Merge pull request #94080 from memildin/asc-melvyn-daily

For after Ignite Keynote - cumulative updates

Author: SyntaxC4

.openpublishing.redirection.json

@@ -26604,6 +26604,11 @@
       "redirect_url": "/azure/security-center/security-center-features-retirement-july2019#custom-alert-rules-preview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-policies-overview.md",
+      "redirect_url": "/azure/security-center/tutorial-security-policy.md",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-network/virtual-network-deploy-multinic-arm-cli.md",
       "redirect_url": "/azure/virtual-machines/linux/multiple-nics",

articles/security-center/TOC.yml

@@ -40,6 +40,14 @@
     href: security-center-using-recommendations.md
   - name: Cross-tenant management
     href: security-center-cross-tenant-management.md 
+  - name: Container security
+    items:
+    - name: Container security overview
+      href: container-security.md    
+    - name: Integration with Azure Container Registry
+      href: azure-container-registry-integration.md
+    - name: Integration with Azure Kubernetes Service
+      href: azure-kubernetes-service-integration.md
   - name: Threat detection alerts and incidents
     items:
     - name: Security alerts overview
@@ -54,7 +62,7 @@
       href: security-center-alerts-compute.md
     - name: Threat detection for data services
       href: security-center-alerts-data-services.md
-    - name: Threat detection for Azure service layer
+    - name: Threat detection for Azure service layers
       href: security-center-alerts-service-layer.md   
     - name: Integration with Azure Security Products
       href: security-center-alerts-integration.md
@@ -71,33 +79,47 @@
     href: security-center-secure-score.md
   - name: Upgrade to advanced security
     href: security-center-onboarding.md
-  - name: Server protection with Microsoft Defender ATP
+  - name: Protect your servers with Microsoft Defender ATP
     href: security-center-wdatp.md
-  - name: Advanced data security for SQL on Azure VMs (Public Preview)
+  - name: Use advanced data security for SQL on Azure VMs
     href: security-center-iaas-advanced-data.md
   - name: Use App Service to protect your applications
     href: security-center-app-services.md
-  - name: Working with security policies
-    href: tutorial-security-policy.md
+  - name: Use security policies
+    items:
+    - name: Overview of security policies
+      href: tutorial-security-policy.md
+    - name: Use built-in security policies
+      href: security-center-policy-definitions.md 
+    - name: Create custom security policies
+      href: custom-security-policies.md
+    - name: Manage policies with the Azure Policy REST API
+      href: configure-security-policy-azure-policy.md
+  - name: Add dynamic compliance packages
+    href: update-regulatory-compliance-packages.md
   - name: Customize the information protection policy
     href: security-center-info-protection-policy.md
   - name: Manage security solutions
     href: security-center-partner-integration.md
   - name: Automate onboarding using PowerShell
     href: security-center-powershell-onboarding.md
-  - name: Security Center settings
-    href: security-center-policies-overview.md
+  - name: Integrate with Windows Admin Center
+    href: windows-admin-center-integration.md
   - name: Compare baselines using File Integrity Monitoring
     href: security-center-file-integrity-monitoring-baselines.md
-  - name: Data collection
+  - name: Automate responses to alerts and recommendations
+    href: workflow-automation.md
+  - name: Export alerts and recommendations
+    href: continuous-export.md
+  - name: Configure your data collection
     href: security-center-enable-data-collection.md
-  - name: Built-in security policies
-    href: security-center-policy-definitions.md
-  - name: Email notifications
+  - name: Set up advanced threat protection for Azure Key Vault
+    href: advanced-threat-protection-key-vault.md
+  - name: Set up email notifications
     href: security-center-provide-security-contact-details.md
   - name: Pricing
     href: security-center-pricing.md
-  - name: Tenant-wide visibility
+  - name: Gain tenant-wide visibility
     href: security-center-management-groups.md
   - name: Implement security recommendations
     items:
@@ -167,7 +189,7 @@
   - name: Manage user data
     href: security-center-privacy.md
   - name: Azure Security Center for IoT documentation
-    href: https://docs.microsoft.com/en-us/azure/asc-for-iot/
+    href: https://docs.microsoft.com/azure/asc-for-iot/
   - name: FAQ
     href: security-center-faq.md
   - name: Azure security documentation

