Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI185347-EDR-discovery

Author: ElazarK

articles/aks/enable-fips-nodes.md

@@ -16,6 +16,9 @@ The Federal Information Processing Standard (FIPS) 140-2 is a US government stan
 
 * Azure CLI version 2.32.0 or later installed and configured. Run `az --version` to find the version. For more information about installing or upgrading the Azure CLI, see [Install Azure CLI][install-azure-cli].
 
+> [!NOTE]
+>   AKS Monitoring Addon supports FIPS enabled node pools with Ubuntu, Azure Linux, and Windows starting with Agent version 3.1.17 (Linux) and Win-3.1.17 (Windows).
+
 ## Limitations
 
 * FIPS-enabled node pools have the following limitations:

articles/azure-monitor/autoscale/autoscale-troubleshoot.md

@@ -4,7 +4,7 @@ description: Tracking down problems with Azure Monitor autoscaling used in Azure
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: conceptual
-ms.date: 11/4/2019
+ms.date: 02/21/2024
 ms.subservice: autoscale
 ms.reviewer: akkumari
 ---

articles/azure-monitor/containers/container-insights-overview.md

@@ -24,9 +24,7 @@ Container insights sends data to a [Log Analytics workspace](../logs/data-platfo
 
 :::image type="content" source="media/container-insights-overview/aks-monitor-data.png" lightbox="media/container-insights-overview/aks-monitor-data.png" alt-text="Diagram of collection of monitoring data from Kubernetes cluster using Container insights and related services." border="false":::
 
-
-
-### Supported configurations
+## Supported configurations
 Container insights supports the following environments:
 
 - [Azure Kubernetes Service (AKS)](../../aks/index.yml)
@@ -46,6 +44,11 @@ Container insights supports the following environments:
 >
 > Container insights support for Windows Server 2022 operating system is in public preview.
 
+## Security
+
+- Container Insights supports FIPS enabled Linux and Windows node pools starting with Agent version 3.1.17 (Linux)  & Win-3.1.17 (Windows).
+- Starting with Agent version 3.1.17 (Linux) and Win-3.1.17 (Windows), Container Insights agents images (both Linux and Windows) are signed and  for Windows agent,  binaries inside the container are signed as well
+
 ## Access Container insights
 
 Access Container insights in the Azure portal from **Containers** in the **Monitor** menu or directly from the selected AKS cluster by selecting **Insights**. The Azure Monitor menu gives you the global perspective of all the containers that are deployed and monitored. This information allows you to search and filter across your subscriptions and resource groups. You can then drill into Container insights from the selected container. Access Container insights for a particular cluster from its page in the Azure portal.

articles/defender-for-cloud/alerts-suppression-rules.md

@@ -1,7 +1,7 @@
 ---
 title: Suppressing false positives or other unwanted security alerts
-description: This article explains how to use Microsoft Defender for Cloud's suppression rules to hide unwanted security alerts, such as false positives
-ms.date: 01/09/2023
+description: This article explains how to use Microsoft Defender for Cloud's suppression rules to hide unwanted security alerts, such as false positives.
+ms.date: 03/11/2024
 ms.topic: how-to
 ms.author: dacurwin
 author: dcurwin
@@ -69,11 +69,11 @@ To edit a rule you've created from the suppression rules page:
 
 1. From Defender for Cloud's security alerts page, select **Suppression rules** at the top of the page.
 
-    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-button.png" alt-text="Screenshot of the suppression rule button in the Security Alerts page.":::
+    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-button.png" alt-text="Screenshot that shows the suppression rule button in the Security Alerts page." lightbox="media/alerts-suppression-rules/suppression-rules-button.png":::
 
 1. The suppression rules page opens with all the rules for the selected subscriptions.
 
-    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-page.png" alt-text="Screenshot of the Suppression rules page where you can review the suppression rules and create new ones." lightbox="media/alerts-suppression-rules/suppression-rules-page.png":::
+    :::image type="content" source="media/alerts-suppression-rules/suppression-rules-page.png" alt-text="Screenshot that shows the Suppression rules page where you can review the suppression rules and create new ones." lightbox="media/alerts-suppression-rules/suppression-rules-page.png":::
 
 1. To edit a single rule, open the three dots (...) at the end of the rule and select **Edit**.
 1. Change the details of the rule and select **Apply**.
@@ -101,6 +101,4 @@ For details and usage examples, see the [API documentation](/rest/api/defenderfo
 
 This article described the suppression rules in Microsoft Defender for Cloud that automatically dismiss unwanted alerts.
 
