MicrosoftDocs
diff --git a/‎articles/defender-for-cloud/TOC.yml
Lines changed: 21 additions & 7 deletions b/‎articles/defender-for-cloud/TOC.yml
Lines changed: 21 additions & 7 deletions
diff --git a/‎articles/defender-for-cloud/connect-servicenow.md
Lines changed: 58 additions & 0 deletions b/‎articles/defender-for-cloud/connect-servicenow.md
Lines changed: 58 additions & 0 deletions
diff --git a/‎articles/defender-for-cloud/create-governance-rule-servicenow.md
Lines changed: 68 additions & 0 deletions b/‎articles/defender-for-cloud/create-governance-rule-servicenow.md
Lines changed: 68 additions & 0 deletions
diff --git a/‎articles/defender-for-cloud/create-ticket-servicenow.md
Lines changed: 75 additions & 0 deletions b/‎articles/defender-for-cloud/create-ticket-servicenow.md
Lines changed: 75 additions & 0 deletions
diff --git a/‎articles/defender-for-cloud/critical-assets-protection.md
Lines changed: 91 additions & 0 deletions b/‎articles/defender-for-cloud/critical-assets-protection.md
Lines changed: 91 additions & 0 deletions
@@ -209,17 +209,26 @@
       - name: Integration with Defender EASM
         displayName: EASM, attack surface management
         href: concept-easm.md
-      - name: Enabling Permissions Management (Preview)
-        href: enable-permissions-management.md
+      - name: Critical assets protection
+        href: critical-assets-protection.md
       - name: Agentless machine scanning
         href: concept-agentless-data-collection.md
-      - name: Supported resource types for multicloud in Foundational CSPM
-        href: multicloud-resource-types-support-foundational-cspm.md  
       - name: Integrations
         items:  
-        - name: ServiceNow integration
-          displayName: CSPM, cloud security, posture, management, ServiceNow
-          href: integration-servicenow.md
+        - name: ServiceNow
+          items:
+          - name: ServiceNow integration with Defender for Cloud
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: integration-servicenow.md
+          - name: Connect ServiceNow to Defender for Cloud
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: connect-servicenow.md
+          - name: Create a ticket in Defender for Cloud 
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: create-ticket-servicenow.md
+          - name: Create automatic tickets with governance rules
+            displayName: CSPM, cloud security, posture, management, ServiceNow
+            href: create-governance-rule-servicenow.md
       - name: Common questions 
         displayName: questions, common, CSPM, agentless scanning, faq, frequently asked questions
         href: faq-cspm.yml
@@ -294,6 +303,8 @@
         - name: Integrate security solutions
           displayName: security, solutions, integrate, integrated, data sources
           href: partner-integration.md
+        - name: Enable Permissions Management
+          href: enable-permissions-management.md
     - name: Data-aware security posture
       items:
         - name: Enable data-aware security posture
@@ -636,6 +647,9 @@
       - name: Kubernetes data plane hardening
         displayName: k8s, containers, aks
         href: kubernetes-workload-protections.md
+      - name: Vulnerability assessment for Azure powered by Qualys (Deprecated)
+        displayName: ACR, registry, images, qualys
+        href: defender-for-containers-vulnerability-assessment-azure.md
       - name: Defender for Kubernetes (deprecated)
         displayName: clusters, k8s, aks
         href: defender-for-kubernetes-introduction.md
 
@@ -0,0 +1,58 @@
+---
+title: Connect ServiceNow to Defender for Cloud
+description: Learn how to connect ServiceNow with Microsoft Defender for Cloud to protect Azure, hybrid, and multicloud machines.
+author: dcurwin
+ms.author: dacurwin
+ms.topic: how-to
+ms.date: 03/11/2024
+ai-usage: ai-assisted
+#customer intent: As a user, I want to learn how to connect my ServiceNow account with Microsoft Defender for Cloud so that I can protect my Azure, hybrid, and multicloud machines.
+---
+
+# Connect ServiceNow to Defender for Cloud
+
+Microsoft Defender for Cloud's integration with ServiceNow allows customers to connect their Defender for Cloud accounts to ServiceNow. ServiceNow is a powerful workflow automation and enterprise solution that helps organizations streamline and automate routine tasks, improving operational efficiencies and increasing productivity. By integrating ServiceNow with Defender for Cloud, customers can prioritize the remediation of recommendations that affect their business. This integration allows you to create and view ServiceNow tickets linked to recommendations directly from Defender for Cloud, which facilitates efficient incident management.
