Merge pull request #234667 from rayne-wiselman/rayne-dataposture

fixing Moran's changes

Author: prmerger-automator[bot]

articles/defender-for-cloud/concept-data-security-posture-prepare.md

@@ -18,7 +18,7 @@ Sensitive data discovery is available in the Defender CSPM and Defender for Stor
 
 - When you enable one of the plans, the sensitive data discovery extension is turned on as part of the plan.
 - If you have existing plans running, the extension is available, but turned off by default.
-- Existing plan status shows as “Partial” rather than “Full” until the feature is turned on manually.
+- Existing plan status shows as “Partial” rather than “Full” if one or more extensions aren't turned on.
 - The feature is turned on at the subscription level.
 
 
@@ -36,7 +36,7 @@ What Azure regions are supported? | You can discover Azure storage accounts in:<
 What AWS regions are supported? | Asia Pacific (Mumbai); Asia Pacific (Singapore); Asia Pacific (Sydney); Asia Pacific (Tokyo); Canada (Central); Europe (Frankfurt); Europe (Ireland); Europe (London); Europe (Paris); South America (São Paulo); US East (Ohio); US East (N. Virginia); US West (N. California): US West (Oregon).<br/><br/> Discovery is done locally in the region.
 Do I need to install an agent? | No, discovery is agentless.
 What's the cost? | The feature is included with the Defender CSPM and Defender for Storage plans, and doesn’t include other costs except for the respective plan costs.
-What permissions do I need to edit data sensitivity settings? | You need one of these permissions: Global Administrator,  Compliance Administrator, Compliance Data Administrator, Security Administrator, Security Operator.
+What permissions do I need to view/edit data sensitivity settings? | You need one of these permissions: Global Administrator,  Compliance Administrator, Compliance Data Administrator, Security Administrator, Security Operator.
 
 
 ## Configuring data sensitivity settings
@@ -57,12 +57,12 @@ Defender for Cloud starts discovering data immediately after enabling a plan, or
 - A new Azure storage account that's added to an already discovered subscription is discovered within 24 hours or less.
 - A new AWS S3 bucket that's added to an already discovered AWS account is discovered within 48 hours or less.
 
-### Discovering AWS storage
+### Discovering AWS S3 buckets
 
 In order to protect AWS resources in Defender for Cloud, you set up an AWS connector, using a CloudFormation template to onboard the AWS account.
 
 - To discover AWS data resources, Defender for Cloud updates the CloudFormation template.
-- The CloudFormation template creates a new role in AWS IAM, to allow permission for the Defender for Cloud scanner to access data in the S3 buckets. 
+- The CloudFormation template creates a new role in AWS IAM, to allow permission for the Defender for Cloud scanner to access data in the S3 buckets.
 - To connect AWS accounts, you need Administrator permissions on the account.
 - The role allows these permissions: S3 read only; KMS decrypt.
 

articles/defender-for-cloud/data-security-posture-enable.md

@@ -34,7 +34,7 @@ Follow these steps to enable data-aware security posture. Don't forget to review
 
 ### Before you start
 
-- Don't forget to: [review the requirements](concept-data-security-posture-prepare.md#discovering-aws-storage) for AWS discovery, and [required permissions](concept-data-security-posture-prepare.md#whats-supported).
+- Don't forget to: [review the requirements](concept-data-security-posture-prepare.md#discovering-aws-s3-buckets) for AWS discovery, and [required permissions](concept-data-security-posture-prepare.md#whats-supported).
 - Check that there's no policy that blocks the connection to your Amazon S3 buckets.
 
 ### Enable for AWS resources