MicrosoftDocs
diff --git a/‎articles/defender-for-cloud/asset-inventory.md
Lines changed: 22 additions & 31 deletions b/‎articles/defender-for-cloud/asset-inventory.md
Lines changed: 22 additions & 31 deletions
diff --git a/‎articles/defender-for-cloud/continuous-export.md
Lines changed: 10 additions & 10 deletions b/‎articles/defender-for-cloud/continuous-export.md
Lines changed: 10 additions & 10 deletions
diff --git a/‎articles/defender-for-cloud/defender-for-cloud-introduction.md
Lines changed: 1 addition & 1 deletion b/‎articles/defender-for-cloud/defender-for-cloud-introduction.md
Lines changed: 1 addition & 1 deletion
@@ -1,30 +1,23 @@
 ---
-title: Microsoft Defender for Cloud's asset inventory  
+title: Using the asset inventory to view your security posture with Microsoft Defender for Cloud
 description: Learn about Microsoft Defender for Cloud's asset management experience providing full visibility over all your Defender for Cloud monitored resources.
-ms.date: 11/14/2022
+ms.date: 01/03/2023
 ms.topic: how-to
 ms.author: benmansheim
 author: bmansheim
 ---
 # Use asset inventory to manage your resources' security posture
 
-The asset inventory page of Microsoft Defender for Cloud provides a single page for viewing the security posture of the resources you've connected to Microsoft Defender for Cloud.
-
-Defender for Cloud periodically analyzes the security state of resources connected to your subscriptions to identify potential security vulnerabilities. It then provides you with recommendations on how to remediate those vulnerabilities.
-
-When any resource has outstanding recommendations, they'll appear in the inventory.
+The asset inventory page of Microsoft Defender for Cloud shows the [security posture](concept-cloud-security-posture-management.md) of the resources you've connected to Defender for Cloud. Defender for Cloud periodically analyzes the security state of resources connected to your subscriptions to identify potential security issues and provides you with active recommendations. Active recommendations are recommendations that can be resolved to improve your security posture.
 
 Use this view and its filters to address such questions as:
 
-- Which of my subscriptions with enhanced security features enabled have outstanding recommendations?
+- Which of my subscriptions with [Defender plans](defender-for-cloud-introduction.md#cwp---identify-unique-workload-security-requirements) enabled have outstanding recommendations?
 - Which of my machines with the tag 'Production' are missing the Log Analytics agent?
 - How many of my machines tagged with a specific tag have outstanding recommendations?
 - Which machines in a specific resource group have a known vulnerability (using a CVE number)?
 
-The asset management possibilities for this tool are substantial and continue to grow.
-
-> [!TIP]
-> The security recommendations on the asset inventory page are the same as those on the **Recommendations** page, but here they're shown according to the affected resource. For information about how to resolve recommendations, see [Implementing security recommendations in Microsoft Defender for Cloud](review-security-recommendations.md).
+The security recommendations on the asset inventory page are also shown in the **Recommendations** page, but here they're shown according to the affected resource. Learn more about [implementing security recommendations](review-security-recommendations.md).
 
 ## Availability
 
@@ -33,7 +26,7 @@ The asset management possibilities for this tool are substantial and continue to
 |Release state:|General availability (GA)|
 |Pricing:|Free<br> Some features of the inventory page, such as the [software inventory](#access-a-software-inventory) require paid solutions to be in-place|
 |Required roles and permissions:|All users|
-|Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Azure China 21Vianet) <br> <br> Software inventory is not currently supported in national clouds.|
+|Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Azure China 21Vianet) <br> <br> Software inventory isn't currently supported in national clouds.|
 
 
 ## What are the key features of asset inventory?
@@ -47,13 +40,13 @@ The inventory page provides the following tools:
 Before you define any filters, a prominent strip of values at the top of the inventory view shows:
 
 - **Total resources**: The total number of resources connected to Defender for Cloud.
-- **Unhealthy resources**: Resources with active security recommendations. [Learn more about security recommendations](review-security-recommendations.md).
+- **Unhealthy resources**: Resources with active security recommendations that you can implement. [Learn more about implementing security recommendations](review-security-recommendations.md).
 - **Unmonitored resources**: Resources with agent monitoring issues - they have the Log Analytics agent deployed, but the agent isn't sending data or has other health issues.
-- **Unregistered subscriptions**: Any subscription in the selected scope that haven't yet been connected to Microsoft Defender for Cloud.
+- **Unregistered subscriptions**: Any subscription in the selected scope that hasn't yet been connected to Microsoft Defender for Cloud.
 
