Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI198244-security-data

Author: ElazarK

articles/azure-functions/start-stop-vms/deploy.md

@@ -208,7 +208,7 @@ For each scenario, you can target the action against one or more subscriptions,
     ```json
     {
       "Action": "start",
-      "EnableClassic": true,
+      "EnableClassic": false,
       "RequestScopes": {
         "ExcludedVMLists": [],
         "VMLists": [
@@ -290,7 +290,7 @@ In an environment that includes two or more components on multiple Azure Resourc
     ```json
     {
       "Action": "start",
-      "EnableClassic": true,
+      "EnableClassic": false,
       "RequestScopes": {
         "ExcludedVMLists": [],
         "VMLists": [
@@ -366,7 +366,7 @@ To learn more about how Azure Monitor metric alerts work and how to configure th
       "AutoStop_Threshold": "5",
       "AutoStop_TimeAggregationOperator": "Average",
       "AutoStop_TimeWindow": "06:00:00",
-      "EnableClassic": true,
+      "EnableClassic": false,
       "RequestScopes": {
         "ExcludedVMLists": [],
         "ResourceGroups": [
@@ -391,7 +391,7 @@ To learn more about how Azure Monitor metric alerts work and how to configure th
       "AutoStop_Threshold": "5",
       "AutoStop_TimeAggregationOperator": "Average",
       "AutoStop_TimeWindow": "06:00:00",
-      "EnableClassic": true,
+      "EnableClassic": false,
       "RequestScopes": {
         "ExcludedVMLists": [],
         "VMLists": [

articles/azure-monitor/app/javascript-sdk.md

@@ -142,7 +142,7 @@ If you want to use the extra features provided by plugins for specific framework
 
 - [React plugin](javascript-framework-extensions.md?tabs=react)
 - [React native plugin](javascript-framework-extensions.md?tabs=reactnative)
-- [Angular plugin](javascript-framework-extensions.md?tabs=reactnative)
+- [Angular plugin](javascript-framework-extensions.md?tabs=angular)
 
 ### Confirm data is flowing
 

articles/azure-monitor/logs/basic-logs-configure.md

@@ -186,7 +186,7 @@ All custom tables created with or migrated to the [data collection rule (DCR)-ba
 | Application Gateways | [AGWAccessLogs](/azure/azure-monitor/reference/tables/AGWAccessLogs)<br>[AGWPerformanceLogs](/azure/azure-monitor/reference/tables/AGWPerformanceLogs)<br>[AGWFirewallLogs](/azure/azure-monitor/reference/tables/AGWFirewallLogs) |
 | Application Gateway for Containers | [AGCAccessLogs](/azure/azure-monitor/reference/tables/AGCAccessLogs) |
 | Application Insights | [AppTraces](/azure/azure-monitor/reference/tables/apptraces) |
-| Bare Metal Machines | [NCBMSecurityDefenderLogs](/azure/azure-monitor/reference/tables/ncbmsecuritydefenderlogs)<br>[NCBMSystemLogs](/azure/azure-monitor/reference/tables/NCBMSystemLogs)<br>[NCBMSecurityLogs](/azure/azure-monitor/reference/tables/NCBMSecurityLogs) |
+| Bare Metal Machines | [NCBMSecurityDefenderLogs](/azure/azure-monitor/reference/tables/ncbmsecuritydefenderlogs)<br>[NCBMSystemLogs](/azure/azure-monitor/reference/tables/NCBMSystemLogs)<br>[NCBMSecurityLogs](/azure/azure-monitor/reference/tables/NCBMSecurityLogs) <br>[NCBMBreakGlassAuditLogs](/azure/azure-monitor/reference/tables/ncbmbreakglassauditlogs)|
 | Chaos Experiments | [ChaosStudioExperimentEventLogs](/azure/azure-monitor/reference/tables/ChaosStudioExperimentEventLogs) |
 | Cloud HSM | [CHSMManagementAuditLogs](/azure/azure-monitor/reference/tables/CHSMManagementAuditLogs) |
 | Container Apps | [ContainerAppConsoleLogs](/azure/azure-monitor/reference/tables/containerappconsoleLogs) |

articles/backup/backup-azure-database-postgresql-overview.md

@@ -2,7 +2,7 @@
 title: About Azure Database for PostgreSQL backup
 description: An overview on Azure Database for PostgreSQL backup
 ms.topic: conceptual
-ms.date: 01/24/2022
+ms.date: 02/09/2024
 ms.service: backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick

articles/backup/backup-azure-database-postgresql-troubleshoot.md

@@ -2,7 +2,7 @@
 title: Troubleshoot Azure Database for PostgreSQL backup
 description: Troubleshooting information for backing up Azure Database for PostgreSQL.
 ms.topic: troubleshooting
-ms.date: 06/07/2022
+ms.date: 02/09/2024
 ms.service: backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick

articles/defender-for-cloud/concept-cloud-security-posture-management.md

@@ -3,7 +3,7 @@ title: Cloud Security Posture Management (CSPM)
 description: Learn more about CSPM in Microsoft Defender for Cloud.
 ms.topic: conceptual
 ms.custom: build-2023
-ms.date: 01/02/2024
+ms.date: 02/11/2024
 ---
 
 # Cloud security posture management (CSPM)
@@ -64,8 +64,6 @@ You can choose which ticketing system to integrate. For preview, only ServiceNow
 
 - Review the [Defender for Cloud pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/) to learn about Defender CSPM pricing.
 
