Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into wi-206789-container-qualys-retirement-feb7-2024

Author: David Curwin

articles/defender-for-cloud/enable-adaptive-application-controls.md

@@ -1,6 +1,6 @@
 ---
 title: Enable and manage adaptive application controls
-description: This document helps you enable and manage adaptive application control in Microsoft Defender for Cloud to create an allowlist of applications running for Azure machines.
+description: Learn how to enable and manage adaptive application control in Microsoft Defender for Cloud to create an allowlist of applications running for Azure machines.
 author: dcurwin
 ms.author: dacurwin
 ms.topic: how-to
@@ -45,7 +45,7 @@ Select the recommendation, or open the adaptive application controls page to vie
 
 1. Open the **Recommended** tab. The groups of machines with recommended allowlists appear.
 
-   :::image type="content" source="media/enable-adaptive-application-controls/adaptive-application-recommended-tab.png" alt-text="Screenshot that shows you where on the screen the recommendation tab is."::: 
+   :::image type="content" source="media/enable-adaptive-application-controls/adaptive-application-recommended-tab.png" alt-text="Screenshot that shows you where on the screen the recommendation tab is.":::
 
 1. Select a group.
 
@@ -82,7 +82,7 @@ To edit the rules for a group of machines:
 
    1. Select **Add rule**.
 
-    :::image type="content" source="media/enable-adaptive-application-controls/adaptive-application-add-custom-rule.png" alt-text="Screenshot that showsyou where the add rule button is located.":::
+    :::image type="content" source="media/enable-adaptive-application-controls/adaptive-application-add-custom-rule.png" alt-text="Screenshot that shows you where the add rule button is located.":::
 
    1. If you're defining a known safe path, change the **Rule type** to 'Path' and enter a single path. You can include wildcards in the path. The following screens show some examples of how to use wildcards.
 
@@ -134,7 +134,7 @@ To remediate the issues:
 
 1. To investigate further, select a group.
 
-    :::image type="content" source="media/enable-adaptive-application-controls/recent-alerts.png" alt-text="Screenshot showing recent alerts.":::
+    :::image type="content" source="media/enable-adaptive-application-controls/recent-alerts.png" alt-text="Screenshot showing recent alerts in Configured tab.":::
 
 1. For further details, and the list of affected machines, select an alert.
 
@@ -180,10 +180,10 @@ Some of the functions available from the REST API include:
    >
    > Remove the following properties before using the JSON in the **Put** request: recommendationStatus, configurationStatus, issues, location, and sourceSystem.
 
-## Next steps
+## Related content
 
 On this page, you learned how to use adaptive application control in Microsoft Defender for Cloud to define allowlists of applications running on your Azure and non-Azure machines. To learn more about some other cloud workload protection features, see:
 
 - [Understanding just-in-time (JIT) VM access](just-in-time-access-overview.md)
 - [Securing your Azure Kubernetes clusters](defender-for-kubernetes-introduction.md)
-- View common question about [Adaptive application controls](faq-defender-for-servers.yml)
+- View common question about [Adaptive application controls](faq-defender-for-servers.yml)

articles/defender-for-cloud/enable-agentless-scanning-vms.md

@@ -37,6 +37,7 @@ When you enable [Defender Cloud Security Posture Management (CSPM)](concept-clou
 If you have Defender for Servers P2 already enabled and agentless scanning is turned off, you need to turn on agentless scanning manually.
 
 You can enable agentless scanning on
+
 - [Azure](#agentless-vulnerability-assessment-on-azure)
 - [AWS](#agentless-vulnerability-assessment-on-aws)
 - [GCP](#enable-agentless-scanning-in-gcp)
@@ -58,7 +59,7 @@ You can enable agentless scanning on
 
 1. In the settings pane, turn on **Agentless scanning for machines**.
 
-   :::image type="content" source="media/enable-vulnerability-assessment-agentless/turn-on-agentles-scanning-azure.png" alt-text="Screenshot of settings and monitoring screen to turn on agentless scanning." lightbox="media/enable-vulnerability-assessment-agentless/turn-on-agentles-scanning-azure.png":::
+   :::image type="content" source="media/enable-vulnerability-assessment-agentless/turn-on-agentless-scanning-azure.png" alt-text="Screenshot of settings and monitoring screen to turn on agentless scanning." lightbox="media/enable-vulnerability-assessment-agentless/turn-on-agentless-scanning-azure.png":::
 
 1. Select **Save**.
 
@@ -90,23 +91,23 @@ After you enable agentless scanning, software inventory and vulnerability inform
 
 ### Enable agentless scanning in GCP
 
-1. In Defender for Cloud, select **Environment settings**. 
-1. Select the relevant project or organization. 
-1. For either the Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2 plan, select  **Settings**. 
+1. In Defender for Cloud, select **Environment settings**.
+1. Select the relevant project or organization.
+1. For either the Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2 plan, select  **Settings**.
 
