Apply suggestions from Elazar's review

Co-authored-by: Elazar Krieger <[email protected]>

Author: Shereen-Bhar

articles/defender-for-cloud/concept-agentless-containers.md

@@ -3,32 +3,32 @@ title: Agentless Container Posture for Microsoft Defender for Cloud
 description: Learn how Agentless Container Posture offers discovery and visibility for Containers without installing an agent on your machines.
 ms.service: defender-for-cloud
 ms.topic: conceptual
-ms.date: 04/03/2023
+ms.date: 04/16/2023
 ms.custom: template-concept
 ---
 
 # Agentless Container Posture (Preview)
 
-Identify security risks in containers and Kubernetes realms with an agentless discovery and visibility capability across SDLC and runtime.
+You can identify security risks that exist in containers and Kubernetes realms with the agentless discovery and visibility capability across SDLC and runtime.
 
-With container vulnerability assessment insights as part of [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md) and Kubernetes [Attack Path](attack-path-reference.md#azure-containers) analysis, you can maximize coverage on container posture issues and extend beyond the reach of agent-based assessments, providing a holistic approach to your posture improvement.
+You can maximize the coverage of your container posture issues and extend your protection beyond the reach of agent-based assessments, with container vulnerability assessment insights as part of [Cloud Security Explorer](how-to-manage-cloud-security-explorer.md) and Kubernetes [Attack Path](attack-path-reference.md#azure-containers) analysis, to provide a holistic approach to your posture improvement.
 
 Learn more about [Cloud Security Posture Management](concept-cloud-security-posture-management.md).
 
 > [!IMPORTANT]
-> The Agentless Container Posture preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. Agentless Container Posture previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use.
+> The Agentless Container Posture preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available" and are excluded from the service-level agreements and limited warranty. Agentless Container Posture previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use.
 
 ## Capabilities
 
 Agentless Container Posture provides the following capabilities:
 
 - Using Kubernetes Attack Path analysis to visualize risks and threats to Kubernetes environments.
 - Using Cloud Security Explorer for risk hunting by querying various risk scenarios.
-- Viewing security insights, such as internet exposure, and other pre-defined security scenarios. For more information, search for "Kubernetes" in the [list of Insights](attack-path-reference.md#insights).
+- Viewing security insights, such as internet exposure, and other pre-defined security scenarios. For more information, search for `Kubernetes` in the [list of Insights](attack-path-reference.md#insights).
 - Agentless discovery and visibility within Kubernetes components.
 - Agentless container registry vulnerability assessment, using the image scanning results of your Azure Container Registry (ACR) with Cloud Security Explorer.
 
-    A [vulnerability assessment](defender-for-containers-vulnerability-assessment-azure.md) for Containers in Defender Cloud Security Posture Management (CSPM) gives you frictionless, wide, and instant visibility on actionable posture issues without installed agents, network connectivity requirements, or container performance impact.
+    [Vulnerability assessment](defender-for-containers-vulnerability-assessment-azure.md) for Containers in Defender Cloud Security Posture Management (CSPM) gives you frictionless, wide, and instant visibility on actionable posture issues without the need for installed agents, network connectivity requirements, or container performance impact.
 
 All of these capabilities are available as part of the [Defender Cloud Security Posture Management](concept-cloud-security-posture-management.md) plan.
 
@@ -46,27 +46,28 @@ All of these capabilities are available as part of the [Defender Cloud Security
 
 You need to have access as a Subscription Owner, or, User Access Admin as well as Security Admin permissions for the Azure subscription used for onboarding.
 
-### Environment requirements
 
 You need to have a Defender for CSPM plan enabled. There's no dependency on Defender for Containers​.
 
 Learn more about [trusted versions that AKS supports](/azure/aks/supported-kubernetes-versions?tabs=azure-cli).
 
-## Onboarding Agentless Containers for CSPM
+## Onboard Agentless Containers for CSPM
 
 Before starting the onboarding process, make sure you have [a subscription onboarded to the Defender CSPM plan](enable-enhanced-security.md#enable-enhanced-security-features-on-a-subscription).
 
 1. In the Azure portal, navigate to the Defender for Cloud's **Environment Settings** page.
 
 1. Select the subscription that's onboarded to the Defender CSPM plan, then select **Settings**.
 
-1. Toggle on the **Agentless discovery for Kubernetes** and **Container registries vulnerability assessments** extensions, then select **Continue**. For example:
+1. Ensure the **Agentless discovery for Kubernetes** and **Container registries vulnerability assessments** extensions are toggled to **On**.
+
+1. Select **Continue**.
 
     :::image type="content" source="media/concept-agentless-containers/settings-continue.png" alt-text="Screenshot of selecting agentless discovery for Kubernetes and Container registries vulnerability assessments." lightbox="media/concept-agentless-containers/settings-continue.png":::
 
-1. In the Defender plans page, select **Save**.
+1. Select **Save**.
 
-Verify that the settings were saved successfully - a notification message pops up in the top right corner.
+A notification message pops up in the top right corner that will verify that the settings were saved successfully.
 
 ### Container registries vulnerability assessments recommendations
 
@@ -82,9 +83,9 @@ The system’s architecture is based on a snapshot mechanism at intervals.
 
 By enabling the Agentless discovery for Kubernetes extension, the following process occurs:
 
-1. **Create**: MDC (Microsoft Defender for Cloud) creates an identity in customer environments called CloudPosture/securityOperator/DefenderCSPMSecurityOperator.
+- **Create**: MDC (Microsoft Defender for Cloud) creates an identity in customer environments called CloudPosture/securityOperator/DefenderCSPMSecurityOperator.
 
-1. **Assign**: MDC assigns 1 built-in role called **Kubernetes Agentless Operator** to that identity on subscription scope.
+- **Assign**: MDC assigns 1 built-in role called **Kubernetes Agentless Operator** to that identity on subscription scope.
 
     The role contains the following permissions:
     - AKS read (Microsoft.ContainerService/managedClusters/read)
@@ -95,13 +96,13 @@ By enabling the Agentless discovery for Kubernetes extension, the following proc
 
         Learn more about [AKS Trusted Access](/azure/aks/trusted-access-feature).
 
-1. **Discover**: Using the system assigned identity, MDC performs a discovery of the AKS clusters in your environment using API calls to the API server of AKS.
+- **Discover**: Using the system assigned identity, MDC performs a discovery of the AKS clusters in your environment using API calls to the API server of AKS.
 
-1. **Bind**: Upon discovery of an AKS cluster, MDC performs an AKS bind operation between the created identity and the Kubernetes role “Microsoft.Security/pricings/microsoft-defender-operator”. The role is visible via API and gives MDC data plane read permission inside the cluster.
+- **Bind**: Upon discovery of an AKS cluster, MDC performs an AKS bind operation between the created identity and the Kubernetes role “Microsoft.Security/pricings/microsoft-defender-operator”. The role is visible via API and gives MDC data plane read permission inside the cluster.
 
 ## Refresh intervals
 
-Agentless information in Defender CSPM is updated once an hour via snapshotting mechanism. It can take up to **24 hours** to see results in Cloud Security Explorer and Attack Path.
+Agentless information in Defender CSPM is updated once an hour through a snapshot mechanism. It can take up to **24 hours** to see results in Cloud Security Explorer and Attack Path.
 
 ## Next steps
 

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -36,15 +36,15 @@ When a scan is triggered, findings are available as Defender for Cloud recommend
 
 Before you can scan your ACR images:
 
-- Enable one of the following plans for your subscription:
+- YOu must enable one of the following plans on your subscription:
 
-    - [Defender CSPM](concept-cloud-security-posture-management.md). Make sure to also enable the Container registries vulnerability assessments (preview) extension.
-    - [Defender for Containers](defender-for-containers-enable.md). Defender for Containers is now ready to scan images in your registries.
+    - [Defender CSPM](concept-cloud-security-posture-management.md). When you enable this plan, ensure you enable the **Container registries vulnerability assessments (preview)** extension.
+    - [Defender for Containers](defender-for-containers-enable.md).
 
         >[!NOTE]
         > This feature is charged per image.
 
-- If you want to find vulnerabilities in images stored in other container registries, you can import the images into ACR and scan them.
+To find vulnerabilities in images stored in other container registries, you can import the images into ACR and scan them.
 
     Use the ACR tools to bring images to your registry from Docker Hub or Microsoft Container Registry. When the import completes, the imported images are scanned by the built-in vulnerability assessment solution.
 

articles/defender-for-cloud/release-notes.md

@@ -26,11 +26,11 @@ Updates in April include:
 
 ### Agentless Container Posture in Defender CSPM (Preview)
 
-The new Agentless Container Posture (Preview) capabilities are available in preview as part of the Defender CSPM (Cloud Security Posture Management) plan.
+The new Agentless Container Posture (Preview) capabilities are available as part of the Defender CSPM (Cloud Security Posture Management) plan.
 
 Agentless Container Posture allows security teams to identify security risks in containers and Kubernetes realms. An agentless approach allows security teams to gain visibility into their Kubernetes and containers registries across SDLC and runtime, removing friction and footprint from the workloads.
 
-Agentless Container Posture offer out-of-the-box container vulnerability assessments that, combined with attack path analysis, enable security teams to prioritize and zoom into specific container vulnerabilities. You can also use cloud security explorer to uncover risks and hunt for container posture insights, such as discovery of applications running vulnerable images or exposed to the internet.
+Agentless Container Posture offers container vulnerability assessments that, combined with attack path analysis, enable security teams to prioritize and zoom into specific container vulnerabilities. You can also use cloud security explorer to uncover risks and hunt for container posture insights, such as discovery of applications running vulnerable images or exposed to the internet.
 
 Learn more at [Agentless Container Posture (Preview)](concept-agentless-containers.md).