+
+## Prerequisites
+
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+
+- Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
+
+- The following roles are required:
+    - To create the integration: Security Admin, Contributor, or Owner.
+
+## Connect ServiceNow to Defender for Cloud
+
+To connect a ServiceNow account to a Defender for Cloud account:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+
+1. Select **ServiceNow**.
+
+   :::image type="content" border="true" source="./media/connect-servicenow/integrations.png" alt-text="Screenshot of environment settings page that shows where to select the ServiceNow option.":::
+
+1. Select **Add integration** > **ServiceNow**.
+
+   :::image type="content" border="true" source="./media/connect-servicenow/add-servicenow.png" alt-text="Screenshot that shows where the add integration button is and the ServiceNow option." lightbox="media/connect-servicenow/add-servicenow.png":::
+
+1. Enter a name and select the scope.
+
+1. In the ServiceNow connection details, enter the instance URL, name, password, client ID, and client secret that you [created for the application registry](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html) in the ServiceNow portal.
+
+1. Select **Next**.
+
+1. Select Incident data, Problems data, and Changes table from the drop-down menus.
+
+   :::image type="content" border="true" source="./media/connect-servicenow/customize-fields.png" alt-text="Screenshot that shows the custom option selected and the accompanying fields you can enter information into.":::
+
+1. Select **Save**.
+
+A notice appears after successful creation of integration.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Create a ticket in Defender for Cloud](create-ticket-servicenow.md)
@@ -0,0 +1,68 @@
+---
+title: Create automatic tickets with governance rules
+description: Learn how to create a governance rule in Defender for Cloud that connects recommendations or severity levels to a specific owner.
+author: Elazark
+ms.author: elkrieger
+ms.topic: how-to
+ms.date: 03/11/2024
+ai-usage: ai-assisted
+#customer intent: As a user, I want to learn how to create automatic tickets using governance rules in Defender for Cloud that automatically assigns an owner to specific recommendation or a recommendation with a severity level in Defender for Cloud to my my ServiceNow account.
+---
+
+# Create automatic tickets with governance rules
+
+The integration of SeviceNow and Defender for Cloud allow you to create governance rules that automatically open tickets in SeviceNow for specific recommendations or severity levels. ServiceNow tickets can be created, viewed, and linked to recommendations directly from Defender for Cloud, enabling seamless collaboration between the two platforms and facilitating efficient incident management.
+
+## Prerequisites
+
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+
+- Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
+
+- The following roles are required:
+    - To create an assignment:  Admin permissions to ServiceNow.
+
+## Assign an owner with a governance rule
+
+You can create a rule to automatically assign an owner to a recommendation in Defender for Cloud. This rule is based on the recommendation's severity or recommendation.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+
+1. Select **Governance rules**.
+
+   :::image type="content" border="true" source="./media/integration-servicenow/governance-rules.png" alt-text="Screenshot of the environment settings page that shows where the governance rules button is located.":::
+
+1. Select **Create governance rule**.
+
+1. Enter a rule name and select a scope.
+
+1. Select **ServiceNow** In the Type field.
+
+1. Enter a priority.
+
+1. Select and integration instance.
+
+1. Select a ServiceNow ticket type.
+
+1. Select **Next**.
+
+1. Select either:
+    - **By Severity** and the severity level.
+    - **By recommendation** and the recommendation.
+
+1. Select an owner.
+
+1. Select a remediation timeframe.
+
+1. (Optional) Toggle the switch to apply a grace period.
+
+1. (Optional) Set email notifications.
+
+1. Select **Create**.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Common questions about cloud security posture management (CSPM)](faq-cspm.yml).
@@ -0,0 +1,75 @@
+---
+title: Create a ticket in Defender for Cloud 
+description: Learn how to create a ticket in Defender for Cloud that connects and synchronizes with your ServiceNow account.
+author: dcurwin
+ms.author: dacurwin
+ms.topic: how-to
+ms.date: 03/11/2024
+ai-usage: ai-assisted
+#customer intent: As a user, I want to learn how to Create a ticket in Defender for Cloud for my ServiceNow account.
+---
+
+# Create a ticket in Defender for Cloud 
+
+The integration between Defender for Cloud and ServiceNow allows Defender for Cloud customers to create tickets in Defender for Cloud that connects to a ServiceNow account. ServiceNow tickets are linked to recommendations directly from Defender for Cloud, allowing the two platforms to facilitate efficient incident management.
+
+## Prerequisites
+
+- Have an [application registry in ServiceNow](https://docs.servicenow.com/bundle/utah-employee-service-management/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html). 