-Learn more about security alerts:
-
-- [Security alerts generated by Defender for Cloud](alerts-reference.md)
+Learn more about [security alerts generated by Defender for Cloud](alerts-reference.md).

articles/defender-for-cloud/concept-regulatory-compliance.md

@@ -2,26 +2,26 @@
 title: The Microsoft cloud security benchmark in Microsoft Defender for Cloud
 description: Learn about the Microsoft cloud security benchmark in Microsoft Defender for Cloud.
 ms.topic: conceptual
-ms.date: 01/10/2023
+ms.date: 03/13/2024
 ---
 
 # Microsoft cloud security benchmark in Defender for Cloud
 
-Industry standards, regulatory standards, and benchmarks are represented in Microsoft Defender for Cloud as [security standards](security-policy-concept.md), and are assigned to scopes such as Azure subscriptions, AWS accounts, and GCP projects.
+Industry standards, regulatory standards, and benchmarks are represented in Microsoft Defender for Cloud as [security standards](security-policy-concept.md). These standards are assigned to scopes such as Azure subscriptions, AWS accounts, and GCP projects.
 
 Defender for Cloud continuously assesses your hybrid cloud environment against these standards, and provides information about compliance in the **Regulatory compliance** dashboard.
 
 When you onboard subscriptions and accounts to Defender for Cloud, the [Microsoft cloud security benchmark](/security/benchmark/azure/introduction) (MCSB) automatically starts to assess resources in scope.
 
 This benchmark builds on the cloud security principles defined by the Azure Security Benchmark and applies these principles with detailed technical implementation guidance for Azure, for other cloud providers (such as AWS and GCP), and for other Microsoft clouds.
 
-:::image type="content" source="media/concept-regulatory-compliance/microsoft-security-benchmark.png" alt-text="Image that shows the components that make up the Microsoft cloud security benchmark.":::
+:::image type="content" source="media/concept-regulatory-compliance/microsoft-security-benchmark.png" alt-text="Image that shows the components that make up the Microsoft cloud security benchmark." lightbox="media/concept-regulatory-compliance/microsoft-security-benchmark.png":::
 
 The compliance dashboard gives you a view of your overall compliance standing. Security for non-Azure platforms follows the same cloud-neutral security principles as Azure. Each control within the benchmark provides the same granularity and scope of technical guidance across Azure and other cloud resources. 
 
 :::image type="content" source="media/concept-regulatory-compliance/compliance-dashboard.png" alt-text="Screenshot of a sample regulatory compliance page in Defender for Cloud." lightbox="media/concept-regulatory-compliance/compliance-dashboard.png":::
 
-From the compliance dashboard, you're able to manage all of your compliance requirements for your cloud deployments, including automatic, manual and shared responsibilities.
+From the compliance dashboard, you're able to manage all of your compliance requirements for your cloud deployments, including automatic, manual, and shared responsibilities.
 
 > [!NOTE]
 > Shared responsibilities is only compatible with Azure.

articles/defender-for-cloud/defender-for-app-service-introduction.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for App Service - the benefits and features
-description: Learn about the capabilities of Microsoft Defender for App Service and how to enable it on your subscription
-ms.date: 01/10/2023
+description: Learn about the capabilities of Microsoft Defender for App Service and how to enable it on your subscription.
+ms.date: 03/12/2024
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
@@ -17,7 +17,7 @@ To protect your Azure App Service plan with Microsoft Defender for App Service,
 
 - A supported App Service plan associated with dedicated machines. Supported plans are listed in [Availability](#availability).
 
-- Defender for Cloud's enhanced protections enabled on your subscription as described in [Quickstart: Enable enhanced security features](enable-enhanced-security.md).
+- Defender for Cloud's enhanced protections enabled on your subscription as described in [Enable enhanced security features](connect-azure-subscription.md).
 
     > [!TIP]
     > You can optionally enable individual Microsoft Defender plans, like Microsoft Defender for App Service.
@@ -35,11 +35,11 @@ To protect your Azure App Service plan with Microsoft Defender for App Service,
 
 Azure App Service is a fully managed platform for building and hosting your web apps and APIs. Since the platform is fully managed, you don't have to worry about the infrastructure. It provides management, monitoring, and operational insights to meet enterprise-grade performance, security, and compliance requirements. For more information, see [Azure App Service](https://azure.microsoft.com/services/app-service/).
 
-**Microsoft Defender for App Service** uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that will be used later.
+**Microsoft Defender for App Service** uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that can be used later.
 
 When you enable Microsoft Defender for App Service, you immediately benefit from the following services offered by this Defender plan:
 
-- **Secure** - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. Use the detailed instructions in these recommendations to harden your App Service resources.
+- **Secure** - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. To harden your App Service resources, use the detailed instructions in these recommendations.
 
 - **Detect** - Defender for App Service detects a multitude of threats to your App Service resources by monitoring:
   - the VM instance in which your App Service is running, and its management interface
@@ -65,7 +65,7 @@ Defender for Cloud monitors for many threats to your App Service resources. The
 
 ### Dangling DNS detection
 
-Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a non-existent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for *existing* dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
+Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a nonexistent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for *existing* dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
 
 Subdomain takeovers are a common, high-severity threat for organizations. When a threat actor detects a dangling DNS entry, they create their own site at the destination address. The traffic intended for the organization’s domain is then directed to the threat actor's site, and they can use that traffic for a wide range of malicious activity.
 
