Merge pull request #179847 from memildin/asc-melvyn-minortweaks

Small tweaks

Author: v-ccolin

articles/aks/concepts-security.md

@@ -130,7 +130,7 @@ To limit network traffic between pods in your cluster, AKS offers support for [K
 
 ## Application Security
 
-To protect pods running on AKS leverage [Azure Defender for Kubernetes][azure-defender-for-kubernetes] to detect and restrict cyber attacks against your applications running in your pods.  Run continual scanning to detect drift in the vulnerability state of your application and implement a "blue/green/canary" process to patch and replace the vulnerable images. 
+To protect pods running on AKS leverage [Microsoft Defender for Kubernetes][azure-defender-for-kubernetes] to detect and restrict cyber attacks against your applications running in your pods.  Run continual scanning to detect drift in the vulnerability state of your application and implement a "blue/green/canary" process to patch and replace the vulnerable images. 
 
 
 ## Kubernetes Secrets

articles/defender-for-cloud/TOC.yml

@@ -326,7 +326,7 @@
   - name: REST APIs documentation
     href: /rest/api/securitycenter/
   - name: Security baseline
-    href: /security/benchmark/azure/baselines/security-center-security-baseline?toc=/azure/security-center/TOC.json
+    href: /security/benchmark/azure/baselines/security-center-security-baseline?toc=/azure/defender-for-cloud/TOC.json
   - name: FAQ for Microsoft Defender for Cloud
     items:
     - name: General questions

articles/defender-for-cloud/defender-for-sql-usage.md

@@ -38,7 +38,7 @@ To enable this plan:
 
 [Step 2. Provision the Log Analytics agent on your SQL server's host:](#step-2-provision-the-log-analytics-agent-on-your-sql-servers-host)
 
-[Step 3. Enable the optional plan in Defender for Cloud's pricing and settings page:](#step-3-enable-the-optional-plan-in-defender-for-clouds-pricing-and-settings-page)
+[Step 3. Enable the optional plan in Defender for Cloud's environment settings page:](#step-3-enable-the-optional-plan-in-defender-for-clouds-environment-settings-page)
 
 
 ### Step 1. Install the agent extension
@@ -59,19 +59,17 @@ To enable this plan:
     - **Connect the Windows machine without Azure Arc** - If you choose to connect a SQL Server running on a Windows machine without using Azure Arc, follow the instructions in [Connect Windows machines to Azure Monitor](../azure-monitor/agents/agent-windows.md).
 
 
-### Step 3. Enable the optional plan in Defender for Cloud's pricing and settings page:
+### Step 3. Enable the optional plan in Defender for Cloud's environment settings page:
 
 1. From Defender for Cloud's menu, open the **Environment settings** page.
 
     - If you're using **Microsoft Defender for Cloud's default workspace** (named “defaultworkspace-[your subscription ID]-[region]”), select the relevant **subscription**.
 
-    - If you're using **a non-default workspace**, select the relevant **workspace** (enter the workspace's name in the filter if necessary):
-
-        ![Finding your non-default workspace by title.](./media/security-center-advanced-iaas-data/pricing-and-settings-workspaces.png)
+    - If you're using **a non-default workspace**, select the relevant **workspace** (enter the workspace's name in the filter if necessary).
 
 1. Set the option for **Microsoft Defender for SQL servers on machines** plan to **on**. 
 
-    :::image type="content" source="./media/security-center-advanced-iaas-data/sql-servers-on-vms-in-pricing-small.png" alt-text="Defender for Cloud pricing page with optional plans.":::
+    :::image type="content" source="./media/security-center-advanced-iaas-data/sql-servers-on-vms-in-pricing-small.png" alt-text="Screenshot of Microsoft Defender for Cloud's 'Defender plans' page with optional plans.":::
 
     The plan will be enabled on all SQL servers connected to the selected workspace. The protection will be fully active after the first restart of the SQL Server instance.
 

