 'false') and (tostring(tags.monitorRuleGroup) in (RuleGroupTags) or isnull(tags.monitorRuleGroup) or tostring(tags.monitorRuleGroup) == '')
+    | where  (tostring(tags.monitorRuleGroup) in (RuleGroupTags)) 
 }
 ```
 
@@ -68,10 +79,10 @@ This query finds virtual machines that are marked as critical and that had a hea
 ```kusto
 {
     arg("").resourcechanges
-    | extend changeTime = todatetime(properties.changeAttributes.timestamp), targetResourceId = tostring(properties.targetResourceId),
+    | extend changeTime = todatetime(properties.changeAttributes.timestamp), 
     changeType = tostring(properties.changeType),targetResourceType = tostring(properties.targetResourceType),
     changedBy = tostring(properties.changeAttributes.changedBy)
-    | where changeType == "Create"
+    | where changeType == "Create" and changeTime <ago(1h)
     | project changeTime,targetResourceId,changedBy
 }
 ```

articles/defender-for-cloud/TOC.yml

@@ -599,9 +599,6 @@
       - name: How does Defender for Containers work?
         displayName: containers
         href: defender-for-containers-architecture.md
-      - name: Vulnerability assessment for Azure powered by Qualys
-        displayName: ACR, registry, images, qualys
-        href: defender-for-containers-vulnerability-assessment-azure.md
       - name: Vulnerability assessments powered by Microsoft Defender Vulnerability Management
         items:
           - name: Vulnerability assessments for Azure
@@ -622,12 +619,15 @@
             href: transition-to-defender-vulnerability-management.md
           - name: Common questions 
             href: common-questions-microsoft-defender-vulnerability-management.md
-      - name: Vulnerability assessment for AWS powered by Trivy (deprecated)
-        displayName: AWS, ECR, registry, images, qualys
-        href: defender-for-containers-vulnerability-assessment-elastic.md
       - name: Kubernetes data plane hardening
         displayName: k8s, containers, aks
         href: kubernetes-workload-protections.md
+      - name: Vulnerability assessment for Azure powered by Qualys (Deprecated)
+        displayName: ACR, registry, images, qualys
+        href: defender-for-containers-vulnerability-assessment-azure.md
+      - name: Vulnerability assessment for AWS powered by Trivy (deprecated)
+        displayName: AWS, ECR, registry, images, qualys
+        href: defender-for-containers-vulnerability-assessment-elastic.md
       - name: Defender for Kubernetes (deprecated)
         displayName: clusters, k8s, aks
         href: defender-for-kubernetes-introduction.md

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -1,14 +1,24 @@
 ---
-title: Vulnerability assessment for Azure powered by Qualys 
+title: Vulnerability assessment for Azure powered by Qualys (Deprecated)
 description: Learn how to use Defender for Containers to scan images in your Azure Container Registry to find vulnerabilities.
 author: dcurwin
 ms.author: dacurwin
-ms.date: 12/19/2023
+ms.date: 12/25/2023
 ms.topic: how-to
 ms.custom: ignite-2022, build-2023
 ---
 
-# Vulnerability assessment for Azure powered by Qualys 
+# Vulnerability assessment for Azure powered by Qualys (Deprecated)
+
+> [!IMPORTANT]
+>
+> The Defender for Cloud Containers Vulnerability Assessment powered by Qualys is now on a retirement path completing on **March 1st, 2024**. If you are currently using container vulnerability assessment powered by Qualys, start planning your transition to [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-azure.md).
+>
+> - For more information about our decision to unify our vulnerability assessment offering with Microsoft Defender Vulnerability Management, see [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
+>
+> - For more information about migrating to our new container vulnerability assessment offering powered by Microsoft Defender Vulnerability Management, see [Transition from Qualys to Microsoft Defender Vulnerability Management](transition-to-defender-vulnerability-management.md).
+>
+> - For common questions about the transition to Microsoft Defender Vulnerability Management, see [Common questions about the Microsoft Defender Vulnerability Management solution](common-questions-microsoft-defender-vulnerability-management.md).
 
 Vulnerability assessment for Azure, powered by Qualys, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
 

articles/defender-for-cloud/transition-to-defender-vulnerability-management.md

@@ -9,7 +9,16 @@ ms.date: 01/08/2024
 
 Microsoft Defender for Cloud is unifying all vulnerability assessment solutions to utilize the Microsoft Defender Vulnerability Management vulnerability scanner.
 
-Microsoft Defender Vulnerability Management integrates across many cloud native use cases, such as containers ship and runtime scenarios.
+Microsoft Defender Vulnerability Management integrates across many cloud native use cases, such as containers ship and runtime scenarios. As part of this change, we're retiring our built-in vulnerability assessments offering powered by Qualys.
+
+> [!IMPORTANT]
+> The Defender for Cloud Containers Vulnerability Assessment powered by Qualys is now on a retirement path completing on **March 1st, 2024**.
+>
+> Customers that onboarded at least one subscription to Defender for Containers prior to **November 15th, 2023** can continue to use Container Vulnerability Assessment powered by Qualys until **March 1st, 2024**.
+>
+> For more information about the change, see [Defender for Cloud unifies Vulnerability Assessment solution powered by Microsoft Defender Vulnerability Management](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
+
+If you're currently using the built vulnerability assessment solution powered by Qualys, start planning for the upcoming retirement by following the steps on this page.
 
 ## Step 1: Verify that scanning is enabled
 

articles/defender-for-cloud/upcoming-changes.md

@@ -26,6 +26,7 @@ If you're looking for the latest release notes, you can find them in the [What's
 | Planned change | Announcement date | Estimated date for change |
 |--|--|--|
