Merge pull request #270337 from dcurwin/fix-formatting-march27-2024

fix formatting

Author: PMEds28

articles/defender-for-cloud/faq-general.yml

@@ -165,7 +165,7 @@ sections:
           - The Azure Management app ID (797f4846-ba00-4fd7-ba43-dac1f8f63013), or all apps, are included in the **Apps** section of your MFA CA policy
           - The Azure Management app ID isn't excluded in the **Apps** section of your MFA CA policy
           - OR condition is used with only MFA, or AND condition is used with MFA 
-          - A Conditional Access policy enforcing MFA through [Authentication Strengths](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-strengths) is currently not supported in our evaluation
+          - A Conditional Access policy enforcing MFA through [Authentication Strengths](/entra/identity/authentication/concept-authentication-strengths) is currently not supported in our evaluation.
  
       - question: |
           We're using a third-party MFA tool to enforce MFA. Why do we still get the Defender for Cloud recommendations?

articles/defender-for-cloud/how-to-manage-cloud-security-explorer.md

@@ -62,12 +62,12 @@ The cloud security explorer allows you to build queries that can proactively hun
 
     :::image type="content" source="media/concept-cloud-map/cloud-security-explorer-main-page.png" alt-text="Screenshot of the cloud security explorer page." lightbox="media/concept-cloud-map/cloud-security-explorer-main-page.png":::
 
-1. Search for and select a resource from the drop-down menu. 
+1. Search for and select a resource from the drop-down menu.
 
       :::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-select-resource.png" alt-text="Screenshot of the resource drop-down menu." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-select-resource.png":::
 
 1. Select **+** to add other filters to your query.
-    
+
     :::image type="content" source="media/how-to-manage-cloud-security/cloud-security-explorer-query-search.png" alt-text="Screenshot that shows a full query and where to select on the screen to perform the search." lightbox="media/how-to-manage-cloud-security/cloud-security-explorer-query-search.png":::
 
 1. Add subfilters as needed.

articles/defender-for-cloud/how-to-transition-to-built-in.md

@@ -10,7 +10,7 @@ ms.date: 01/09/2024
 # Transition to Microsoft Defender Vulnerability Management for servers
 
 > [!IMPORTANT]
-> Defender for Server's vulnerability assessment solution powered by Qualys, is on a retirement path that is set to complete on **May 1st, 2024**. If you are a currently using the built-in vulnerability assessment powered by Qualys, you should plan to transition to the Microsoft Defender Vulnerability Management vulnerability scanning using the steps on this page. 
+> Defender for Server's vulnerability assessment solution powered by Qualys, is on a retirement path that is set to complete on **May 1st, 2024**. If you are a currently using the built-in vulnerability assessment powered by Qualys, you should plan to transition to the Microsoft Defender Vulnerability Management vulnerability scanning using the steps on this page.
 >
 > For more information about our decision to unify our vulnerability assessment offering with Microsoft Defender Vulnerability Management, see [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
 >
@@ -26,13 +26,13 @@ To transition to the integrated Defender Vulnerability Management solution, you
 - [Transition with Defender for Cloud’s portal](#transition-with-defender-for-clouds-portal)
 - [Transition with REST API](#transition-with-rest-api)
 
-## Transition with Azure policy (for Azure VMs) 
+## Transition with Azure policy (for Azure VMs)
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 
 1. Navigate to **Policy** > **Definitions**.
 
-1. Search for `Setup subscriptions to transition to an alternative vulnerability assessment solution`. 
+1. Search for `Setup subscriptions to transition to an alternative vulnerability assessment solution`.
 
 1. Select **Assign**.
 
@@ -41,18 +41,18 @@ To transition to the integrated Defender Vulnerability Management solution, you
 1. Select **Review + create**.
 
 1. Review the information you entered and select **Create**.
- 
+
 This policy ensures that all Virtual Machines (VM) within a selected subscription are safeguarded with the built-in Defender Vulnerability Management solution.
 
