Merge pull request #261921 from dcurwin/wi-192030-dscpm-gcp-dec24-2023

GCP CSPM

Author: Jill Grant

articles/defender-for-cloud/media/quickstart-onboard-gcp/cspm-configuration.png

@@ -9,7 +9,7 @@ ms.date: 11/23/2023
 
 Workloads commonly span multiple cloud platforms. Cloud security services must do the same. Microsoft Defender for Cloud helps protect workloads in Google Cloud Platform (GCP), but you need to set up the connection between them and Defender for Cloud.
 
-If you're connecting a GCP project that you previously connected by using the classic connector, you must [remove it](how-to-use-the-classic-connector.md#remove-classic-gcp-connectors) first. Using a GCP project that's connected by both the classic and native connectors can produce duplicate recommendations.
+If you're connecting a GCP project that you previously connected by using the classic connector, you must [remove it](how-to-use-the-classic-connector.md#remove-classic-gcp-connectors) first. Using a GCP project connected by both the classic and native connectors can produce duplicate recommendations.
 
 This screenshot shows GCP accounts displayed in the Defender for Cloud [overview dashboard](overview-page.md).
 
@@ -70,20 +70,20 @@ In this section of the wizard, you select the Defender for Cloud plans that you
     1. Select the deployment type:
 
         - **Default access**: Allows Defender for Cloud to scan your resources and automatically include future capabilities.
-        - **Least privilege access**: Grants Defender for Cloud access to only the current permissions needed for the selected plans. If you select the least privileged permissions, you'll receive notifications on any new roles and permissions that are required to get full functionality for connector health.
+        - **Least privilege access**: Grants Defender for Cloud access to only the current permissions needed for the selected plans. If you select the least privileged permissions, you receive notifications on any new roles and permissions that are required to get full functionality for connector health.
 
     1. Select the deployment method: **GCP Cloud Shell** or **Terraform**.
 
     :::image type="content" source="media/quickstart-onboard-gcp/add-gcp-project-configure-access.png" alt-text="Screenshot that shows deployment options and instructions for configuring access.":::
 
-1. Follow the on-screen instructions for the selected deployment method to complete the required dependencies on GCP. 
+1. Follow the on-screen instructions for the selected deployment method to complete the required dependencies on GCP.
 
 1. Select **Next: Review and generate**.
 
 1. Select **Create**.
 
    > [!NOTE]
-   > The following APIs must be enabled in order to discover your GCP resources and allow the authentication process to occur: 
+   > The following APIs must be enabled in order to discover your GCP resources and allow the authentication process to occur:
    > - `iam.googleapis.com`
    > - `sts.googleapis.com`
    > - `cloudresourcemanager.googleapis.com`
@@ -200,6 +200,32 @@ To configure the Defender for Containers plan:
 
 1. Continue from step 8 of the [Connect your GCP project](#connect-your-gcp-project) instructions.
 
+### Configure the Defender CSPM plan
+
+If you choose the Microsoft Defender CSPM plan, you need:
+
+- A Microsoft Azure subscription. If you don't have an Azure subscription, you can [sign up for a free subscription](https://azure.microsoft.com/pricing/free-trial/).
+- You must [enable Microsoft Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
+- In order to gain access to all of the features available from the CSPM plan, the plan must be enabled by the **Subscription Owner**.
+
+Learn more about how to [enable Defender CSPM](tutorial-enable-cspm-plan.md).
+
+To configure the Defender CSPM plan:
+
+1. Follow the [steps to connect your GCP project](#connect-your-gcp-project).
+
+1. On the **Select plans** tab, select **Configure**.
+
+    :::image type="content" source="media/quickstart-onboard-gcp/view-configuration.png" alt-text="Screenshot that shows the link for configuring the Defender CSPM plan.":::
+
+1. On the **Plan configuration** pane, turn the toggles to **On** or **Off**. To get the full value of Defender CSPM, we recommend that you turn all toggles to **On**.
+
+    :::image type="content" source="media/quickstart-onboard-gcp/cspm-configuration.png" alt-text="Screenshot that shows toggles for Defender CSPM.":::
+
+1. Select **Save**.
+
+1. Continue from step 8 of the [Connect your GCP project](#connect-your-gcp-project) instructions.
+
 ## Monitor your GCP resources
 
 The security recommendations page in Defender for Cloud displays your GCP resources together with your Azure and AWS resources for a true multicloud view.
@@ -210,9 +236,9 @@ To view all the active recommendations for your resources by resource type, use
 
 ## Integrate with Microsoft Defender XDR (Preview)
 
-When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed.
+When you enable Defender for Cloud, Defender for Cloud alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed.
 
-The integration between Microsoft Defender for Cloud and Microsoft Defender XDR brings your cloud environments into Microsoft Defender XDR. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft Defender XDR, SOC teams can now access all security information from a single interface. 
+The integration between Microsoft Defender for Cloud and Microsoft Defender XDR brings your cloud environments into Microsoft Defender XDR. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft Defender XDR, SOC teams can now access all security information from a single interface.
 
 Learn more about Defender for Cloud's [alerts in Microsoft Defender XDR](concept-integration-365.md).
 
@@ -223,4 +249,4 @@ Connecting your GCP project is part of the multicloud experience available in Mi
 - [Protect all of your resources with Defender for Cloud](enable-all-plans.md).
 - Set up your [on-premises machines](quickstart-onboard-machines.md) and [AWS account](quickstart-onboard-aws.md).
 - [Troubleshoot your multicloud connectors](troubleshooting-guide.md#troubleshooting-the-native-multicloud-connector).
-- Get answers to [common questions](faq-general.yml) about connecting your GCP project.
+- Get answers to [common questions](faq-general.yml) about connecting your GCP project.