Merge pull request #223265 from ElazarK/WI58488-freshness-batch1

freshness update

Author: prmerger-automator[bot]

articles/defender-for-cloud/other-threat-protections.md

@@ -1,10 +1,10 @@
 ---
-title: Additional threat protections from Microsoft Defender for Cloud
+title: Other threat protections from Microsoft Defender for Cloud
 description: Learn about the threat protections available from Microsoft Defender for Cloud
 ms.topic: overview
-ms.date: 12/05/2022
+ms.date: 01/08/2023
 ---
-# Additional threat protections in Microsoft Defender for Cloud
+# Other threat protections in Microsoft Defender for Cloud
 
 In addition to its built-in [advanced protection plans](defender-for-cloud-introduction.md), Microsoft Defender for Cloud also offers the following threat protection capabilities.
 
@@ -14,7 +14,7 @@ In addition to its built-in [advanced protection plans](defender-for-cloud-intro
 <a name="network-layer"></a>
 
 ## Threat protection for Azure network layer
-Defender for Cloud network-layer analytics are based on sample [IPFIX data](https://en.wikipedia.org/wiki/IP_Flow_Information_Export), which are packet headers collected by Azure core routers. Based on this data feed, Defender for Cloud uses machine learning models to identify and flag malicious traffic activities. Defender for Cloud also uses the Microsoft Threat Intelligence database to enrich IP addresses.
+Defenders for Cloud network-layer analytics are based on sample [IPFIX data](https://en.wikipedia.org/wiki/IP_Flow_Information_Export), which are packet headers collected by Azure core routers. Based on this data feed, Defender for Cloud uses machine learning models to identify and flag malicious traffic activities. Defender for Cloud also uses the Microsoft Threat Intelligence database to enrich IP addresses.
 
 Some network configurations restrict Defender for Cloud from generating alerts on suspicious network activity. For Defender for Cloud to generate network alerts, ensure that:
 
@@ -29,7 +29,7 @@ For a list of the Azure network layer alerts, see the [Reference table of alerts
 
 Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security) is a cloud access security broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
 
-If you've enabled Microsoft Defender for Cloud Apps, and selected the integration from within Defender for Cloud's settings, your hardening recommendations from Defender for Cloud will appear in Defender for Cloud Apps with no additional configuration needed.
+Once Microsoft Defender for Cloud Apps has been enabled, you can then select the integration from within Defender for Cloud's settings. Your hardened recommendations from Defender for Cloud will appear in Defender for Cloud Apps with no other configuration needed.
 
 > [!NOTE]
 > Defender for Cloud stores security-related customer data in the same geo as its resource. If Microsoft hasn't yet deployed Defender for Cloud in the resource's geo, then it stores the data in the United States. When Microsoft Defender for Cloud Apps is enabled, this information is stored in accordance with the geo location rules of Microsoft Defender for Cloud Apps. For more information, see [Data storage for non-regional services](https://azuredatacentermap.azurewebsites.net/).
@@ -47,7 +47,7 @@ Azure Application Gateway offers a web application firewall (WAF) that provides
 
 Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. The Application Gateway WAF is based on Core Rule Set 3.0 or 2.2.9 from the Open Web Application Security Project. The WAF is updated automatically to protect against new vulnerabilities. 
 
-If you have created [WAF Security solution](partner-integration.md#add-data-sources), your WAF alerts are streamed to Defender for Cloud with no additional configurations. For more information on the alerts generated by WAF, see [Web application firewall CRS rule groups and rules](../web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md?tabs=owasp31#crs911-31).
+If you have created [WAF Security solution](partner-integration.md#add-data-sources), your WAF alerts are streamed to Defender for Cloud with no other configurations. For more information on the alerts generated by WAF, see [Web application firewall CRS rule groups and rules](../web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md?tabs=owasp31#crs911-31).
 
 > [!NOTE]
 > Only WAF v1 is supported and will work with Microsoft Defender for Cloud.
@@ -60,11 +60,11 @@ Distributed denial of service (DDoS) attacks are known to be easy to execute. Th
 
 To defend against DDoS attacks, purchase a license for Azure DDoS Protection and ensure you're following application design best practices. DDoS Protection provides different service tiers. For more information, see [Azure DDoS Protection overview](../ddos-protection/ddos-protection-overview.md).
 
-If you have Azure DDoS Protection enabled, your DDoS alerts are streamed to Defender for Cloud with no additional configuration needed. For more information on the alerts generated by DDoS Protection, see [Reference table of alerts](alerts-reference.md#alerts-azureddos).
+If you have Azure DDoS Protection enabled, your DDoS alerts are streamed to Defender for Cloud with no other configuration needed. For more information on the alerts generated by DDoS Protection, see [Reference table of alerts](alerts-reference.md#alerts-azureddos).
 