@@ -89,6 +89,6 @@ In this article, you learned about Microsoft Defender for App Service.
 
 For related material, see the following articles:
 
-- To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md).
+- To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to monitoring solutions](export-to-siem.md).
 - For a list of the Microsoft Defender for App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-for-azure-app-service).
 - For more information on App Service plans, see [App Service plans](https://azure.microsoft.com/pricing/details/app-service/plans/).

articles/defender-for-cloud/defender-for-devops-introduction.md

@@ -1,12 +1,12 @@
 ---
 title: Microsoft Defender for Cloud DevOps security - the benefits and features
-description: Learn about the benefits and features of Microsoft DevOps security
-ms.date: 01/24/2023
+description: Learn about the benefits and features of Microsoft DevOps security.
+ms.date: 03/11/2024
 ms.topic: overview
 ms.custom: references_regions
 ---
 
-# Overview of Microsoft Defender for Cloud DevOps Security
+# Overview of Microsoft Defender for Cloud DevOps security
 
 Microsoft Defender for Cloud enables comprehensive visibility, posture management, and threat protection across multicloud environments including Azure, AWS, GCP, and on-premises resources.
 
@@ -40,7 +40,7 @@ Here, you can add [Azure DevOps](quickstart-onboard-devops.md), [GitHub](quickst
 
 The DevOps inventory table allows you to review onboarded DevOps resources and the security information related to them.
 
-:::image type="content" source="media/defender-for-devops-introduction/inventory-grid.png" alt-text="Screenshot of the devops inventory table on the DevOps security overview page." lightbox="media/defender-for-devops-introduction/bottom-of-page.png":::
+:::image type="content" source="media/defender-for-devops-introduction/inventory-grid.png" alt-text="Screenshot that shows the Devops inventory table on the DevOps security overview page." lightbox="media/defender-for-devops-introduction/bottom-of-page.png":::
 
 On this part of the screen you see:
 
@@ -67,7 +67,7 @@ On this part of the screen you see:
 
 - **Findings** - Shows the total number of code, secrets, dependency, and infrastructure-as-code findings identified in the DevOps resource.
 
-This table can be viewed as a flat view at the DevOps resource level (repositories for Azure DevOps and GitHub, projects for GitLab) or in a grouping view showing organizations/projects/groups hierarchy.  Also, the table can be filtered by subscription, resource type, finding type, or severity.
+This table can be viewed as a flat view at the DevOps resource level (repositories for Azure DevOps and GitHub, projects for GitLab) or in a grouping view showing organizations/projects/groups hierarchy. Also, you can filter the table by subscription, resource type, finding type, or severity.
 
 ## Learn more
 
@@ -77,12 +77,10 @@ This table can be viewed as a flat view at the DevOps resource level (repositori
 
 - You can learn about [securing Azure Pipelines](/azure/devops/pipelines/security/overview).
 
-- Learn about [security hardening practices for GitHub Actions](https://docs.github.com/actions/security-guides/security-hardening-for-github-actions).
+- Learn about [security hardening practices for GitHub actions](https://docs.github.com/actions/security-guides/security-hardening-for-github-actions).
 
 ## Next steps
 
-[Connect your Azure DevOps organizations](quickstart-onboard-devops.md).
-
-[Connect your GitHub organizations](quickstart-onboard-github.md).
-
-[Connect your GitLab groups](quickstart-onboard-gitlab.md).
+- [Connect your Azure DevOps organizations](quickstart-onboard-devops.md).
+- [Connect your GitHub organizations](quickstart-onboard-github.md).
+- [Connect your GitLab groups](quickstart-onboard-gitlab.md).

articles/defender-for-cloud/defender-for-dns-introduction.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for DNS - the benefits and features
-description: Learn about the benefits and features of Microsoft Defender for DNS
-ms.date: 01/10/2023
+description: Learn about the benefits and features of Microsoft Defender for DNS.
+ms.date: 03/11/2024
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
@@ -11,9 +11,9 @@ author: dcurwin
 
 [!INCLUDE [Defender for DNS note](./includes/defender-for-dns-note.md)]
 
-Microsoft Defender for DNS provides an additional layer of protection for resources that use Azure DNS's [Azure-provided name resolution](../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#azure-provided-name-resolution) capability.
+Microsoft Defender for DNS provides another layer of protection for resources that use Azure DNS's [Azure-provided name resolution](../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#azure-provided-name-resolution) capability.
 
-From within Azure DNS, Defender for DNS monitors the queries from these resources and detects suspicious activities without the need for any additional agents on your resources.
+From within Azure DNS, Defender for DNS monitors the queries from these resources and detects suspicious activities without the need for any extra agents on your resources.
 
 ## Availability