 Once you complete the transition to the Defender Vulnerability Management solution, you need to [Remove the old vulnerability assessment solution](#remove-the-old-vulnerability-assessment-solution)
 
-## Transition with Defender for Cloud’s portal 
+## Transition with Defender for Cloud’s portal
 
-In the Defender for Cloud portal, you have the ability to change the vulnerability assessment solution to the built-in Defender Vulnerability Management solution. 
+In the Defender for Cloud portal, you have the ability to change the vulnerability assessment solution to the built-in Defender Vulnerability Management solution.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 
-1. Navigate to **Microsoft Defender for Cloud** > **Environment settings** 
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**
 
 1. Select the relevant subscription.
 
@@ -68,7 +68,7 @@ In the Defender for Cloud portal, you have the ability to change the vulnerabili
 
 1. Select **Microsoft Defender Vulnerability Management**.
 
-1. Select **Apply**. 
+1. Select **Apply**.
 
 1. Ensure that `Endpoint protection` or `Agentless scanning for machines` are toggled to **On**.
 

articles/defender-for-cloud/implement-security-recommendations.md

@@ -58,7 +58,7 @@ In addition to risk level, we recommend that you prioritize the security control
 
 ## Use the Fix option
 
-To simplify remediation and improve your environment's security (and increase your secure score), many recommendations include a **Fix** option to help you quickly remediate a recommendation on multiple resources. If the Fix button isn't present in the recommendation, then there's no option to apply a quick fix. 
+To simplify remediation and improve your environment's security (and increase your secure score), many recommendations include a **Fix** option to help you quickly remediate a recommendation on multiple resources. If the Fix button isn't present in the recommendation, then there's no option to apply a quick fix.
 
 **To remediate a recommendation with the Fix button**:
 

articles/defender-for-cloud/investigate-resource-health.md

@@ -21,6 +21,7 @@ This single page, currently in preview, in Defender for Cloud's portal pages sho
 In this tutorial you'll learn how to:
 
 > [!div class="checklist"]
+>
 > - Access the resource health page for all resource types
 > - Evaluate the outstanding security issues for a resource
 > - Improve the security posture for the resource

articles/defender-for-cloud/just-in-time-access-usage.md

@@ -38,7 +38,7 @@ In this article, you learn how to include JIT in your security program, includin
 
     | To enable a user to: | Permissions to set|
     | --- | --- |
-    |Configure or edit a JIT policy for a VM | *Assign these actions to the role:*  <ul><li>On the scope of a subscription (or resource group when using API or PowerShell only) that is associated with the VM:<br/> `Microsoft.Security/locations/jitNetworkAccessPolicies/write` </li><li> On the scope of a subscription (or resource group when using API or PowerShell only) of VM: <br/>`Microsoft.Compute/virtualMachines/write`</li></ul> | 
+    |Configure or edit a JIT policy for a VM | *Assign these actions to the role:*  <ul><li>On the scope of a subscription (or resource group when using API or PowerShell only) that is associated with the VM:<br/> `Microsoft.Security/locations/jitNetworkAccessPolicies/write` </li><li> On the scope of a subscription (or resource group when using API or PowerShell only) of VM: <br/>`Microsoft.Compute/virtualMachines/write`</li></ul> |
     |Request JIT access to a VM | *Assign these actions to the user:*  <ul><li> `Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action` </li><li> `Microsoft.Security/locations/jitNetworkAccessPolicies/*/read` </li><li> `Microsoft.Compute/virtualMachines/read` </li><li> `Microsoft.Network/networkInterfaces/*/read` </li> <li> `Microsoft.Network/publicIPAddresses/read` </li></ul> |
     |Read JIT policies| *Assign these actions to the user:*  <ul><li>`Microsoft.Security/locations/jitNetworkAccessPolicies/read`</li><li>`Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action`</li><li>`Microsoft.Security/policies/read`</li><li>`Microsoft.Security/pricings/read`</li><li>`Microsoft.Compute/virtualMachines/read`</li><li>`Microsoft.Network/*/read`</li>|
 
@@ -48,7 +48,7 @@ In this article, you learn how to include JIT in your security program, includin
 - To set up JIT on your Amazon Web Service (AWS) VM, you need to [connect your AWS account](quickstart-onboard-aws.md) to Microsoft Defender for Cloud.
 