 | [Defender for Servers built-in vulnerability assessment (Qualys) retirement path](#defender-for-servers-built-in-vulnerability-assessment-qualys-retirement-path) | January 9, 2024 | May 2024 |
+| [Retirement of the Defender for Cloud Containers Vulnerability Assessment powered by Qualys](#retirement-of-the-defender-for-cloud-containers-vulnerability-assessment-powered-by-qualys) | January 9, 2023 | March 2024 |
 | [New version of Defender Agent for Defender for Containers](#new-version-of-defender-agent-for-defender-for-containers) | January 4, 2024 | February 2024 |
 | [Upcoming change for the Defender for Cloud’s multicloud network requirements](#upcoming-change-for-the-defender-for-clouds-multicloud-network-requirements) | January 3, 2024 | May 2024 |
 | [Deprecation and severity changes to security alerts](#deprecation-and-severity-changes-to-security-alerts) | December 27, 2023 | January 2024 |
@@ -51,6 +52,20 @@ For more information about our decision to unify our vulnerability assessment of
 
 You can also check out the [common questions about the transition to Microsoft Defender Vulnerability Management solution](faq-scanner-detection.yml).
 
+## Retirement of the Defender for Cloud Containers Vulnerability Assessment powered by Qualys
+
+**Announcement date: January 9, 2023**
+
+**Estimated date for change: March 2024**
+
+The Defender for Cloud Containers Vulnerability Assessment powered by Qualys is now on a retirement path completing on **March 1st, 2024**. If you are currently using container vulnerability assessment powered by Qualys, start planning your transition to [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-azure.md).
+
+For more information about our decision to unify our vulnerability assessment offering with Microsoft Defender Vulnerability Management, see [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
+
+For more information about transitioning to our new container vulnerability assessment offering powered by Microsoft Defender Vulnerability Management, see [Transition from Qualys to Microsoft Defender Vulnerability Management](transition-to-defender-vulnerability-management.md).
+
+For common questions about the transition to Microsoft Defender Vulnerability Management, see [Common questions about the Microsoft Defender Vulnerability Management solution](common-questions-microsoft-defender-vulnerability-management.md).
+
 ## New version of Defender Agent for Defender for Containers
 
 **Announcement date: January 4, 2024**

articles/dns/dns-private-resolver-get-started-portal.md

@@ -65,7 +65,7 @@ Next, add a virtual network to the resource group that you created, and configur
 5. Select the **default** subnet.
 6. Enter the following values on the **Edit subnet** page:
     - Name: snet-inbound
-    - IPv4 address range: 10.0.0.0.16
+    - IPv4 address range: 10.0.0.0/16
     - Starting address: 10.0.0.0
     - Size: /28 (16 IP addresses)
     - Select **Save**

articles/hdinsight/hadoop/hdinsight-use-mapreduce.md

@@ -4,7 +4,7 @@ description: Learn how to run Apache MapReduce jobs on Apache Hadoop in HDInsigh
 ms.service: hdinsight
 ms.topic: how-to
 ms.custom: hdinsightactive
-ms.date: 12/21/2022
+ms.date: 01/04/2024
 ---
 
 # Use MapReduce in Apache Hadoop on HDInsight
@@ -13,7 +13,7 @@ Learn how to run MapReduce jobs on HDInsight clusters.
 
 ## Example data
 
-HDInsight provides various example data sets, which are stored in the `/example/data` and `/HdiSamples` directory. These directories are in the default storage for your cluster. In this document, we use the `/example/data/gutenberg/davinci.txt` file. This file contains the notebooks of Leonardo da Vinci.
+HDInsight provides various example data sets, which are stored in the `/example/data` and `/HdiSamples` directory. These directories are in the default storage for your cluster. In this document, we use the `/example/data/gutenberg/davinci.txt` file. This file contains the notebooks of `Leonardo da Vinci`.
 
 ## Example MapReduce
 
@@ -101,8 +101,8 @@ HDInsight can run HiveQL jobs by using various methods. Use the following table
 
 | **Use this**... | **...to do this** |  ...from this **client operating system** |
 |:--- |:--- |:--- |:--- |
-| [SSH](apache-hadoop-use-mapreduce-ssh.md) |Use the Hadoop command through **SSH** |Linux, Unix, Mac OS X, or Windows |
-| [Curl](apache-hadoop-use-mapreduce-curl.md) |Submit the job remotely by using **REST** |Linux, Unix, Mac OS X, or Windows |
+| [SSH](apache-hadoop-use-mapreduce-ssh.md) |Use the Hadoop command through **SSH** |Linux, Unix, `MacOS X`, or Windows |
+| [Curl](apache-hadoop-use-mapreduce-curl.md) |Submit the job remotely by using **REST** |Linux, Unix, `MacOS X`, or Windows |
 | [Windows PowerShell](apache-hadoop-use-mapreduce-powershell.md) |Submit the job remotely by using **Windows PowerShell**  |Windows |
 
 ## Next steps

articles/hdinsight/hdinsight-apps-install-custom-applications.md

@@ -4,7 +4,7 @@ description: Learn how to install HDInsight applications for Apache Hadoop clust
 ms.service: hdinsight
 ms.topic: how-to
 ms.custom: hdinsightactive
-ms.date: 12/21/2022
+ms.date: 01/04/2024
 ---
 
 # Install custom Apache Hadoop applications on Azure HDInsight
@@ -77,9 +77,9 @@ For **Hue**, you can use the following steps:
 
 ### Azure CLI
 
-Replace `CLUSTERNAME`, and `RESOURCEGROUP` with the relevant values and then enter the commands below:
+Replace `CLUSTERNAME`, and `RESOURCEGROUP` with the relevant values and then enter the following commands:
 
-* To lists all of the applications for the HDInsight cluster.
+* To list all of the applications for the HDInsight cluster.
 
     ```azurecli
     az hdinsight application list --cluster-name CLUSTERNAME --resource-group RESOURCEGROUP
@@ -125,7 +125,7 @@ If an application installation failed, you can see the error messages and debug
 
 ### Azure CLI
 
-Replace `NAME`, `CLUSTERNAME`, and `RESOURCEGROUP` with the relevant values and then enter the command below:
+Replace `NAME`, `CLUSTERNAME`, and `RESOURCEGROUP` with the relevant values and then enter the following command:
 
