Merge pull request #244893 from dcurwin/wi2-123292-improve-deploy-july13-2023

Improve Deploy section - Part 2

Author: v-regandowner

articles/defender-for-cloud/TOC.yml

@@ -79,6 +79,9 @@
         href: tutorial-enable-container-aws.md
       - name: Protect your Google Cloud Platform (GCP) project containers
         href: tutorial-enable-container-gcp.md
+      - name: How to enable Defender for Containers components
+        displayName: kubernetes, aks, acr, registries, k8s, arc, hybrid, on-premises, azure arc, multicloud
+        href: defender-for-containers-enable.md
     - name: Protect your key vaults with Defender for Key Vault
       displayName: enable, key, vault, key vault
       href: tutorial-enable-key-vault-plan.md
@@ -544,9 +547,6 @@
     - name: How does Defender for Containers work?
       displayName: containers
       href: defender-for-containers-architecture.md
-    - name: Enable Defender for Containers
-      displayName: kubernetes, aks, acr, registries, k8s, arc, hybrid, on-premises, azure arc, multicloud
-      href: defender-for-containers-enable.md
     - name: Vulnerability assessment for Azure powered by Qualys
       displayName: ACR, registry, images, qualys
       href: defender-for-containers-vulnerability-assessment-azure.md

articles/defender-for-cloud/defender-for-containers-enable.md

@@ -1,5 +1,5 @@
 ---
-title: How to enable Microsoft Defender for Containers 
+title: How to enable Microsoft Defender for Containers components
 description: Enable the container protections of Microsoft Defender for Containers
 ms.topic: how-to
 author: dcurwin
@@ -9,7 +9,7 @@ zone_pivot_groups: k8s-host
 ms.date: 06/29/2023
 ---
 
-# Enable Microsoft Defender for Containers
+# How to enable Microsoft Defender for Containers components
 
 Microsoft Defender for Containers is the cloud-native solution for securing your containers.
 
@@ -25,7 +25,14 @@ Defender for Containers protects your clusters whether they're running in:
 
 Learn about this plan in [Overview of Microsoft Defender for Containers](defender-for-containers-introduction.md).
 
-You can learn more by watching these videos from the Defender for Cloud in the Field video series:
+You can first learn how to connect and protect your containers in these articles:
+
+- [Protect your Azure containers with Defender for Containers](tutorial-enable-containers-azure.md)
+- [Protect your on-premises Kubernetes clusters with Defender for Containers](tutorial-enable-containers-arc.md)
+- [Protect your Amazon Web Service (AWS) accounts containers with Defender for Containers](tutorial-enable-container-aws.md)
+- [Protect your Google Cloud Platform (GCP) project containers with Defender for Containers](tutorial-enable-container-gcp.md)
+
+You can also learn more by watching these videos from the Defender for Cloud in the Field video series:
 
 - [Microsoft Defender for Containers in a multicloud environment](episode-nine.md)
 - [Protect Containers in GCP with Defender for Containers](episode-ten.md)

articles/defender-for-cloud/quickstart-onboard-aws.md

@@ -115,6 +115,10 @@ To connect your AWS to Defender for Cloud by using a native connector:
 
     Optionally, select **Management account** to create a connector to a management account. Connectors are created for each member account discovered under the provided management account. Auto-provisioning is enabled for all of the newly onboarded accounts.
 
+## Select Defender plans
+
+In this section of the wizard, you select the Defender for Cloud plans that you want to enable.
+
 1. Select **Next: Select plans**.
 
     The **Select plans** tab is where you choose which Defender for Cloud capabilities to enable for this AWS account. Each plan has its own [requirements for permissions](concept-aws-connector.md#native-connector-plan-requirements) and might incur [charges](https://azure.microsoft.com/pricing/details/defender-for-cloud/?v=17.23h).

articles/defender-for-cloud/quickstart-onboard-gcp.md

@@ -53,6 +53,10 @@ To connect your GCP project to Defender for Cloud by using a native connector:
 
    Optionally, if you select **Organization**, a management project and an organization custom role are created on your GCP project for the onboarding process. Autoprovisioning is enabled for the onboarding of new projects.
 
+## Select Defender plans
+
+In this section of the wizard, you select the Defender for Cloud plans that you want to enable.
+
 1. Select **Next: Select plans**.
 
