PM feedback

Author: bmansheim

articles/defender-for-cloud/defender-for-sql-introduction.md

@@ -12,7 +12,6 @@ Microsoft Defender for Azure SQL helps you discover and mitigate potential [data
 
 - [Vulnerability assessment](#discover-and-mitigate-vulnerabilities): Scan databases to discover, track, and remediate vulnerabilities. Learn more about [vulnerability assessment](sql-azure-vulnerability-assessment-overview.md).
 - [Threat protection](#advanced-threat-protection): Receive detailed security alerts and recommended actions based on SQL Advanced Threat Protection to provide to mitigate threats. Learn more about [SQL Advanced Threat Protection](/azure/azure-sql/database/threat-detection-overview).
-- Identify sensitive information: Create a custom policy to label and classify sensitive information stored in your databases. Learn more about [SQL information protection](sql-information-protection-policy.md).
 
 When you enable **Microsoft Defender for Azure SQL**, all supported resources that exist within the subscription are protected. Future resources created on the same subscription will also be protected.
 

articles/defender-for-cloud/media/defender-for-sql-azure-vulnerability-assessment/opening-sql-configuration.png

@@ -61,6 +61,9 @@ To enable vulnerability assessment without a storage account, use the express co
 
 Now you can go to the [**SQL databases should have vulnerability findings resolved**](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_AzureDefenderForData/SqlVaServersRecommendationDetailsBlade/assessmentKey/82e20e14-edc5-4373-bfc4-f13121257c37) recommendation to see the vulnerabilities found in your databases. You can also run on-demand vulnerability assessment scans to see the current findings.
 
+> [!NOTE] 
+> Each database is randomly assigned a scan time on a set day of the week. Email notifications are scheduled randomly per server on a set day of the week. The email notification report includes data from all recurring database scans that were executed during the preceding week (does not include on-demand scans).
+
 #### Enable express vulnerability assessment at scale
 
 If you have SQL resources that do not have Advanced Threat Protection and vulnerability assessment enable, you can use the [SQL vulnerability assessment APIs](sql-azure-vulnerability-assessment-manage.md#manage-vulnerability-assessments-programmatically) to enable SQL vulnerability assessment with the express configuration at scale.
@@ -84,7 +87,7 @@ To enable vulnerability assessment with a storage account, use the classic confi
     1. Configure a storage account where your scan results for all databases on the server or managed instance will be stored. For information about storage accounts, see [About Azure storage accounts](/azure/storage/common/storage-account-create).
 
     1. To configure vulnerability assessments to automatically run weekly scans to detect security misconfigurations, set **Periodic recurring scans** to **On**. The results are sent to the email addresses you provide in **Send scan reports to**. You can also send email notification to admins and subscription owners by enabling **Also send email notification to admins and subscription owners**.
-    
+
        > [!NOTE] 
        > Each database is randomly assigned a scan time on a set day of the week. Email notifications are scheduled randomly per server on a set day of the week. The email notification report includes data from all recurring database scans that were executed during the preceding week (does not include on-demand scans).
 

articles/defender-for-cloud/sql-azure-vulnerability-assessment-enable.md

@@ -47,19 +47,19 @@ SQL vulnerability assessment queries the SQL server using publicly available que
 
 ### On-demand vulnerability scans
 
-1. SQL vulnerability assessment scans can also be run on-demand:
+You can run SQL vulnerability assessment scans on-demand:
 
-    1. From the resource's **Defender for Cloud** page, select **View additional findings in Vulnerability Assessment** to access the scan results from previous scans.
+1. From the resource's **Defender for Cloud** page, select **View additional findings in Vulnerability Assessment** to access the scan results from previous scans.
 
-        :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/view-additional-findings-link.png" alt-text="Opening the scan results and manual scan options.":::
+    :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/view-additional-findings-link.png" alt-text="Opening the scan results and manual scan options.":::
 
-    1. To run an on-demand scan to scan your database for vulnerabilities, select **Scan** from the toolbar:
+1. To run an on-demand scan to scan your database for vulnerabilities, select **Scan** from the toolbar:
 
-        :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/on-demand-vulnerability-scan.png" alt-text="Select scan to run an on-demand vulnerability assessment scan of your SQL resource":::
+    :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/on-demand-vulnerability-scan.png" alt-text="Select scan to run an on-demand vulnerability assessment scan of your SQL resource":::
 
 
-  > [!NOTE]
-  > The scan is lightweight and safe. It takes a few seconds to run and is entirely read-only. It doesn't make any changes to your database.
+> [!NOTE]
+> The scan is lightweight and safe. It takes a few seconds to run and is entirely read-only. It doesn't make any changes to your database.
 