     > [!TIP]
-    > To create a least-privileged role for users that need to request JIT access to a VM, and perform no other JIT operations, use the [Set-JitLeastPrivilegedRole script](https://github.com/Azure/Azure-Security-Center/tree/main/Powershell%20scripts/JIT%20Scripts/JIT%20Custom%20Role) from the Defender for Cloud GitHub community pages. 
+    > To create a least-privileged role for users that need to request JIT access to a VM, and perform no other JIT operations, use the [Set-JitLeastPrivilegedRole script](https://github.com/Azure/Azure-Security-Center/tree/main/Powershell%20scripts/JIT%20Scripts/JIT%20Custom%20Role) from the Defender for Cloud GitHub community pages.
 
   > [!NOTE]
   > In order to successfully create a custom JIT policy, the policy name, together with the targeted VM name, must not exceed a total of 56 characters.
@@ -60,15 +60,15 @@ You can use Defender for Cloud or you can programmatically enable JIT VM access
 **Just-in-time VM access** shows your VMs grouped into:
 
 - **Configured** - VMs configured to support just-in-time VM access, and shows:
-    - the number of approved JIT requests in the last seven days
-    - the last access date and time
-    - the connection details configured
-    - the last user
+  - the number of approved JIT requests in the last seven days
+  - the last access date and time
+  - the connection details configured
+  - the last user
 - **Not configured** - VMs without JIT enabled, but that can support JIT. We recommend that you enable JIT for these VMs.
 - **Unsupported** - VMs that don't support JIT because:
-    - Missing network security group (NSG) or Azure Firewall - JIT requires an NSG to be configured or a Firewall configuration (or both)
-    - Classic VM - JIT supports VMs that are deployed through Azure Resource Manager. [Learn more about classic vs Azure Resource Manager deployment models](../azure-resource-manager/management/deployment-models.md).
-    - Other - The JIT solution is disabled in the security policy of the subscription or the resource group.
+  - Missing network security group (NSG) or Azure Firewall - JIT requires an NSG to be configured or a Firewall configuration (or both)
+  - Classic VM - JIT supports VMs that are deployed through Azure Resource Manager. [Learn more about classic vs Azure Resource Manager deployment models](../azure-resource-manager/management/deployment-models.md).
+  - Other - The JIT solution is disabled in the security policy of the subscription or the resource group.
 
 ### Enable JIT on your VMs from Microsoft Defender for Cloud
 

articles/defender-for-cloud/multicloud-resource-types-support-foundational-cspm.md

