Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into s2s-ps

Author: cherylmc

articles/devtest-labs/devtest-lab-create-lab.md

@@ -28,7 +28,7 @@ This quickstart walks you through creating a lab in Azure DevTest Labs by using
    - **Artifacts storage account access**: You can configure whether the lab uses a User-assigned Managed Identity or a Shared Key to access the lab storage account. To use a User-assigned Managed Identity, select the appropriate managed identity from the list, otherwise select the Storage Account Shared Key option from the list.
    - **Public environments**: Leave **On** for access to the [DevTest Labs public environment repository](https://github.com/Azure/azure-devtestlab/tree/master/Environments). Set to **Off** to disable access. For more information, see [Enable public environments when you create a lab](devtest-lab-create-environment-from-arm.md#set-public-environment-access-for-new-lab).
 
-   :::image type="content" source="./media/devtest-lab-create-lab/portal-create-basic-settings.png" alt-text="Screenshot of the Basic Settings tab in the Create DevTest Labs form.":::
+   :::image type="content" source="./media/devtest-lab-create-lab/portal-create-basic-settings-managed-identity.png" alt-text="Screenshot of the Basic Settings tab in the Create DevTest Labs form.":::
 
 1. Optionally, select each tab at the top of the page, and customize those settings
    - [**Auto-shutdown**](#auto-shutdown-tab)

articles/devtest-labs/media/tutorial-create-custom-lab/portal-create-basic-settings-managed-identity.png

@@ -47,7 +47,7 @@ To create a lab in Azure DevTest Labs, follow these steps.
    |**Artifacts storage account access**|You can configure whether the lab uses a User-assigned Managed Identity or a Shared Key to access the lab storage account. To use a User-assigned Managed Identity, select the appropriate managed identity from the list, otherwise select the Storage Account Shared Key option from the list.|
    |**Public environments**|Leave **On** for access to the [DevTest Labs public environment repository](https://github.com/Azure/azure-devtestlab/tree/master/Environments). Set to **Off** to disable access. For more information, see [Enable public environments when you create a lab](devtest-lab-create-environment-from-arm.md#set-public-environment-access-for-new-lab).|
 
-   :::image type="content" source="./media/tutorial-create-custom-lab/create-custom-lab-blade.png" alt-text="Screenshot of the Basic Settings tab of the Create DevTest Labs form.":::
+   :::image type="content" source="./media/tutorial-create-custom-lab/portal-create-basic-settings-managed-identity.png" alt-text="Screenshot of the Basic Settings tab of the Create DevTest Labs form.":::
 
 1. Optionally, select the [Auto-shutdown](devtest-lab-create-lab.md#auto-shutdown-tab), [Networking](devtest-lab-create-lab.md#networking-tab), or [Tags](devtest-lab-create-lab.md#tags-tab) tabs at the top of the page, and customize those settings. You can also apply or change most of these settings after lab creation.
 

articles/devtest-labs/tutorial-create-custom-lab.md

@@ -1,40 +1,70 @@
 ---
 # required metadata
 
-title: Copilot for Security and Defender EASM
-description: You can use Copilot for Security to get information about your EASM data.
+title: Microsoft Security Copilot in Defender EASM
+description: You can use Microsoft Security Copilot to get information about your EASM data.
 author: dandennis
 ms.author: dandennis
-ms.date: 10/25/2023
+ms.date: 11/20/2024
 ms.topic: conceptual
 ms.service: defender-easm
 ms.localizationpriority: high
 
 ---
 
-# Microsoft Copilot for Security and Defender EASM
+# Microsoft Security Copilot in Defender EASM
 
 Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall. Attack Surface Insights are generated by analyzing vulnerability and infrastructure data to showcase the key areas of concern for your organization. 
 