articles/security-center/advanced-threat-protection-key-vault.md

@@ -0,0 +1,42 @@
+---
+title: How to set up advanced threat protection for Azure Key Vault | Microsoft Docs
+description: This article explains how to set up advanced threat protection for Azure Key Vault in Azure Security Center
+services: security-center
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.topic: conceptual
+ms.date: 11/04/2019
+ms.author: memildin
+
+---
+# How to set up advanced threat protection for Azure Key Vault (Preview)
+
+Advanced threat protection for Azure Key Vault provides an additional layer of security intelligence. This tool detects potentially harmful attempts to access or exploit Key Vault accounts. Using Security Center's native advanced threat protection, you can address threats without being a security expert, and without learning additional security monitoring systems.
+
+When Security Center detects anomalous activity, it displays alerts. It also emails the subscription administrator with details of the suspicious activity and recommendations for how to investigate and remediate the identified threats. 
+
+> [!NOTE]
+> Advanced threat protection for Azure Key Vault is currently only available in North America regions.
+
+## To set up advanced threat protection from Azure Security Center
+
+By default, advanced threat protection is enabled for all of your Key Vault accounts when you subscribe to Security Center's Standard tier (see [pricing](security-center-pricing.md)). 
+
+To enable or disable the protection for a specific subscription:
+
+1. From Security Center's sidebar, click **Pricing & settings**.
+1. Select the subscription with the storage accounts for which you want to enable or disable threat protection.
+1. Click **Pricing tier**.
+1. From the **Select pricing tier by resource type** group, find the Key Vaults row and click **Enabled** or **Disabled**.
+    [![Enabling or disabling the advanced threat protection for Key Vault in Azure Security Center](media/advanced-threat-protection-key-vault/atp-for-akv-enable-atp-for-akv.png)](media/advanced-threat-protection-key-vault/atp-for-akv-enable-atp-for-akv.png#lightbox)
+1. Click **Save**.
+
+
+## Next steps
+
+In this article, you learned how to enable and disable advanced threat protection for Azure Key Vault. 
+
+For other related material, see the following article:
+
+- [Threat detection for the Azure services layers in Security Center](security-center-alerts-service-layer.md) - This article describes the alerts related to advanced threat protection for Azure Key Vault

articles/security-center/azure-container-registry-integration.md

@@ -0,0 +1,44 @@
+---
+title: Azure Security Center and Azure Container Registry | Microsoft Docs
+description: "Learn about Azure Security Center's integration with Azure Container Registry"
+services: security-center
+documentationcenter: na
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 11/04/2019
+ms.author: memildin
+
+---
+
+# Azure Container Registry integration with Security Center (Preview)
+
+Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. It's based on the open-source Docker Registry 2.0.
+
+When using ACR together with Azure Security Center's standard tier (see [pricing](security-center-pricing.md)), you gain deeper visibility into your registry and images' vulnerabilities.
+
+[![Azure Container Registry (ACR) recommendations inside Azure Security Center](media/azure-container-registry-integration/container-security-acr-page.png)](media/azure-container-registry-integration/container-security-acr-page.png#lightbox)
+
+## Benefits of integration
+
+Security Center identifies ACR registries in your subscription and seamlessly provides:
+
+* **Azure-native vulnerability scanning** for all pushed Linux images. Security Center scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys. This native solution is seamlessly integrated by default.
+
+* **Security recommendations** for Linux images with known vulnerabilities. Security Center provides details of each reported vulnerability and a  severity classification. Additionally, it gives guidance for how to  remediate the specific vulnerabilities found on each image pushed to registry.
+
+![Azure Security Center and Azure Container Registry (ACR) high-level overview](./media/azure-container-registry-integration/aks-acr-integration-detailed.png)
+
+## Next steps
+
+To learn more about Security Center's container security features, see:
+
+* [Azure Security Center and container security](container-security.md)
+
+* [Integration with Azure Kubernetes Service](azure-kubernetes-service-integration.md)
+
+* [Virtual Machine protection](security-center-virtual-machine-protection.md) - Describes Security Center's recommendations