articles/defender-for-cloud/enhanced-security-features-overview.md

@@ -6,7 +6,7 @@ ms.author: memildin
 manager: rkarlin
 ms.service: security-center
 ms.topic: overview
-ms.date: 11/09/2021
+ms.date: 11/14/2021
 ---
 
 # Microsoft Defender for Cloud's enhanced security features
@@ -33,7 +33,7 @@ Defender for Cloud is offered in two modes:
     - **Hybrid security** – Get a unified view of security across all of your on-premises and cloud workloads. Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security standards. Collect, search, and analyze security data from multiple sources, including firewalls and other partner solutions.
     - **Threat protection alerts** - Advanced behavioral analytics and the Microsoft Intelligent Security Graph provide an edge over evolving cyber-attacks. Built-in behavioral analytics and machine learning can identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. Streamline investigation with interactive tools and contextual threat intelligence.
     - **Track compliance with a range of standards** - Defender for Cloud continuously assesses your hybrid cloud environment to analyze the risk factors according to the controls and best practices in [Azure Security Benchmark](/security/benchmark/azure/introduction). When you enable the enhanced security features, you can apply a range of other industry standards, regulatory standards, and benchmarks according to your organization's needs. Add standards and track your compliance with them from the [regulatory compliance dashboard](update-regulatory-compliance-packages.md).
-    - **Access and application controls** - Block malware and other unwanted applications by applying machine learning powered recommendations adapted to your specific workloads to create allow and deny lists. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs. Access and application controls drastically reduce exposure to brute force and other network attacks.
+    - **Access and application controls** - Block malware and other unwanted applications by applying machine learning powered recommendations adapted to your specific workloads to create allow and blocklists. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs. Access and application controls drastically reduce exposure to brute force and other network attacks.
     - **Container security features** - Benefit from vulnerability management and real-time threat protection on your containerized environments. When enabling the **Microsoft Defender for container registries**, it may take up to 12 hrs until all the features are enabled. Charges are based on the number of unique container images pushed to your connected registry. After an image has been scanned once, you won't be charged for it again unless it's modified and pushed once more.
     - **Breadth threat protection for resources connected to the Azure environment** - The enhanced security features include Azure-native breadth threat protection for the Azure services common to all of your resources: Azure Resource Manager, Azure DNS, Azure network layer, and Azure Key Vault. Defender for Cloud has unique visibility into the Azure management layer and the Azure DNS layer, and can therefore protect cloud resources that are connected to those layers.
 
@@ -114,13 +114,12 @@ Yes. If you've configured your Log Analytics agent to send data to two or more d
 Yes. If you've configured your Log Analytics agent to send data to two or more different Log Analytics workspaces (multi-homing), you'll get 500-MB free data ingestion. It's calculated per node, per reported workspace, per day, and available for every workspace that has a 'Security' or 'AntiMalware' solution installed. You'll be charged for any data ingested over the 500-MB limit.
 
 ### Is the 500-MB free data ingestion calculated for an entire workspace or strictly per machine?
-You’ll get 500-MB free data ingestion per day, for every machine connected to the workspace. Specifically for security data types directly collected by Defender for Cloud.
+You’ll get 500-MB free data ingestion per day, for every Windows machine connected to the workspace. Specifically for security data types directly collected by Defender for Cloud. 
 
 This data is a daily rate averaged across all nodes. So even if some machines send 100-MB and others send 800-MB, if the total doesn’t exceed the **[number of machines] x 500-MB** free limit, you won’t be charged extra.
 