+
+- Enable [Defender Cloud Security Posture Management (CSPM)](tutorial-enable-cspm-plan.md) on your Azure subscription.
+
+- The following roles are required:
+    - To create an assignment:  Admin permissions to ServiceNow.
+
+## Create a new ticket based on a recommendation to ServiceNow
+
+Security admins can create and assign tickets directly from the Defender for Cloud portal.
+
+1. Sign in to [the Azure portal](https://aka.ms/integrations).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Recommendations**.
+
+1. Select any recommendation with unhealthy resources that you want to create a ServiceNow ticket for and assign an owner to.
+
+1. Select the resource from the unhealthy resources and select **Assign owner**.
+
+   :::image type="content" border="true" source="./media/create-ticket-servicenow/create-assignment.png" alt-text="Screenshot of how to create an assignment." lightbox="media/create-ticket-servicenow/create-assignment.png":::
+
+1. In the Type field, select **ServiceNow**
+
+    :::image type="content" source="media/create-ticket-servicenow/type-servicenow.png" alt-text="Screenshot that shows the create assignment window and the type field where you select ServiceNow.":::
+
+1. Select the integration instance.
+
+1. Select the ticket type.
+
+   > [!NOTE]
+   > In ServiceNow, there are several types of tickets that can be used to manage and track different types of incidents, requests, and tasks. Only incident, change request, and problem are supported with this integration.
+
+   :::image type="content" border="true" source="./media/create-ticket-servicenow/assignment-type.png" alt-text="Screenshot of how to complete the assignment type.":::
+
+1. Expand the assignment details section.
+
+1. Complete the following fields:
+
+   - **Assigned to**: Choose the owner whom you would like to assign the affected recommendation to.
+   - **Caller**: Represents the user defining the assignment.
+   - **Description and Short Description**: Enter a description, and short description.
+   - **Remediation timeframe**: Select the remediation timeframe.
+   - **Apply Grace Period**: (Optional) apply a grace period.
+   - **Set Email Notifications**: (Optional) You can send a reminder to the owners or the owner’s direct manager.
+
+      :::image type="content" border="true" source="./media/create-ticket-servicenow/assignment-details.png" alt-text="Screenshot of how to complete the assignment details.":::
+
+1. Select **Create**.
+
+After the assignment is created, the Ticket ID assigned to this affected resource will appear next to the resource in the recommendation. The Ticket ID represents the ticket created in the ServiceNow portal. You can select the Ticket ID to navigate to the newly created incident in the ServiceNow portal.
+
+> [!NOTE]
+> When the integration is deleted, all of the assignments will be deleted. Deletion can take up to 24 hrs.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Assign an owner to a recommendation or severity level](create-governance-rule-servicenow.md)
@@ -0,0 +1,91 @@
+---
+title: Critical assets protection (Preview)
+description: Learn how to identify and protect your critical assets in Microsoft Defender for Cloud with Microsoft Security Exposure Management.
+ms.topic: conceptual
+ms.date: 03/03/2024
+---
+
+# Critical assets protection in Microsoft Defender for Cloud (Preview)
+
+Defender for Cloud now has business criticality concept added to its security posture management capabilities. This feature helps you to identify and protect your most important assets. It uses the critical assets engine created by Microsoft Security Exposure Management (MSEM). You can define critical asset rules in MSEM, and Defender for Cloud can then them in scenarios such as risk prioritization, attack path analysis, and cloud security explorer.
+
+## Availability
+
+| Aspect | Details |
+|--|--|
+| Release state | Preview |
+| Prerequisites | Defender Cloud Security Posture Management (CSPM) enabled  |
+| Required Microsoft Entra ID built-in roles: | To create/edit/read classification rules: Global Administrator, Security Administrator, Security Operator <br> To read classification rules: Global Reader, Security Reader  |
+| Clouds: | All commercial clouds |
+
+## Set up critical asset management
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment Settings**.
+1. Select the **Resource criticality** tile.
+
+    :::image type="content" source="media/critical-assets-protection/resource-criticality-tile.png" alt-text="Screenshot of the resource criticality tile." lightbox="media/critical-assets-protection/resource-criticality-tile.png":::
+
+1. The **Critical asset management** pane opens. Select **Open Microsoft Defender portal.**"
+
+    :::image type="content" source="media/critical-assets-protection/critical-asset-management-pane.png" alt-text="Screenshot of the critical asset management pane." lightbox="media/critical-assets-protection/critical-asset-management-pane.png":::
+
+1. You then arrive at the **Critical asset management** page in the **Microsoft Defender XDR** portal.