     :::image type="content" source="media/enable-agentless-scanning-vms/gcp-select-plan.png" alt-text="Screenshot that shows where to select the plan for GCP projects." lightbox="media/enable-agentless-scanning-vms/gcp-select-plan.png":::
 
 1. Toggle Agentless scanning to **On**.
 
     :::image type="content" source="media/enable-agentless-scanning-vms/gcp-select-agentless.png" alt-text="Screenshot that shows where to select agentless scanning." lightbox="media/enable-agentless-scanning-vms/gcp-select-agentless.png":::
 
-1. Select **Save and Next: Configure Access**. 
+1. Select **Save and Next: Configure Access**.
 1. Copy the onboarding script.
 1. Run the onboarding script in the GCP organization/project scope (GCP portal or gcloud CLI).
-1. Select  **Next: Review and generate**. 
-1. Select  **Update**. 
+1. Select  **Next: Review and generate**.
+1. Select  **Update**.
 
-##  Test the agentless malware scanner's deployment
+## Test the agentless malware scanner's deployment
 
 Security alerts appear on the portal only in cases where threats are detected on your environment. If you do not have any alerts it may be because there are no threats on your environment. You can test to see that the device is properly onboarded and reporting to Defender for Cloud by creating a test file.
 
@@ -167,37 +168,35 @@ The alert `MDC_Test_File malware was detected (Agentless)` will appear within 24
 
 1. Execute the following script.
 
-
 ```powershell
 # Virus test string
 $TEST_STRING = '$$89-barbados-dublin-damascus-notice-pulled-natural-31$$'
- 
+
 # File to be created
 $FILE_PATH = "C:\temp\virus_test_file.txt"
- 
+
 # Create "temp" directory if it does not exist
 $DIR_PATH = "C:\temp"
 if (!(Test-Path -Path $DIR_PATH)) {
-    New-Item -ItemType Directory -Path $DIR_PATH
+   New-Item -ItemType Directory -Path $DIR_PATH
 }
- 
+
 # Write the test string to the file without a trailing newline
 [IO.File]::WriteAllText($FILE_PATH, $TEST_STRING)
- 
+
 # Check if the file was created and contains the correct string
 if (Test-Path -Path $FILE_PATH) {
-    $content = [IO.File]::ReadAllText($FILE_PATH)
-    if ($content -eq $TEST_STRING) {
-        Write-Host "Test file created and validated successfully."
-    } else {
-        Write-Host "Test file does not contain the correct string."
-    }
+    $content = [IO.File]::ReadAllText($FILE_PATH)
+    if ($content -eq $TEST_STRING) {
+      Write-Host "Test file created and validated successfully."
+    } else {
+       Write-Host "Test file does not contain the correct string."
+    }
 } else {
-    Write-Host "Failed to create test file."
+    Write-Host "Failed to create test file."
 }
 ```
 
-
 The alert `MDC_Test_File malware was detected (Agentless)` will appear within 24 hours in the Defender for Cloud Alerts page and in the Defender XDR portal.
 
 :::image type="content" source="media/enable-agentless-scanning-vms/test-alert.jpg" alt-text="Screenshot of the test alert that appears in Defender for Cloud for Windows with because of the PowerShell script." lightbox="media/enable-agentless-scanning-vms/test-alert.jpg":::
@@ -221,7 +220,7 @@ Agentless scanning applies to all of the eligible machines in the subscription.
 
 1. Select **Save**.
 
-## Next steps
+## Related content
 
 Learn more about:
 

articles/defender-for-cloud/enable-defender-for-endpoint.md

@@ -304,10 +304,8 @@ To remove the Defender for Endpoint solution from your machines:
 
 1. Follow the steps in [Offboard devices from the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/offboard-machines) from the Defender for Endpoint documentation.
 