-Defender EASM’s integration with Copilot for Security enables users to interact with Microsoft’s discovered attack surfaces. These attack surfaces allow users to quickly understand their externally facing infrastructure and relevant, critical risks to their organization. They provide insight into specific areas of risk, including vulnerabilities, compliance, and security hygiene. For more information about Copilot for Security, go to [What is Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot).  For more information on the embedded Copilot for Security experience, refer to [Query your attack surface with Defender EASM using Microsoft Copilot in Azure](/azure/copilot/query-attack-surface). 
+Defender EASM’s integration with Microsoft Security Copilot enables users to interact with Microsoft’s discovered attack surfaces. These attack surfaces allow users to quickly understand their externally facing infrastructure and relevant, critical risks to their organization. They provide insight into specific areas of risk, including vulnerabilities, compliance, and security hygiene. For more information about Microsoft Security Copilot, go to [What is Microsoft Security Copilot](/security-copilot/microsoft-security-copilot).  For more information on the embedded Microsoft Security Copilot experience, refer to [Query your attack surface with Defender EASM using Microsoft Copilot in Azure](/azure/copilot/query-attack-surface). 
 
 
-**Copilot for Security integrates with Defender EASM**.
+## Know before you begin
 
-Copilot for Security can surface insights from Defender EASM about an organization's attack surface. You can use the system features built into Copilot for Security, and use prompts to get more information. This information can help you understand your security posture and mitigate vulnerabilities.
+If you're new to Microsoft Security Copilot, you should familiarize yourself with it by reading these articles:
+- [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot)
+- [Microsoft Security Copilot experiences](/security-copilot/experiences-security-copilot)
+- [Get started with Microsoft Security Copilot](/security-copilot/get-started-security-copilot)
+- [Understand authentication in Microsoft Security Copilot](/security-copilot/authentication)
+- [Prompting in Microsoft Security Copilot](/security-copilot/prompting-security-copilot)
 
-This article introduces you to Copilot for Security and includes sample prompts that can help Defender EASM users.
 
+## Microsoft Security Copilot integration in Defender EASM
 
-## Connect Copilot to Defender EASM 
+Microsoft Security Copilot can surface insights from Defender EASM about an organization's attack surface. You can use the system features built into Microsoft Security Copilot, and use prompts to get more information. This information can help you understand your security posture and mitigate vulnerabilities.
+
+This article introduces you to Microsoft Security Copilot and includes sample prompts that can help Defender EASM users.
+
+## Key features
+
+The EASM Security Copilot integration can help you with:
+
+- Providing a snapshot of your external attack surface and generating insights into potential risks
+
+  This allows users to get a quick view of their external attack surface by analyzing internet-available information combined with Microsoft's proprietary discovery algorithm. It provides an easy-to-understand natural language explanation of the organization's externally facing assets, such as hosts, domains, webpages, and IP addresses, and highlights the critical risks associated with them.
+
+- Prioritizing remediation efforts based on asset risk and CVEs
+
+  EASM allows security teams to prioritize their remediation efforts by understanding which assets and Common Vulnerabilities and Exposures (CVEs) pose the greatest risk in their environment. It does this by analyzing vulnerability and infrastructure data to showcase key areas of concern, providing a natural language explanation of the risks and recommended actions.
+
+- Leveraging Security Copilot to surface insights
+
+  Users can leverage Security Copilot to ask about insights in natural language to extract insights from Defender EASM about their organization's attack surface. This includes querying details such as the number of insecure SSL certificates, ports detected, and specific vulnerabilities impacting the attack surface.
+
+- Expediting Attack Surface Curation
+
+  Utilize Security Copilot to curate your attack surface with labels, external IDs, and state modifications for a set of assets. This process speeds up curation, allowing you to organize your inventory faster and more efficiently.
+
+
+## Enable the Microsoft Security Copilot integration in Defender EASM 
 
 ### Prerequisites
 
-* Access to Copilot for Security, with permissions to activate new connections.
+* Access to Microsoft Security Copilot, with permissions to activate new connections.
 
 ### Copilot  for Security connection 
 
-1. Access [Copilot for Security](https://securitycopilot.microsoft.com/) and ensure you're authenticated.
+1. Access [Microsoft Security Copilot](https://securitycopilot.microsoft.com/) and ensure you're authenticated.
 1. Select the plugins icon on the upper-right side of the prompt input bar.
 
     ![Screenshot that shows the plugins icon.](media/copilot-2.png)
@@ -43,7 +73,7 @@ This article introduces you to Copilot for Security and includes sample prompts
 
     ![Screenshot that shows Defender EASM activated in Copilot.](media/copilot-4.png)
 
-4. If you would like Copilot for Security to pull data from your Microsoft Defender External Attack Surface Resource, click on the gear to open the plugin settings, and fill out the fields from your resource’s “Essentials” section on the Overview blade.
+4. If you would like Microsoft Security Copilot to pull data from your Microsoft Defender External Attack Surface Resource, click on the gear to open the plugin settings, and fill out the fields from your resource’s “Essentials” section on the Overview blade.
 