+
+    :::image type="content" source="media/critical-assets-protection/critical-asset-management-page.png" alt-text="Screenshot of critical asset management page." lightbox="media/critical-assets-protection/critical-asset-management-page.png":::
+
+1. To create custom critical asset rules to tag your resources as **Critical resources** in Defender for Cloud, select the **Create a new classification** button.
+
+    :::image type="content" source="media/critical-assets-protection/create-new-classification.png" alt-text="Screenshot of Create a new classification button." lightbox="media/critical-assets-protection/create-new-classification.png":::
+
+1. Add a name and description for your new classification, and use under **Query builder**, select **Cloud resource** to build your critical assets rule. Then select **Next**.
+
+    :::image type="content" source="media/critical-assets-protection/create-critical-asset-classification.png" alt-text="Screenshot of how to create critical asset classification." lightbox="media/critical-assets-protection/create-critical-asset-classification.png":::
+
+1. On the **Preview assets** page, you can see a list of assets that match the rule you created. After reviewing the page, select **Next**.
+
+    :::image type="content" source="media/critical-assets-protection/preview-assets.png" alt-text="Screenshot of Preview assets page, showing a list of all assets that match the rule." lightbox="media/critical-assets-protection/preview-assets.png":::
+
+1. On the **Assign criticality** page, assign the criticality level to all assets matching the rule. Then select **Next**.
+
+    :::image type="content" source="media/critical-assets-protection/assign-criticality.png" alt-text="A screenshot of the Assign criticality page." lightbox="media/critical-assets-protection/assign-criticality.png":::
+
+1. You can then see the **Review and finish** page. Review the results, and once you approve, select **Submit**.
+
+    :::image type="content" source="media/critical-assets-protection/review-finish.png" alt-text="Screenshot of the Review and finish page." lightbox="media/critical-assets-protection/review-finish.png":::
+
+1. After you select **Submit**, you can close the **Microsoft Defender XDR** portal. You should wait for up to two hours until all assets matching your rule are tagged as **Critical**.
+
+> [!NOTE]
+> Your critical asset rules apply to all the resources in the tenant that match the rule's condition.
+
+## View your critical assets in Defender for Cloud
+
+1. Once your assets are updated, go to the [Attack path analysis](how-to-manage-attack-path.md) page in Defender for Cloud. You can see all the attack paths to your critical assets.
+
+    :::image type="content" source="media/critical-assets-protection/attack-path-analysis.png" alt-text="Screenshot of attack path analysis page." lightbox="media/critical-assets-protection/attack-path-analysis.png":::
+
+1. If you select an attack path title, you can see its details. Select the target, and under **Insights - Critical resource**, you can see the critical asset tagging information.
+
+    :::image type="content" source="media/critical-assets-protection/critical-resource-insights.png" alt-text="Screenshot of critical resource insights." lightbox="media/critical-assets-protection/critical-resource-insights.png":::
+
+1. In the **Recommendations** page of Defender for Cloud, select the **Preview available** banner to see all the recommendations, which are now prioritized based on asset criticality.
+
+    :::image type="content" source="media/critical-assets-protection/recommendations-page.png" alt-text="Screenshot of the recommendations page, showing critical resources." lightbox="media/critical-assets-protection/recommendations-page.png":::
+
+1. Select a recommendation, and then choose the **Graph** tab. Then choose the target, and select the **Insights** tab. You can see the critical asset tagging information.
+
+    :::image type="content" source="media/critical-assets-protection/recommendation-insights.png" alt-text="Screenshot of critical asset insights for recommendations." lightbox="media/critical-assets-protection/recommendation-insights.png":::
+
+1. In the **Inventory** page of Defender for Cloud, you can see the critical assets in your organization.
+
+    :::image type="content" source="media/critical-assets-protection/inventory-page.png" alt-text="Screenshot of inventory page with critical assets tagged." lightbox="media/critical-assets-protection/inventory-page.png":::
+
+1. To run custom queries on your critical assets, go to the **Cloud Security Explorer** page in Defender for Cloud.
+
+    :::image type="content" source="media/critical-assets-protection/cloud-security-explorer-page.png" alt-text="Screenshot of Cloud Security Explorer page with query for critical assets." lightbox="media/critical-assets-protection/cloud-security-explorer-page.png":::
+
+## Related content
+
+For more information about improving your cloud security posture, see [Cloud security posture management (CSPM)](concept-cloud-security-posture-management.md).