-## Next steps
+## Related content
 
 - [Platforms and features supported by Microsoft Defender for Cloud](security-center-os-coverage.md)
 - [Learn how recommendations help you protect your Azure resources](review-security-recommendations.md)
 - View common question about the [Defender for Cloud integration with Microsoft Defender for Endpoint](faq-defender-for-servers.yml)
-
-

articles/defender-for-cloud/media/enable-vulnerability-assessment-agentless/turn-on-agentles-scanning-azure.png renamed to articles/defender-for-cloud/media/enable-vulnerability-assessment-agentless/turn-on-agentless-scanning-azure.png

@@ -1,6 +1,6 @@
 ---
 title: Protect your resources with Defender CSPM plan on your subscription
-description: Learn how to enable Defender CSPM on your Azure subscription for Microsoft Defender for Cloud.
+description: Learn how to enable Defender CSPM on your Azure subscription for Microsoft Defender for Cloud and enhance your security posture.
 ms.topic: install-set-up-deploy
 ms.date: 09/05/2023
 ---
@@ -11,7 +11,7 @@ Defender Cloud Security Posture Management (CSPM) in Microsoft Defender for Clou
 
 Defender for Cloud continually assesses your resources, subscriptions, and organization for security issues. Defender for Cloud shows you your security posture with the secure score. The secure score is an aggregated score of the security findings that tells you your current security situation. The higher the score, the lower the identified risk level.
 
-When you enable Defender for Cloud, you automatically enable the **Foundational CSPM capabilities**. these capabilities are part of the free services offered by Defender for Cloud.
+When you enable Defender for Cloud, you automatically enable the **Foundational CSPM capabilities**. These capabilities are part of the free services offered by Defender for Cloud.
 
 You have the ability to enable the **Defender CSPM** plan, which offers extra protections for your environments such as governance, regulatory compliance, cloud security explorer, attack path analysis and agentless scanning for machines.
 
@@ -58,10 +58,12 @@ Once the Defender CSPM plan is enabled on your subscription, you have the abilit
 
 - **Agentless discovery for Kubernetes**: API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, risk hunting as part of the cloud security explorer. This extension is required for attack path analysis (Defender CSPM only).
 
-- **Container registries vulnerability assessments**: Provides vulnerability management for images stored in your container registries.
+- **Agentless container vulnerability assessments**: Provides vulnerability management for images stored in your container registries.
 
 - **Sensitive data discovery**: Sensitive data discovery automatically discovers managed cloud data resources containing sensitive data at scale. This feature accesses your data, it is agentless, uses smart sampling scanning, and integrates with Microsoft Purview sensitive information types and labels.
 
+- **Permissions Management (Preview)** - Insights into Cloud Infrastructure Entitlement Management (CIEM). CIEM ensures appropriate and secure identities and access rights in cloud environments. It helps understand access permissions to cloud resources and associated risks. Setup and data collection may take up to 24 hours.
+
 **To enable the components of the Defender CSPM plan**:
 
 1. On the Defender plans page, select **Settings**.

articles/defender-for-cloud/media/tutorial-enable-cspm-plan/cspm-configuration.png

@@ -215,6 +215,9 @@ The following instructions apply for public **Azure Commercial clouds** only. Fo
 
 1. Edit the new role's trust policy and add another condition:<br>`"sts:RoleSessionName": "MicrosoftSentinel_{WORKSPACE_ID)"`
 
+   > [!IMPORTANT]
+   > The value of the `sts:RoleSessionName` parameter must have the exact prefix `MicrosoftSentinel_`, otherwise the connector will not function properly.
+
    The finished trust policy should look like this:
 
    ```json

articles/defender-for-cloud/tutorial-enable-cspm-plan.md

@@ -2,9 +2,9 @@
 title: Enable entity behavior analytics to detect advanced threats
 description: Enable User and Entity Behavior Analytics in Microsoft Sentinel, and configure data sources
 author: yelevin
+ms.author: yelevin
 ms.topic: how-to
 ms.date: 07/05/2023
-ms.author: yelevin
 ---
 
 # Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel 
@@ -67,4 +67,4 @@ To enable or disable this feature (these prerequisites are not required to use t
 In this article, you learned how to enable and configure User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel. For more information about UEBA:
 
 > [!div class="nextstepaction"]
->>[Configure data retention and archive](configure-data-retention-archive.md)
+>>[Investigate entities with entity pages](entity-pages.md)