   [ ![Screenshot that shows the Defender EASM fields that must be configured in Copilot.](media/copilot-6.png) ](media/copilot-6.png#lightbox) 
 
@@ -54,9 +84,9 @@ This article introduces you to Copilot for Security and includes sample prompts
 
 
 
-## Getting started 
+## Sample Defender EASM prompts
 
-Copilot for Security operates primarily with natural language prompts. When querying information from Defender EASM, you submit a prompt that guides Copilot for Security to select the Defender EASM plugin and invoke the relevant capability.  
+Microsoft Security Copilot operates primarily with natural language prompts. When querying information from Defender EASM, you submit a prompt that guides Microsoft Security Copilot to select the Defender EASM plugin and invoke the relevant capability.  
 For success with Copilot prompts, we recommend the following: 
 
 - Ensure that you reference the company name in your first prompt. Unless otherwise specified, all future prompts will provide data about the initially specified company. 
@@ -70,16 +100,16 @@ For success with Copilot prompts, we recommend the following:
 
 - Experiment with different prompts and variations to see what works best for your use case. Chat AI models vary, so iterate and refine your prompts based on the results you receive.
 
-- Copilot for Security saves your prompt sessions. To see the previous sessions, in Copilot for Security, go to the menu > **My sessions**. 
+- Microsoft Security Copilot saves your prompt sessions. To see the previous sessions, in Microsoft Security Copilot, go to the menu > **My sessions**. 
 
 
-  For a walkthrough on Copilot for Security, including the pin and share feature, go to [Navigating Microsoft Copilot for Security](/security-copilot/navigating-security-copilot).
+  For a walkthrough on Microsoft Security Copilot, including the pin and share feature, go to [Navigating Microsoft Security Copilot](/security-copilot/navigating-security-copilot).
 
-For more information on writing Copilot for Security prompts, go to [Microsoft Copilot for Security prompting tips](/security-copilot/prompting-tips).
+For more information on writing Microsoft Security Copilot prompts, go to [Microsoft Security Copilot prompting tips](/security-copilot/prompting-tips).
 
 
 
-## Plugin capabilities reference 
+### Plugin capabilities reference 
 
 | Capability        | Description                     | Inputs                | Behaviors                              |
 | ----------------- | ------------------------------- | --------------------- | -------------------------------------- |
@@ -94,29 +124,29 @@ For more information on writing Copilot for Security prompts, go to [Microsoft C
 
 
 
-## Switching between resource and company data 
+### Switching between resource and company data 
 
-Even though we have added resource integration for our skills, we still support pulling data from prebuilt attack surfaces for specific companies. To improve Copilot for Security’s accuracy in determining when a customer wants to pull from their attack surface or a prebuilt, company attack surface, we recommend using “my”, “my attack surface”, etc. to convey they want to use their resource and “their”, “{specific company name}”, etc. to convey they want a prebuilt attack surface. While this does improve the experience in a single session, we strongly recommend having two separate sessions to avoid any confusion. 
+Even though we have added resource integration for our skills, we still support pulling data from prebuilt attack surfaces for specific companies. To improve Security Copilot’s accuracy in determining when a customer wants to pull from their attack surface or a prebuilt, company attack surface, we recommend using “my”, “my attack surface”, etc. to convey they want to use their resource and “their”, “{specific company name}”, etc. to convey they want a prebuilt attack surface. While this does improve the experience in a single session, we strongly recommend having two separate sessions to avoid any confusion. 
 