 ### What data types are included in the 500-MB data daily allowance?
-
-Defender for Cloud's billing is closely tied to the billing for Log Analytics. [Microsoft Defender for servers](defender-for-servers-introduction.md) provides a 500 MB/node/day allocation against the following subset of [security data types](/azure/azure-monitor/reference/tables/tables-category#security):
+Defender for Cloud's billing is closely tied to the billing for Log Analytics. [Microsoft Defender for servers](defender-for-servers-introduction.md) provides a 500 MB/node/day allocation for Windows machines against the following subset of [security data types](/azure/azure-monitor/reference/tables/tables-category#security):
 - SecurityAlert
 - SecurityBaseline
 - SecurityBaselineSummary

articles/defender-for-cloud/faq-azure-monitor-logs.yml

@@ -3,16 +3,12 @@ metadata:
   title: 'Microsoft Defender for Cloud FAQ - questions about existing Log Analytics agents'
   description: This FAQ answers questions for customers already using the Log Analytics agent and considering Microsoft Defender for Cloud, a product that helps you prevent, detect, and respond to threats.
   services: security-center
-  documentationcenter: na
   author: memildin
   manager: rkarlin
   ms.assetid: be2ab6d5-72a8-411f-878e-98dac21bc5cb
   ms.service: security-center
-  ms.devlang: na
   ms.topic: conceptual
-  ms.tgt_pltfrm: na
-  ms.workload: na
-  ms.date: 11/09/2021
+  ms.date: 11/14/2021
   ms.author: memildin
 
 
@@ -35,10 +31,10 @@ sections:
       - question: |
           Does Defender for Cloud install solutions on my existing Log Analytics workspaces? What are the billing implications?
         answer: |
-          When Defender for Cloud identifies that a VM is already connected to a workspace you created, Defender for Cloud enables solutions on this workspace according to your pricing configuration. The solutions are applied only to the relevant Azure VMs, via [solution targeting](../azure-monitor/insights/solution-targeting.md), so the billing remains the same.
+          When Defender for Cloud identifies that a VM is already connected to a workspace you created, Defender for Cloud enables solutions on this workspace according to your pricing configuration. The solutions are applied only to the relevant resources, via [solution targeting](../azure-monitor/insights/solution-targeting.md), so the billing remains the same.
           
-          - **Azure Defender off** – Defender for Cloud installs the "SecurityCenterFree" solution on the workspace. You won't be billed.
-          - **Azure Defender on** – Defender for Cloud installs the 'Security' solution on the workspace.
+          - **Enhanced security off** – Defender for Cloud installs the "SecurityCenterFree" solution on the workspace. You won't be billed.
+          - **Enable all Microsoft Defender plans** – Defender for Cloud installs the 'Security' solution on the workspace.
           
              ![Solutions on default workspace](./media/platform-migration-faq/solutions.png)
           
@@ -52,4 +48,4 @@ sections:
       - question: |
           I already have security solution on my workspaces. What are the billing implications?
         answer: |
-          The Security & Audit solution is used to enable **Microsoft Defender for servers**. If the Security & Audit solution is already installed on a workspace, Defender for Cloud uses the existing solution. There is no change in billing.
+          The Security & Audit solution is used to enable **Microsoft Defender for servers**. If the Security & Audit solution is already installed on a workspace, Defender for Cloud uses the existing solution. There is no change in billing.

articles/defender-for-cloud/sql-information-protection-policy.md

@@ -37,7 +37,7 @@ The information protection policy options within Defender for Cloud provide a pr
 
 There are three ways to access the information protection policy:
 
-- **(Recommended)** From the pricing and settings page of Defender for Cloud
+- **(Recommended)** From the **Environment settings** page of Defender for Cloud
 - From the security recommendation "Sensitive data in your SQL databases should be classified"
 - From the Azure SQL DB data discovery page
 
@@ -47,9 +47,9 @@ Each of these is shown in the relevant tab below.
 
 ### [**From Defender for Cloud's settings**](#tab/sqlip-tenant)
 
-### Access the policy from Defender for Cloud's pricing and settings page <a name="sqlip-tenant"></a>
+### Access the policy from Defender for Cloud's environment settings page <a name="sqlip-tenant"></a>
 
-From Defender for Cloud's **pricing and settings** page, select **SQL information protection**.
+From Defender for Cloud's **Environment settings** page, select **SQL information protection**.
 
 > [!NOTE]
 > This option only appears for users with tenant-level permissions. [Grant tenant-wide permissions to yourself](tenant-wide-permissions-management.md#grant-tenant-wide-permissions-to-yourself).