 ### 2 - Filters
 
-The multiple filters at the top of the page provide a way to quickly refine the list of resources according to the question you're trying to answer. For example, if you wanted to answer the question *Which of my machines with the tag 'Production' are missing the Log Analytics agent?* you could combine the **Agent monitoring** filter with the **Tags** filter.
+The multiple filters at the top of the page provide a way to quickly refine the list of resources according to the question you're trying to answer. For example, if you wanted to know which of your machines with the tag 'Production' are missing the Log Analytics agent, you can filter the list for **Agent monitoring**:"Not installed" and **Tags**:"Production".
 
 As soon as you've applied filters, the summary values are updated to relate to the query results.
 
@@ -72,19 +65,17 @@ As soon as you've applied filters, the summary values are updated to relate to t
 
 ## How does asset inventory work?
 
-Asset inventory utilizes [Azure Resource Graph (ARG)](../governance/resource-graph/index.yml), an Azure service that provides the ability to query Defender for Cloud's security posture data across multiple subscriptions.
+Asset inventory utilizes [Azure Resource Graph (ARG)](../governance/resource-graph/index.yml), an Azure service that lets you query Defender for Cloud's security posture data across multiple subscriptions.
 
 ARG is designed to provide efficient resource exploration with the ability to query at scale.
 
-Using the [Kusto Query Language (KQL)](/azure/data-explorer/kusto/query/), asset inventory can quickly produce deep insights by cross-referencing Defender for Cloud data with other resource properties.
+You can use [Kusto Query Language (KQL)](/azure/data-explorer/kusto/query/) in the asset inventory to quickly produce deep insights by cross-referencing Defender for Cloud data with other resource properties.
 
 ## How to use asset inventory
 
 1. From Defender for Cloud's sidebar, select **Inventory**.
 
-1. Use the **Filter by name** box to display a specific resource, or use the filters as described below.
-
-1. Select the relevant options in the filters to create the specific query you want to perform.
+1. Use the **Filter by name** box to display a specific resource, or use the filters to focus on specific resources.
 
     By default, the resources are sorted by the number of active security recommendations.
 
@@ -104,12 +95,12 @@ Using the [Kusto Query Language (KQL)](/azure/data-explorer/kusto/query/), asset
 
 1. <a id="onoffpartial"></a>To use the **Defender for Cloud** filter, select one or more options (Off, On, or Partial):
 
-    - **Off** - Resources that aren't protected by a Microsoft Defender plan. You can right-click on any of these and upgrade them:
+    - **Off** - Resources not protected by a Microsoft Defender plan. You can right-click on the resources and upgrade them:
 
         :::image type="content" source="./media/asset-inventory/upgrade-resource-inventory.png" alt-text="Upgrade a resource to be protected by the relevant Microsoft Defender plan via right-click." lightbox="./media/asset-inventory/upgrade-resource-inventory.png":::
 
-    - **On** - Resources that are protected by a Microsoft Defender plan
-    - **Partial** - This applies to **subscriptions** that have some but not all of the Microsoft Defender plans disabled. For example, the following subscription has seven Microsoft Defender plans disabled.
+    - **On** - Resources protected by a Microsoft Defender plan
+    - **Partial** - **Subscriptions** with some but not all of the Microsoft Defender plans disabled. For example, the following subscription has seven Microsoft Defender plans disabled.
 
         :::image type="content" source="./media/asset-inventory/pricing-tier-partial.png" alt-text="Subscription partially protected by Microsoft Defender plans.":::
 
@@ -134,9 +125,9 @@ If you've already enabled the integration with Microsoft Defender for Endpoint a
 :::image type="content" source="media/asset-inventory/software-inventory-filters.gif" alt-text="If you've enabled the threat and vulnerability solution, Defender for Cloud's asset inventory offers a filter to select resources by their installed software.":::
 
 > [!NOTE]
-> The "Blank" option shows machines without Microsoft Defender for Endpoint (or without Microsoft Defender for Servers).
+> The "Blank" option shows machines without Microsoft Defender for Endpoint or without Microsoft Defender for Servers.
 
-As well as the filters in the asset inventory page, you can explore the software inventory data from Azure Resource Graph Explorer.
+Besides the filters in the asset inventory page, you can explore the software inventory data from Azure Resource Graph Explorer.
 