@@ -11,17 +11,17 @@ ms.date: 02/29/2024
 
 ## Resource types supported in AWS
 
-| Provider Namespace | Resource Type Name | 
+| Provider Namespace | Resource Type Name |
 |----|----|
 | AccessAnalyzer | AnalyzerSummary |
-| ApiGateway | Stage | 
+| ApiGateway | Stage |
 | AppSync | GraphqlApi |
 | ApplicationAutoScaling | ScalableTarget |
 | AutoScaling | AutoScalingGroup |
 | AWS | Account |
 | AWS | AccountInRegion |
 | CertificateManager | CertificateTags |
-| CertificateManager | CertificateDetail | 
+| CertificateManager | CertificateDetail |
 | CertificateManager | CertificateSummary |
 | CloudFormation | StackSummary |
 | CloudFormation | StackTemplate |
@@ -40,10 +40,10 @@ ms.date: 02/29/2024
 | CloudWatchLogs | LogGroup |
 | CloudWatchLogs | MetricFilter |
 | CodeBuild | Project |
-| CodeBuild | ProjectName | 
+| CodeBuild | ProjectName |
 | CodeBuild | SourceCredentialsInfo |
 | ConfigService | ConfigurationRecorder |
-| ConfigService | ConfigurationRecorderStatus | 
+| ConfigService | ConfigurationRecorderStatus |
 | ConfigService | DeliveryChannel |
 | DAX | Cluster |
 | DAX | ClusterTags |
@@ -62,20 +62,20 @@ ms.date: 02/29/2024
 | EC2 | AccountAttribute |
 | EC2 | Address |
 | EC2 | CreateVolumePermission |
-| EC2 | EbsEncryptionByDefault | 
+| EC2 | EbsEncryptionByDefault |
 | EC2 | FlowLog |
 | EC2 | Image |
 | EC2 | InstanceStatus |
 | EC2 | InstanceTypeInfo |
 | EC2 | NetworkAcl |
 | EC2 | NetworkInterface |
-| EC2 | Region | 
+| EC2 | Region |
 | EC2 | Reservation |
 | EC2 | RouteTable |
 | EC2 | SecurityGroup |
 | ECR | Image |
 | ECR | Repository |
-| ECR | RepositoryPolicy | 
+| ECR | RepositoryPolicy |
 | ECS | TaskDefinition |
 | ECS | ServiceArn |
 | ECS | Service |
@@ -121,7 +121,7 @@ ms.date: 02/29/2024
 | Iam | ManagedPolicy |
 | Iam | ManagedPolicy |
 | Iam | AccessKeyLastUsed |
-| Iam | AccessKeyMetadata | 
+| Iam | AccessKeyMetadata |
 | Iam | PolicyVersion |
 | Iam | PolicyVersion |
 | Internal | Iam_EntitiesForPolicy |
@@ -133,7 +133,7 @@ ms.date: 02/29/2024
 | KMS | KeyPolicy |
 | KMS | KeyMetadata |
 | KMS | KeyListEntry |
-| KMS| AliasListEntry | 
+| KMS| AliasListEntry |
 | Lambda | FunctionCodeLocation |
 | Lambda | FunctionConfiguration|
 | Lambda | FunctionPolicy |
@@ -156,9 +156,9 @@ ms.date: 02/29/2024
 | RDS | DBClusterSnapshotAttributesResult |
 | RedShift | LoggingStatus |
 | RedShift | Parameter |
-| Redshift | Cluster | 
+| Redshift | Cluster |
 | Route53 | HostedZone |
-| Route53 | ResourceRecordSet | 
+| Route53 | ResourceRecordSet |
 | Route53Domains | DomainSummary |
 | S3 | S3Region |
 | S3 | S3BucketTags |
@@ -169,7 +169,7 @@ ms.date: 02/29/2024
 | S3 | BucketVersioning |
 | S3 | LifecycleConfiguration |
 | S3 | PolicyStatus |
-| S3 | ReplicationConfiguration | 
+| S3 | ReplicationConfiguration |
 | S3 | S3AccessControlList |
 | S3 | S3BucketLoggingConfig |
 | S3Control | PublicAccessBlockConfiguration |
@@ -178,12 +178,12 @@ ms.date: 02/29/2024
 | SNS | TopicAttributes |
 | SNS | TopicTags |
 | SQS | Queue |
-| SQS | QueueAttributes | 
+| SQS | QueueAttributes |
 | SQS | QueueTags |
 | SageMaker | NotebookInstanceSummary |
 | SageMaker | DescribeNotebookInstanceTags |
 | SageMaker | DescribeNotebookInstanceResponse |
-| SecretsManager | SecretResourcePolicy | 
+| SecretsManager | SecretResourcePolicy |
 | SecretsManager | SecretListEntry |
 | SecretsManager | DescribeSecretResponse |
 | SimpleSystemsManagement | ParameterMetadata |
@@ -198,8 +198,8 @@ ms.date: 02/29/2024
 
 ## Resource types supported in GCP
 
-| Provider Namespace | Resource Type Name | 
-|----|----| 
+| Provider Namespace | Resource Type Name |
+|----|----|
 | ApiKeys | Key |
 | ArtifactRegistry | Image |
 | ArtifactRegistry | Repository |