 ```azurecli
 az hdinsight application delete --name NAME --cluster-name CLUSTERNAME --resource-group RESOURCEGROUP

articles/hdinsight/hdinsight-log-management.md

@@ -4,7 +4,7 @@ description: Determine the types, sizes, and retention policies for HDInsight ac
 ms.service: hdinsight
 ms.topic: how-to
 ms.custom: hdinsightactive
-ms.date: 12/07/2022
+ms.date: 01/04/2024
 ---
 
 # Manage logs for an HDInsight cluster
@@ -59,7 +59,7 @@ It's important to understand the workload types running on your HDInsight cluste
 
 * Consider how you can collect logs from the cluster, or from more than one cluster, and collate them for purposes such as auditing, monitoring, planning, and alerting. You might use a custom solution to access and download the log files regularly, and combine and analyze them to provide a dashboard display. You can also add  other capabilities for alerting for security or failure detection. You can build these utilities using PowerShell, the HDInsight SDKs, or code that accesses the Azure classic deployment model.
 
-* Consider whether a monitoring solution or service would be a useful benefit. The Microsoft System Center provides an [HDInsight management pack](https://systemcenter.wiki/?Get_ManagementPackBundle=Microsoft.HDInsight.mpb&FileMD5=10C7D975C6096FFAA22C84626D211259). You can also use third-party tools such as Apache Chukwa and Ganglia to collect and centralize logs. Many companies offer services to monitor Hadoop-based big data solutions, for example: Centerity, Compuware APM, Sematext SPM, and Zettaset Orchestrator.
+* Consider whether a monitoring solution or service would be a useful benefit. The Microsoft System Center provides an [HDInsight management pack](https://systemcenter.wiki/?Get_ManagementPackBundle=Microsoft.HDInsight.mpb&FileMD5=10C7D975C6096FFAA22C84626D211259). You can also use third-party tools such as Apache Chukwa and Ganglia to collect and centralize logs. Many companies offer services to monitor Hadoop-based big data solutions, for example: `Centerity`, Compuware APM, Sematext SPM, and Zettaset Orchestrator.
 
 ## Step 2: Manage cluster service versions and view logs
 
@@ -119,7 +119,7 @@ YARN aggregates logs across all containers on a worker node and stores those log
 /app-logs/<user>/logs/<applicationId>
 ```
 
-The aggregated logs aren't directly readable, as they're written in a TFile binary format indexed by container. Use the YARN ResourceManager logs or CLI tools to view these logs as plain text for applications or containers of interest.
+The aggregated logs aren't directly readable, as they're written in a `TFile` binary format indexed by container. Use the YARN `ResourceManager` logs or CLI tools to view these logs as plain text for applications or containers of interest.
 
 #### YARN CLI tools