articles/security-center/azure-kubernetes-service-integration.md

@@ -0,0 +1,59 @@
+---
+title: Azure Security Center and Azure Kubernetes Service | Microsoft Docs
+description: "Learn about Azure Security Center's integration with Azure Kubernetes Services"
+services: security-center
+documentationcenter: na
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 11/04/2019
+ms.author: memildin
+
+---
+
+# Azure Kubernetes Services integration with Security Center (Preview)
+Azure Kubernetes Service (AKS) is Microsoft’s managed service for developing, deploying, and managing containerized applications. 
+
+Use AKS together with Azure Security Center's standard tier (see [pricing](security-center-pricing.md)) to gain deeper visibility to your AKS nodes, cloud traffic, and security controls.
+
+Security Center brings security benefits to your AKS clusters using  data already gathered by the AKS master node. 
+
+![Azure Security Center and Azure Kubernetes Service (AKS) high-level overview](./media/azure-kubernetes-service-integration/aks-asc-integration-overview.png)
+
+Together, these two tools form the best cloud-native Kubernetes security offering. 
+
+## Benefits of integration
+
+Using the two services together provides:
+
+* **Security recommendations** - Security Center identifies your AKS resources and categorizes them: from clusters to individual virtual machines. You can then view security recommendations per resource. For more information, see [How to implement security recommendations](security-center-recommendations.md). 
+
+    > [!NOTE]
+    > If the name of a Security Center recommendation ends with a "(Preview)" tag, it's referring to the preview nature of the recommendation; not the feature.
+
+* **Environment hardening** - Security Center constantly monitors the configuration of your Kubernetes clusters, and generates security recommendations that reflect industry standards.
+
+* **Run-time protection** - Through continuous analysis of the following AKS sources, Security Center alerts you to threats and malicious activity detected at the host *and* AKS cluster level (for more information, see [Azure container service](https://docs.microsoft.com/azure/security-center/security-center-alerts-compute#azure-container-service-)):
+    * Raw security events, such as network data and process creation
+    * The Kubernetes audit log
+
+![Azure Security Center and Azure Kubernetes Service (AKS) in more detail](./media/azure-kubernetes-service-integration/aks-asc-integration-detailed.png)
+
+> [!NOTE]
+> Some of the data scanned by Azure Security Center from your Kubernetes environment may contain sensitive information.
+
+## Next steps
+
+To learn more about Security Center's container security features, see:
+
+* [Azure Security Center and container security](container-security.md)
+
+* [Integration with Azure Container Registry](azure-container-registry-integration.md)
+
+* [Virtual Machine protection](security-center-virtual-machine-protection.md) - Describes Security Center's recommendations
+
+* [Data management at Microsoft](https://www.microsoft.com/trust-center/privacy/data-management) - Describes the data policies of Microsoft services (including Azure, Intune, and Office 365), details of Microsoft’s data management, and the retention policies that affect your data