 Examples of using Azure Resource Graph Explorer to access and explore software inventory data:
 
@@ -195,17 +186,17 @@ Examples of using Azure Resource Graph Explorer to access and explore software i
 
 ## FAQ - Inventory
 
-### Why aren't all of my subscriptions, machines, storage accounts, etc. shown?
+### Why aren't all of my resources shown, such as subscriptions, machines, storage accounts?
 
-The inventory view lists your Defender for Cloud connected resources from a Cloud Security Posture Management (CSPM) perspective. The filters don't return every resource in your environment; only the ones with outstanding (or 'active') recommendations.
+The inventory view lists your Defender for Cloud connected resources from a Cloud Security Posture Management (CSPM) perspective. The filters show only the resources with active recommendations.
 
-For example, the following screenshot shows a user with access to 8 subscriptions but only 7 currently have recommendations. So when they filter by **Resource type = Subscriptions**, only those 7 subscriptions with active recommendations appear in the inventory:
+For example, if you have access to eight subscriptions but only seven currently have recommendations, filter by **Resource type = Subscriptions** shows only the seven subscriptions with active recommendations:
 
-:::image type="content" source="./media/asset-inventory/filtered-subscriptions-some.png" alt-text="Not all subs returned when there are no active recommendations." lightbox="./media/asset-inventory/filtered-subscriptions-some.png":::
+:::image type="content" source="./media/asset-inventory/filtered-subscriptions-some.png" alt-text="Not all subscriptions returned when there are no active recommendations." lightbox="./media/asset-inventory/filtered-subscriptions-some.png":::
 
 ### Why do some of my resources show blank values in the Defender for Cloud or monitoring agent columns?
 
-Not all Defender for Cloud monitored resources have agents. For example, Azure Storage accounts or PaaS resources such as disks, Logic Apps, Data Lake Analysis, and Event Hub don't need agents to be monitored by Defender for Cloud.
+Not all Defender for Cloud monitored resources require agents. For example, Defender for Cloud doesn't require agents to monitor Azure Storage accounts or PaaS resources, such as disks, Logic Apps, Data Lake Analysis, and Event Hubs.
 
 When pricing or agent monitoring isn't relevant for a resource, nothing will be shown in those columns of inventory.
 
 
@@ -28,7 +28,7 @@ This article describes how to configure continuous export to Log Analytics works
 |----|:----|
 |Release state:|General availability (GA)|
 |Pricing:|Free|
-|Required roles and permissions:|<ul><li>**Security admin** or **Owner** on the resource group</li><li>Write permissions for the target resource.</li><li>If you're using the Azure Policy 'DeployIfNotExist' policies described below, you'll also need permissions for assigning policies</li><li>To export data to Event Hubs, you'll need Write permission on the Event Hubs Policy.</li><li>To export to a Log Analytics workspace:<ul><li>if it **has the SecurityCenterFree solution**, you'll need a minimum of read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read`</li><li>if it **doesn't have the SecurityCenterFree solution**, you'll need write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action`</li><li>Learn more about [Azure Monitor and Log Analytics workspace solutions](../azure-monitor/insights/solutions.md)</li></ul></li></ul>|
+|Required roles and permissions:|<ul><li>**Security admin** or **Owner** on the resource group</li><li>Write permissions for the target resource.</li><li>If you're using the [Azure Policy 'DeployIfNotExist' policies](#configure-continuous-export-at-scale-using-the-supplied-policies), you'll also need permissions for assigning policies</li><li>To export data to Event Hubs, you'll need Write permission on the Event Hubs Policy.</li><li>To export to a Log Analytics workspace:<ul><li>if it **has the SecurityCenterFree solution**, you'll need a minimum of read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read`</li><li>if it **doesn't have the SecurityCenterFree solution**, you'll need write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action`</li><li>Learn more about [Azure Monitor and Log Analytics workspace solutions](../azure-monitor/insights/solutions.md)</li></ul></li></ul>|
 |Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Azure China 21Vianet)|
 
 ## What data types can be exported?
@@ -47,13 +47,13 @@ Continuous export can export the following data types whenever they change:
 
 ## Set up a continuous export 
 
-You can configure continuous export from the Microsoft Defender for Cloud pages in Azure portal, via the REST API, or at scale using the supplied Azure Policy templates. Select the appropriate tab below for details of each.
+You can configure continuous export from the Microsoft Defender for Cloud pages in Azure portal, via the REST API, or at scale using the supplied Azure Policy templates.
 