 ## Entra Permission Management (formerly Cloudknox)
 
-[Microsoft Entra Permissions Management](../active-directory/cloud-infrastructure-entitlement-management/index.yml) is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS, and GCP. 
+[Microsoft Entra Permissions Management](../active-directory/cloud-infrastructure-entitlement-management/index.yml) is a cloud infrastructure entitlement management (CIEM) solution. Entra Permission Management provides comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS, and GCP. 
 
 As part of the integration, each onboarded Azure subscription, AWS account, and GCP project give you a view of your [Permission Creep Index (PCI)](../active-directory/cloud-infrastructure-entitlement-management/ui-dashboard.md). The PCI is an aggregated metric that periodically evaluates the level of risk associated with the number of unused or excessive permissions across identities and resources. PCI measures how risky identities can potentially be, based on the permissions available to them.
 

articles/defender-for-cloud/tutorial-protect-resources.md

@@ -3,7 +3,7 @@ title: Access & application controls tutorial - Microsoft Defender for Cloud
 description: This tutorial shows you how to configure a just-in-time VM access policy and an application control policy.
 ms.topic: tutorial
 ms.custom: mvc
-ms.date: 11/09/2021
+ms.date: 01/08/2023
 
 ---
 # Tutorial: Protect your resources with Microsoft Defender for Cloud
@@ -22,7 +22,7 @@ To step through the features covered in this tutorial, you must have Defender fo
 ## Manage VM access
 JIT VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
 
-Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just-in-time is enabled, Defender for Cloud uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.
+Management ports don't need to be open always. They only need to be open while you're connected to the VM, for example to perform management or maintenance tasks. When just-in-time is enabled, Defender for Cloud uses Network Security Group (NSG) rules, which restrict access to management ports so they can't be targeted by attackers.
 
 Follow the guidance in [Secure your management ports with just-in-time access](just-in-time-access-usage.md).
 

articles/defender-for-cloud/tutorial-security-incident.md

@@ -4,14 +4,14 @@ description: In this tutorial, you'll learn how to triage security alerts and de
 ms.assetid: 181e3695-cbb8-4b4e-96e9-c4396754862f
 ms.topic: tutorial
 ms.custom: ignite-2022
-ms.date: 11/09/2021
+ms.date: 01/08/2023
 ---
 
 # Tutorial: Triage, investigate, and respond to security alerts
 
 Microsoft Defender for Cloud continuously analyzes your hybrid cloud workloads using advanced analytics and threat intelligence to alert you about potentially malicious activities in your cloud resources. You can also integrate alerts from other security products and services into Defender for Cloud. Once an alert is raised, swift action is needed to investigate and remediate the potential security issue. 
 
-In this tutorial, you will learn how to:
+In this tutorial, you'll learn how to:
 
 > [!div class="checklist"]
 > * Triage security alerts
@@ -21,7 +21,9 @@ In this tutorial, you will learn how to:
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
 
 ## Prerequisites
-To step through the features covered in this tutorial, you must have Defender for Cloud's enhanced security features enabled. You can try these at no cost. To learn more, see the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/). The quickstart [Get started with Defender for Cloud](get-started.md) walks you through how to upgrade.
+To step through the features covered in this tutorial, you must have Defender for Cloud's enhanced security features enabled. To learn more about Defender for Cloud's pricing, see the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/). 
+
+The quickstart, [Get started with Defender for Cloud](get-started.md) walks you through the upgrade process.
 
 
 ## Triage security alerts
@@ -78,7 +80,7 @@ After you've investigated a security alert and understood its scope, you can res
 
     :::image type="content" source="./media/tutorial-security-incident/set-status-dismissed.png" alt-text="Setting an alert's status":::
 
-    This removes the alert from the main alerts list. You can use the filter from the alerts list page to view all alerts with **Dismissed** status.
+    The alert is then removed from the main list of alerts. You can use the filter from the alerts list page to view all alerts with **Dismissed** status.
 
 1.	We encourage you to provide feedback about the alert to Microsoft:
     1. Marking the alert as **Useful** or **Not useful**.
@@ -89,7 +91,7 @@ After you've investigated a security alert and understood its scope, you can res
     > [!TIP]
     > We review your feedback to improve our algorithms and provide better security alerts.
 
-## End the tutorial
+## CLean up resources
 
 Other quickstarts and tutorials in this collection build upon this quickstart. If you plan to continue to work with subsequent quickstarts and tutorials, keep automatic provisioning and Defender for Cloud's enhanced security features enabled. 
 
@@ -115,7 +117,8 @@ If you don't plan to continue, or you want to disable either of these features:
     > Disabling extensions does not remove the Log Analytics agent from Azure VMs that already have the agent, but does limits security monitoring for your resources.
 
 ## Next steps
-In this tutorial, you learned about Defender for Cloud features to be used when responding to a security alert. For related material see:
+
+In this tutorial, you learned about Defender for Cloud features to be used when responding to a security alert. For related material, see:
 
 - [Respond to Microsoft Defender for Key Vault alerts](defender-for-key-vault-usage.md)
 - [Security alerts - a reference guide](alerts-reference.md)