 
 ## Provide feedback
 
-Your feedback on Copilot for Security generally, and the Defender EASM plugin specifically, is vital to guide current and planned development on the product. The optimal way to provide this feedback is directly in the product, using the feedback buttons at the bottom of each completed prompt. Select "Looks right," "Needs improvement" or "Inappropriate". We recommend “Looks right” when the result matches expectations, “Needs improvement” when it doesn't, and “Inappropriate” when the result is harmful in some way.  
+Your feedback on Microsoft Security Copilot generally, and the Defender EASM plugin specifically, is vital to guide current and planned development on the product. The optimal way to provide this feedback is directly in the product, using the feedback buttons at the bottom of each completed prompt. Select "Looks right," "Needs improvement" or "Inappropriate". We recommend “Looks right” when the result matches expectations, “Needs improvement” when it doesn't, and “Inappropriate” when the result is harmful in some way.  
 
-Whenever possible, and especially when the result is “Needs improvement,” please write a few words explaining what we can do to improve the outcome. This also applies when you expected Copilot for Security to invoke the Defender EASM plugin, but another plugin was selected instead. 
+Whenever possible, and especially when the result is “Needs improvement,” please write a few words explaining what we can do to improve the outcome. This also applies when you expected Microsoft Security Copilot to invoke the Defender EASM plugin, but another plugin was selected instead. 
 
 
 
-## Data processing and privacy
+## Privacy and data security in Microsoft Security Copilot
 
-When you interact with Copilot for Security to get Defender EASM data, Copilot pulls that data from Defender EASM. The prompts, the data that's retrieved, and the output shown in the prompt results is processed and stored within the Copilot for Security service.
+When you interact with Microsoft Security Copilot to get Defender EASM data, Copilot pulls that data from Defender EASM. The prompts, the data that's retrieved, and the output shown in the prompt results is processed and stored within the Microsoft Security Copilot service.
 
-For more information about data privacy in Copilot for Security, go to [Privacy and data security in Microsoft Copilot for Security](/security-copilot/privacy-data-security).
+For more information about data privacy in Microsoft Security Copilot, go to [Privacy and data security in Microsoft Security Copilot](/security-copilot/privacy-data-security).
 
 
 
 ## Related articles
 
-- [What is Microsoft Copilot for Security?](/security-copilot/microsoft-security-copilot)
-- [Privacy and data security in Microsoft Copilot for Security](/security-copilot/privacy-data-security)
+- [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot)
+- [Privacy and data security in Microsoft Security Copilot](/security-copilot/privacy-data-security)
 - [Query your attack surface with Defender EASM using Microsoft Copilot in Azure](/azure/copilot/query-attack-surface) 

articles/external-attack-surface-management/easm-copilot.md

@@ -92,7 +92,7 @@ A network security perimeter-aware private link resource is a PaaS resource that
 | Private link resource name | Resource type | Resources |
 |---------------------------|---------------|-----------|
 | [Azure Monitor](/azure/azure-monitor/essentials/network-security-perimeter)             | Microsoft.Insights/dataCollectionEndpoints</br>Microsoft.Insights/ScheduledQueryRules</br>Microsoft.Insights/actionGroups</br>Microsoft.OperationalInsights/workspaces | Log Analytics Workspace, Application Insights, Alerts, Notification Service |
-| Azure AI Search          | Microsoft.Search/searchServices | - |
+| [Azure AI Search](/azure/search/search-security-network-security-perimiter)          | Microsoft.Search/searchServices | - |
 | [Cosmos DB](/azure/cosmos-db/how-to-configure-nsp)                | Microsoft.DocumentDB/databaseAccounts | - |
 | Event Hubs                | Microsoft.EventHub/namespaces | - |
 | [Key Vault](/azure/key-vault/general/network-security#network-security-perimeter-preview)                 | Microsoft.KeyVault/vaults | - |

articles/private-link/network-security-perimeter-concepts.md

@@ -109,7 +109,7 @@ You can find the friendly name of that security principal by taking the value of
 
 ### Auditing data plane operations
 
-Data plane operations are captured in [Azure resource logs for Storage](monitor-blob-storage.md#analyzing-logs). You can [configure Diagnostic setting](/azure/azure-monitor/platform/diagnostic-settings) to export logs to Log Analytics workspace for a native query experience.
+Data plane operations are captured in [Azure resource logs for Storage](monitor-blob-storage.md#azure-monitor-resource-logs). You can [configure Diagnostic settings](/azure/azure-monitor/platform/diagnostic-settings) to export logs to Log Analytics workspace for a native query experience.
 
 Here's a Log Analytics query that retrieves the "when", "who", "what", and "how" information in a list of log entries.