articles/security-center/configure-security-policy-azure-policy.md

@@ -0,0 +1,137 @@
+---
+title: Create and edit Azure Policy security policies using the REST API | Microsoft Docs
+description: Learn about Azure Policy policy management via a REST API.
+services: security-center
+author: memildin
+manager: rkarlin
+ms.service: security-center
+ms.topic: conceptual
+ms.date: 11/04/2019
+ms.author: memildin
+---
+
+# Configure a security policy in Azure Policy using the REST API
+
+As part of the native integration with Azure Policy, Azure Security Center enables you to take advantage Azure Policy’s REST API to create policy assignments. The following instructions walk you through creation of policy assignments, as well as customization of existing assignments. 
+
+Important concepts in Azure Policy: 
+
+- A **policy definition** is a rule 
+
+- An **initiative** is a collection of policy definitions (rules) 
+
+- An **assignment** is an application of an initiative or a policy to a specific scope (management group, subscription, etc.) 
+
+Security Center has a built-in initiative that includes all of its security policies. To assess Security Center’s policies on your Azure resources, you should create an assignment on the management group, or subscription you want to assess.
+
+The built-in initiative has all of Security Center’s policies enabled by default. You can choose to disable certain policies from the built-in initiative. For example, to apply all of Security Center’s policies except **web application firewall**, change the value of the policy’s effect parameter to **Disabled**. 
+
+## API examples
+
+In the following examples, replace these variables:
+
+- **{scope}** enter the name of the management group or subscription to which you're applying the policy.
+- **{policyAssignmentName}** enter the [name of the relevant policy assignment](#policy-names).
+- **{name}** enter your name, or the name of the administrator who approved the policy change.
+
+This example shows you how to assign the built-in Security Center initiative on a subscription or management group
+ 
+ ```
+    PUT  
+    https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2018-05-01 
+
+    Request Body (JSON) 
+
+    { 
+
+      "properties":{ 
+
+    "displayName":"Enable Monitoring in Azure Security Center", 
+
+    "metadata":{ 
+
+    "assignedBy":"{Name}" 
+
+    }, 
+
+    "policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", 
+
+    "parameters":{}, 
+
+    } 
+
+    } 
+ ```
+
+This example shows you how to assign the built-in Security Center initiative on a subscription, with the following policies disabled: 
+
+- System updates (“systemUpdatesMonitoringEffect”) 
+
+- Security configurations ("systemConfigurationsMonitoringEffect") 
+
+- Endpoint protection ("endpointProtectionMonitoringEffect") 
+
+ ```
+    PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2018-05-01 
+    
+    Request Body (JSON) 
+    
+    { 
+    
+      "properties":{ 
+    
+    "displayName":"Enable Monitoring in Azure Security Center", 
+    
+    "metadata":{ 
+    
+    "assignedBy":"{Name}" 
+    
+    }, 
+    
+    "policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", 
+    
+    "parameters":{ 
+    
+    "systemUpdatesMonitoringEffect":{"value":"Disabled"}, 
+    
+    "systemConfigurationsMonitoringEffect":{"value":"Disabled"}, 
+    
+    "endpointProtectionMonitoringEffect":{"value":"Disabled"}, 
+    
+    }, 
+    
+     } 
+    
+    } 
+ ```
+This example shows you how to remove an assignment:
+ ```
+    DELETE   
+    https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2018-05-01 
+ ```
+
+## Policy names reference <a name="policy-names"></a>
+
+|Policy name in Security Center|Policy name displayed in Azure Policy |Policy effect parameter name|
+|----|----|----|
+|SQL Encryption |Monitor unencrypted SQL database in Azure Security Center |sqlEncryptionMonitoringEffect| 
+|SQL Auditing |Monitor unaudited SQL database in Azure Security Center |sqlAuditingMonitoringEffect|
+|System updates |Monitor missing system updates in Azure Security Center |systemUpdatesMonitoringEffect|
+|Storage encryption |Audit missing blob encryption for storage accounts |storageEncryptionMonitoringEffect|
+|JIT Network access |Monitor possible network just-in-time (JIT) access in Azure Security Center |jitNetworkAccessMonitoringEffect |
+|Adaptive application controls |Monitor possible app Whitelisting in Azure Security Center |adaptiveApplicationControlsMonitoringEffect|
+|Network security groups |Monitor permissive network access in Azure Security Center |networkSecurityGroupsMonitoringEffect| 
+|Security configurations |Monitor OS vulnerabilities in Azure Security Center |systemConfigurationsMonitoringEffect| 
+|Endpoint protection |Monitor missing Endpoint Protection in Azure Security Center |endpointProtectionMonitoringEffect |
+|Disk encryption |Monitor unencrypted VM Disks in Azure Security Center |diskEncryptionMonitoringEffect|
+|Vulnerability assessment |Monitor VM Vulnerabilities in Azure Security Center |vulnerabilityAssessmentMonitoringEffect|
+|Web application firewall |Monitor unprotected web application in Azure Security Center |webApplicationFirewallMonitoringEffect |
+|Next generation firewall |Monitor unprotected network endpoints in Azure Security Center| |
+
+
+## Next steps
+
+For other related material, see the following articles: 
+
+- [Custom security policies](custom-security-policies.md)
+- [Security policy overview](tutorial-security-policy.md)