 ### Remediate vulnerabilities
 
@@ -120,27 +120,19 @@ SQL vulnerability assessment allows you to specify the region where your data wi
 
 ### Run on-demand vulnerability scans
 
-SQL vulnerability assessment scans can also be run on-demand: 
+You can run SQL vulnerability assessment scans on-demand:
 
-From the resource's Defender for Cloud page, select View additional findings in vulnerability assessment to access the scan results from previous scans. 
+1. From the resource's **Defender for Cloud** page, select **View additional findings in Vulnerability Assessment** to access the scan results from previous scans.
 
-To run an on-demand scan to scan your database for vulnerabilities, select Scan from the toolbar: 
+    :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/view-additional-findings-link.png" alt-text="Opening the scan results and manual scan options.":::
 
-### Run on-demand scans
+1. To run an on-demand scan to scan your database for vulnerabilities, select **Scan** from the toolbar:
 
-1. SQL vulnerability assessment scans can also be run on-demand:
+    :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/on-demand-vulnerability-scan.png" alt-text="Select scan to run an on-demand vulnerability assessment scan of your SQL resource":::
 
-    1. From the resource's **Defender for Cloud** page, select **View additional findings in Vulnerability Assessment** to access the scan results from previous scans.
 
-        :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/view-additional-findings-link.png" alt-text="Opening the scan results and manual scan options.":::
-
-    1. To run an on-demand scan to scan your database for vulnerabilities, select **Scan** from the toolbar:
-
-        :::image type="content" source="media/defender-for-sql-azure-vulnerability-assessment/on-demand-vulnerability-scan.png" alt-text="Select scan to run an on-demand vulnerability assessment scan of your SQL resource":::
-
-
-  > [!NOTE]
-  > The scan is lightweight and safe. It takes a few seconds to run and is entirely read-only. It doesn't make any changes to your database.
+> [!NOTE]
+> The scan is lightweight and safe. It takes a few seconds to run and is entirely read-only. It doesn't make any changes to your database.
 
 ### Remediate vulnerabilities
 

articles/defender-for-cloud/sql-azure-vulnerability-assessment-find.md

@@ -62,9 +62,7 @@ To create a rule:
 
 ## Configure email notifications using Azure Logic Apps
 
-To receive regular updates of the vulnerability assessment status for your database, you can use the following customizable Azure Logic Apps template:
-
-https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation/Notify-SQLVulnerabilityReport
+To receive regular updates of the vulnerability assessment status for your database, you can use the [customizable Azure Logic Apps template](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation/Notify-SQLVulnerabilityReport).
 
 Using the template will allow you to:
 
@@ -90,7 +88,7 @@ The express configuration is supported in the latest REST API version with the f
 | Execute manual scan                                           | User Database   | [Database Sql Vulnerability Assessment Execute Scan](/rest/api/sql/2022-05-01-preview/database-sql-vulnerability-assessment-execute-scan)                                                                                                                |
 | Execute manual scan                                           | System Database | [Sql Vulnerability Assessment Execute Scan](/rest/api/sql/2022-05-01-preview/sql-vulnerability-assessment-execute-scan)                                                                                                                                  |
 | VA settings (GET only is supported for Express Configuration) | User Database   | [Database Sql Vulnerability Assessments Settings](/rest/api/sql/2022-05-01-preview/database-sql-vulnerability-assessments-settings)                                                                                                                      |
-| VA Settings operations                                        | Server          | [Sql Vulnerability Assessments Settings](/rest/api/sql/2022-05-01-preview/sql-vulnerability-assessments-settings)<br>[Sql Vulnerability Assessments](/rest/api/sql/2022-05-01-preview/sql-vulnerability-assessments                                      |
+| VA Settings operations                                        | Server          | [Sql Vulnerability Assessments Settings](/rest/api/sql/2022-05-01-preview/sql-vulnerability-assessments-settings)<br>[Sql Vulnerability Assessments](/rest/api/sql/2022-05-01-preview/sql-vulnerability-assessments)                                      |
 
 ### Using Resource Manager templates
 
@@ -229,14 +227,16 @@ To change an Azure SQL database from the express vulnerability assessment config
 
 ### Errors
 
-- “Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version” Error:
+“Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version”
+
+Possible causes:
+
+- Switching to express configuration failed due to a server policy error. This could be due to a transient operation.
 
-   **Cause**: Switching to express configuration failed due to a server policy error. This could be due to a transient operation.
    **Solution**: Try again to enable the express configuration. If the issue persists, try to disable the Microsoft Defender for SQL in the Azure SQL resource, select **Save**, enable Microsoft Defender for SQL again, and select **Save**.
 
-- Switching to express configuration failed due to a database policy error:
+- Switching to express configuration failed due to a database policy error. Database policies aren't visible in the Azure portal for Defender for SQL vulnerability assessment, so we check for them during the validation stage of switching to express configuration.
 
-   **Cause**: Database policies aren't visible in the Azure portal for Defender for SQL vulnerability assessment, so we check for them during the validation stage of switching to express configuration.
    **Solution**: Disable all database policies for the relevant server and then try to switch to express configuration again.
 
 ### [Classic configuration](#tab/classic)