 1. For the plans that you want to connect, turn the toggle to **On**. By default, all necessary prerequisites and components are provisioned. [Learn how to configure each plan](#optional-configure-selected-plans).

articles/defender-for-cloud/tutorial-enable-container-aws.md

@@ -19,9 +19,9 @@ You can learn more about Defender for Container's pricing on the [pricing page](
 
 - You must [enable Microsoft Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
 
-- [Connect your AWS account to Microsoft Defender for Cloud](quickstart-onboard-aws.md)
+- [Connect your AWS account to Microsoft Defender for Cloud](quickstart-onboard-aws.md#connect-your-aws-account)
 
-- Validate the following domains only if you're using a relevant OS. For example, if you have EKS clusters running in AWS, then you would only need to apply the `Amazon Linux 2 (Eks): Domain: "amazonlinux.*.amazonaws.com/2/extras/*"` domain.
+- Validate the following domains only if you're using a relevant OS.
 
     | Domain                     | Port | Host operating systems |
     | -------------------------- | ---- |--|
@@ -62,6 +62,9 @@ To protect your EKS clusters, you need to enable the Containers plan on the rele
 
 1. Select **Update**.
 
+> [!NOTE]
+> To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see [How to enable Microsoft Defender for Containers components](defender-for-containers-enable.md).
+
 ## Deploy the Defender extension in Azure
 
 Azure Arc-enabled Kubernetes, the Defender extension, and the Azure Policy extension should be installed and running on your EKS clusters. There's a dedicated Defender for Cloud recommendation that can be used to install these extensions (and Azure Arc if necessary):

articles/defender-for-cloud/tutorial-enable-container-gcp.md

@@ -19,9 +19,9 @@ You can learn more about Defender for Container's pricing on the [pricing page](
 
 - You must [enable Microsoft Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
 
-- [Connect your GCP projects to Microsoft Defender for Cloud](quickstart-onboard-gcp.md).
+- [Connect your GCP projects to Microsoft Defender for Cloud](quickstart-onboard-gcp.md#connect-your-gcp-project).
 
-- Validate the following domains only if you're using a relevant OS. For example, if you have EKS clusters running in AWS, then you would only need to apply the `Amazon Linux 2 (Eks): Domain: "amazonlinux.*.amazonaws.com/2/extras/*"` domain.
+- Validate the following domains only if you're using a relevant OS.
 
     | Domain                     | Port | Host operating systems |
     | -------------------------- | ---- |--|
@@ -65,6 +65,9 @@ You can learn more about Defender for Container's pricing on the [pricing page](
 
 1. Select **Update**.
 
+> [!NOTE]
+> To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see [How to enable Microsoft Defender for Containers components](defender-for-containers-enable.md).
+
 ## Deploy the solution to specific clusters
 
 If you disabled any of the default auto provisioning configurations to Off, during the [GCP connector onboarding process](quickstart-onboard-gcp.md#configure-the-defender-for-containers-plan), or afterwards. You need to manually install Azure Arc-enabled Kubernetes, the Defender extension, and the Azure Policy extensions to each of your GKE clusters to get the full security value out of Defender for Containers.

articles/defender-for-cloud/tutorial-enable-containers-arc.md

@@ -53,6 +53,9 @@ If you would prefer to [assign a custom workspace](defender-for-containers-enabl
 
 1. Select **Save**.
 
+> [!NOTE]
+> To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see [How to enable Microsoft Defender for Containers components](defender-for-containers-enable.md).
+
 ## Deploy the Defender extension on Arc-enabled Kubernetes clusters that were onboarded to an Azure subscription
 
 You can enable the Defender for Containers plan and deploy all of the relevant components in different ways. We walk you through the steps to accomplish this using the Azure portal. Learn how to [deploy the Defender extension](/azure/defender-for-cloud/defender-for-containers-enable?pivots=defender-for-container-arc&tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api#deploy-the-defender-extension) with REST API, Azure CLI or with a Resource Manager template.

articles/defender-for-cloud/tutorial-enable-containers-azure.md

@@ -46,6 +46,9 @@ If you would prefer to [assign a custom workspace](/azure/defender-for-cloud/def
 
 1. Select **Save**.
 
+> [!NOTE]
+> To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see [How to enable Microsoft Defender for Containers components](defender-for-containers-enable.md).
+
 ## Deploy the Defender profile in Azure
 
 You can enable the Defender for Containers plan and deploy all of the relevant components in different ways. We walk you through the steps to accomplish this using the Azure portal. Learn how to [deploy the Defender profile](defender-for-containers-enable.md#deploy-the-defender-profile) with REST API, Azure CLI or with a Resource Manager template.