-- Defender CSPM for GCP is free until January 31, 2024.
-
 - From March 7, 2024, advanced DevOps security posture capabilities will only be available through the paid Defender CSPM plan. Free foundational security posture management in Defender for Cloud will continue providing a number of Azure DevOps recommendations. Learn more about [DevOps security features](devops-support.md#azure-devops).
 
 - For subscriptions that use both Defender CSPM and Defender for Containers plans, free vulnerability assessment is calculated based on free image scans provided via the Defender for Containers plan, as summarized [in the Microsoft Defender for Cloud pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/).

articles/defender-for-cloud/overview-page.md

@@ -44,6 +44,6 @@ The **Insights** pane offers customized items for your environment including:
 ## Next steps
 
 - [Learn more](concept-cloud-security-posture-management.md) about cloud security posture management.
-- [Learn more](security-policy-concept.md) about security standards and
+- [Learn more](security-policy-concept.md) about security standards and recommendations
 - [Review your asset inventory](asset-inventory.md)
 

articles/sentinel/connect-logstash-data-connection-rules.md

@@ -392,6 +392,7 @@ After you retrieve the required values:
 
 |Field  |Description  |Default value |
 |---------|---------|---------|
+|`azure_cloud` |Used to specify the name of the Azure cloud that is being used, Available values are: `AzureCloud`, `AzureChinaCloud`, and `AzureUSGovernment`. | `AzureCloud` |
 |`key_names` |An array of strings. Provide this field if you want to send a subset of the columns to Log Analytics. |None (field is empty) |
 |`plugin_flush_interval` |Defines the maximal time difference (in seconds) between sending two messages to Log Analytics.  |`5` |
 |`retransmission_time` |Sets the amount of time in seconds for retransmitting messages once sending failed. |`10` |
@@ -444,6 +445,29 @@ To monitor the connectivity and activity of the Microsoft Sentinel output plugin
 
 If you are not seeing any data in this log file, generate and send some events locally (through the input and filter plugins) to make sure the output plugin is receiving data. Microsoft Sentinel will support only issues relating to the output plugin.
 
+
+### Network security
+Define network settings and enable network isolation for Microsoft Sentinel Logstash output plugin.
+
+#### Virtual network service tags
+
+Microsoft Sentinel output plugin supports [Azure virtual network service tags](/azure/virtual-network/service-tags-overview). Both *AzureMonitor* and *AzureActiveDirectory* tags are required. 
+
+Azure Virtual Network service tags can be used to define network access controls on [network security groups](/azure/virtual-network/network-security-groups-overview#security-rules), [Azure Firewall](/azure/firewall/service-tags), and user-defined routes. Use service tags in place of specific IP addresses when you create security rules and routes. For scenarios where Azure Virtual Network service tags cannot be used, the firewall requirements are given below.
+
+#### Firewall requirements
+
+The following table lists the firewall requirements for scenarios where Azure virtual network service tags can't be used.
+
+| Cloud |Endpoint |Purpose |Port |Direction |Bypass HTTPS inspection|
+|------|------|------|---------|--------|--------|
+| Azure Commercial |https://login.microsoftonline.com |Authorization server (the Microsoft identity platform)|Port 443 |Outbound|Yes |
+| Azure Commercial |`https://<data collection endpoint name>.<Azure cloud region>.ingest.monitor.azure.com`| Data collection Endpoint|Port 443 |Outbound|Yes |
+| Azure Government |https://login.microsoftonline.us |Authorization server (the Microsoft identity platform)|Port 443 |Outbound|Yes |
+| Azure Government |Replace '.com' above with '.us'	| Data collection Endpoint|Port 443 |Outbound|Yes |
+| Microsoft Azure operated by 21Vianet |https://login.chinacloudapi.cn |Authorization server (the Microsoft identity platform)|Port 443 |Outbound|Yes |
+| Microsoft Azure operated by 21Vianet |Replace '.com' above with '.cn'	| Data collection Endpoint|Port 443 |Outbound|Yes |
+
 ## Limitations
 
 - Ingestion into standard tables is limited only to [standard tables supported for custom logs ingestion](data-transformation.md#data-transformation-support-for-custom-data-connectors).

articles/sentinel/monitor-data-connector-health.md

@@ -1,10 +1,10 @@
 ---
 title: Monitor the health of your Microsoft Sentinel data connectors
 description: Use the SentinelHealth data table and the Health Monitoring workbook to keep track of your data connectors' connectivity and performance.
-author: limwainstein
-ms.author: lwainstein
+author: yelevin
+ms.author: yelevin
 ms.topic: how-to
-ms.date: 11/09/2022
+ms.date: 02/11/2024
 ms.service: microsoft-sentinel
 ---
 
@@ -14,7 +14,7 @@ To ensure complete and uninterrupted data ingestion in your Microsoft Sentinel s
 
 The following features allow you to perform this monitoring from within Microsoft Sentinel:
 
-- **Data connectors health monitoring workbook**: This workbook provides additional monitors, detects anomalies, and gives insight regarding the workspace’s data ingestion status. You can use the workbook’s logic to monitor the general health of the ingested data, and to build custom views and rule-based alerts.
+- **Data collection health monitoring workbook**: This workbook provides additional monitors, detects anomalies, and gives insight regarding the workspace’s data ingestion status. You can use the workbook’s logic to monitor the general health of the ingested data, and to build custom views and rule-based alerts.
 
 - ***SentinelHealth* data table (Preview)**: Querying this table provides insights on health drifts, such as latest failure events per connector, or connectors with changes from success to failure states, which you can use to create alerts and other automated actions. The *SentinelHealth* data table is currently supported only for [selected data connectors](#supported-data-connectors).
 
@@ -26,9 +26,15 @@ The following features allow you to perform this monitoring from within Microsof
 
 ## