Merge pull request #92421 from TerryLanfear/oct1719

tiburd · web-flow · commit a2a57dc49ae1 · 2019-10-18T14:33:43.000-07:00
Oct1719
diff --git a/articles/security/fundamentals/TOC.yml b/articles/security/fundamentals/TOC.yml
@@ -123,13 +123,6 @@
       href: paas-applications-using-sql.md
   - name: IoT
     href: iot-overview.md
-    items:
-    - name: IoT security best practices
-      href: https://docs.microsoft.com/azure/iot-accelerators/iot-security-best-practices?toc=/azure/security/toc.json&bc=/azure/security/breadcrumb/toc.json
-    - name: IoT security
-      href: https://docs.microsoft.com/azure/iot-accelerators/iot-security-architecture?toc=/azure/security/toc.json&bc=/azure/security/breadcrumb/toc.json#security-in-iot
-    - name: Secure your IoT deployment
-      href: https://docs.microsoft.com/azure/iot-accelerators/iot-accelerators-security-deployment?toc=/azure/security/toc.json&bc=/azure/security/breadcrumb/toc.json
   - name: Azure Service Fabric security
     href: service-fabric-overview.md
     items:
@@ -242,8 +235,8 @@
       href: ../blueprints/ukofficial-iaaswa-overview.md
     - name: PaaS web application
       href: ../blueprints/ukofficial-paaswa-overview.md
-- name: White papers
-  href: white-papers.md
+- name: Security white papers
+  href: https://azure.microsoft.com/resources/whitepapers/search/?term=security&type=WhitePaperResource
 - name: Azure security services
   href: services-technologies.md
 - name: Technical overviews
diff --git a/articles/security/fundamentals/infrastructure.md b/articles/security/fundamentals/infrastructure.md
@@ -4,7 +4,7 @@ description: The article describes how Microsoft works to secure our Azure datac
 services: security
 documentationcenter: na
 author: TerryLanfear
-manager: barbkess
+manager: rkarlin
 editor: TomSh
 
 ms.assetid: 61e95a87-39c5-48f5-aee6-6f90ddcd336e
@@ -14,14 +14,15 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 07/06/2018
+ms.date: 10/18/2019
 ms.author: terrylan
 
 ---
 
 # Azure infrastructure security
 Microsoft Azure runs in datacenters managed and operated by Microsoft. These geographically dispersed datacenters comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. The datacenters are managed, monitored, and administered by Microsoft operations staff. The operations staff has years of experience in delivering the world’s largest online services with 24 x 7 continuity.
 
+## Securing the Azure infrastructure
 This series of articles provides information about what Microsoft does to secure the Azure infrastructure. The articles address:
 
 - [Physical security](physical-security.md)
@@ -35,32 +36,8 @@ This series of articles provides information about what Microsoft does to secure
 - [Integrity](infrastructure-integrity.md)
 - [Data protection](protection-customer-data.md)
 
-## Shared responsibility model
-It’s important to understand the division of responsibility between you and Microsoft. On-premises, you own the whole stack, but as you move to the cloud, some responsibilities transfer to Microsoft. The following graphic illustrates the areas of responsibility, according to the type of deployment of your stack (software as a service [SaaS], platform as a service [PaaS], infrastructure as a service [IaaS], and on-premises).
-
-![Graphic showing responsibilities](./media/infrastructure/responsibility-zones.png)
-
-You are always responsible for the following, regardless of the type of deployment:
-
-- Data
-- Endpoints
-- Account
-- Access management
-
-Be sure that you understand the division of responsibility between you and Microsoft in a SaaS, PaaS, and IaaS deployment. For more information, see [Shared responsibilities for cloud computing](https://gallery.technet.microsoft.com/Shared-Responsibilities-81d0ff91/file/225237/1/Shared%20Responsibilities%20for%20Cloud%20Computing%20(2017-04-03).pdf).
-
 ## Next steps
-To learn more about what Microsoft does to help secure the Azure infrastructure, see:
-
-- [Azure facilities, premises, and physical security](physical-security.md)
-- [Azure infrastructure availability](infrastructure-availability.md)
-- [Azure information system components and boundaries](infrastructure-components.md)
-- [Azure network architecture](infrastructure-network.md)
-- [Azure production network](production-network.md)
-- [Azure SQL Database security features](infrastructure-sql.md)
-- [Azure production operations and management](infrastructure-operations.md)
-- [Azure infrastructure monitoring](infrastructure-monitoring.md)
-- [Azure infrastructure integrity](infrastructure-integrity.md)
-- [Azure customer data protection](protection-customer-data.md)
 
+- Understand your [shared responsibility in the cloud](shared-responsibility.md).
 
+- Learn how [Azure Security Center](https://azure.microsoft.com/services/security-center/) can help you prevent, detect, and respond to threats with increased visibility and control over the security of your Azure resources.
diff --git a/articles/security/fundamentals/overview.md b/articles/security/fundamentals/overview.md
@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 10/17/2019
+ms.date: 10/18/2019
 ms.author: TomSh
 
 ---
@@ -89,9 +89,9 @@ Azure Monitor logs can be a useful tool in forensic and other security analysis,
 [Azure Advisor](../../advisor/index.yml) is a personalized cloud consultant that helps you to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry. It then recommends solutions to help improve the [performance](../../advisor/advisor-performance-recommendations.md), [security](../../advisor/advisor-security-recommendations.md), and [high availability](../../advisor/advisor-high-availability-recommendations.md) of your resources while looking for opportunities to [reduce your overall Azure spend](../../advisor/advisor-cost-recommendations.md). Azure Advisor provides security recommendations, which can significantly improve your overall security posture for solutions you deploy in Azure. These recommendations are drawn from security analysis performed by [Azure Security Center.](../../security-center/security-center-intro.md)
 
 ### Azure Security Center
-[Azure Security Center](../../security-center/security-center-intro.md) helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
+[Security Center](../../security-center/security-center-intro.md) helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
 
-In addition, Azure Security Center helps with security operations by providing you a single dashboard that surfaces alerts and recommendations that can be acted upon immediately. Often, you can remediate issues with a single click within the Azure Security Center console.
+In addition, Security Center helps with security operations by providing you a single dashboard that surfaces alerts and recommendations that can be acted upon immediately. Often, you can remediate issues with a single click within the Security Center console.
 ## Applications
 The section provides additional information regarding key features in application security and summary information about these capabilities.
 
@@ -282,7 +282,7 @@ You can enable the following diagnostic log categories for NSGs:
 
 -	Rules counter: Contains entries for how many times each NSG rule is applied to deny or allow traffic.
 
-### Azure Security Center
+### Security Center
 [Azure Security Center](../../security-center/security-center-intro.md) continuously analyzes the security state of your Azure resources for network security best practices. When Security Center identifies potential security vulnerabilities, it creates [recommendations](../../security-center/security-center-recommendations.md) that guide you through the process of configuring the needed controls to harden and protect your resources.
 
 ## Compute
@@ -317,10 +317,7 @@ Virtual machines need network connectivity. To support that requirement, Azure r
 Patch Updates provide the basis for finding and fixing potential problems and simplify the software update management process, both by reducing the number of software updates you must deploy in your enterprise and by increasing your ability to monitor compliance.
 
 ### Security policy management and reporting
-[Azure Security Center](../../security-center/security-center-intro.md) helps you prevent, detect, and respond to threats, and provides you increased visibility into, and control over, the security of your Azure resources. It provides integrated Security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
-
-### Azure Security Center
-Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
+[Security Center](../../security-center/security-center-intro.md) helps you prevent, detect, and respond to threats, and provides you increased visibility into, and control over, the security of your Azure resources. It provides integrated Security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
 
 ## Identity and access management
 Securing systems, applications, and data begins with identity-based access controls. The identity and access management features that are built into Microsoft business products and services help protect your organizational and personal information from unauthorized access while making it available to legitimate users whenever and wherever they need it.