 ### [**Use the Azure portal**](#tab/azure-portal)
 
 ### Configure continuous export from the Defender for Cloud pages in Azure portal
 
-The steps below are necessary whether you're setting up a continuous export to Log Analytics or Azure Event Hubs.
+If you're setting up a continuous export to Log Analytics or Azure Event Hubs:
 
 1. From Defender for Cloud's menu, open **Environment settings**.
 
@@ -82,9 +82,9 @@ The steps below are necessary whether you're setting up a continuous export to L
 
     :::image type="content" source="./media/continuous-export/include-security-findings-toggle.png" alt-text="Include security findings toggle in continuous export configuration." :::
 
-1. From the "Export target" area, choose where you'd like the data saved. Data can be saved in a target of a different subscription (for example on a Central Event Hub instance or a central Log Analytics workspace).
+1. From the "Export target" area, choose where you'd like the data saved. Data can be saved in a target of a different subscription (for example, on a Central Event Hubs instance or a central Log Analytics workspace).
 
-    You can also send the data to an [Event hub or Log Analytics workspace in a different tenant](#export-data-to-an-azure-event-hub-or-log-analytics-workspace-in-another-tenant).
+    You can also send the data to an [Event hubs or Log Analytics workspace in a different tenant](#export-data-to-an-azure-event-hub-or-log-analytics-workspace-in-another-tenant).
 
 1. Select **Save**.
 
@@ -97,11 +97,11 @@ The steps below are necessary whether you're setting up a continuous export to L
 
 Continuous export can be configured and managed via the Microsoft Defender for Cloud [automations API](/rest/api/defenderforcloud/automations). Use this API to create or update rules for exporting to any of the following possible destinations:
 
-- Azure Event Hub
+- Azure Event Hubs
 - Log Analytics workspace
 - Azure Logic Apps
 
-You can also send the data to an [Event hub or Log Analytics workspace in a different tenant](#export-data-to-an-azure-event-hub-or-log-analytics-workspace-in-another-tenant).
+You can also send the data to an [Event Hubs or Log Analytics workspace in a different tenant](#export-data-to-an-azure-event-hub-or-log-analytics-workspace-in-another-tenant).
 
 Here are some examples of options that you can only use in the API:
 
@@ -120,11 +120,11 @@ Here are some examples of options that you can only use in the API:
 
 Automating your organization's monitoring and incident response processes can greatly improve the time it takes to investigate and mitigate security incidents.
 
-To deploy your continuous export configurations across your organization, use the supplied Azure Policy 'DeployIfNotExist' policies described below to create and configure continuous export procedures.
+To deploy your continuous export configurations across your organization, use the supplied Azure Policy 'DeployIfNotExist' policies to create and configure continuous export procedures.
 
 **To implement these policies**
 
-1. From the table below, select the policy you want to apply:
+1. Select the policy you want to apply from this table:
 
     |Goal  |Policy  |Policy ID  |
     |---------|---------|---------|
@@ -248,7 +248,7 @@ Continuous export can be helpful in to prepare for BCDR scenarios where the targ
 
 Learn more in [Azure Event Hubs - Geo-disaster recovery](../event-hubs/event-hubs-geo-dr.md).
 
-### What is the minimum SAS policy permissions required when exporting data to Azure Event Hub?
+### What is the minimum SAS policy permissions required when exporting data to Azure Event Hubs?
 
 **Send** is the minimum SAS policy permissions required. For step-by-step instructions, see **Step 1. Create an Event Hubs namespace and event hub with send permissions** in [this article](./export-to-splunk-or-qradar.md#step-1-create-an-event-hubs-namespace-and-event-hub-with-send-permissions).
 
 
@@ -10,7 +10,7 @@ ms.date: 10/04/2022
 
 Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises:
 
-:::image type="content" source="media/defender-for-cloud-introduction/defender-for-cloud-synopsis.png" alt-text="Understanding the core functionality of Microsoft Defender for Cloud.":::
+:::image type="content" source="media/defender-for-cloud-introduction/defender-for-cloud-synopsis.png" alt-text="Diagram that shows the core functionality of Microsoft Defender for Cloud.":::
 
 - [**Defender for Cloud secure score**](secure-score-security-controls.md) **continually assesses** your security posture so you can track new security opportunities and precisely report on the progress of your security efforts.
 - [**Defender for Cloud recommendations**](security-policy-concept.md) **secures** your workloads with step-by-step actions that protect your workloads from known security risks.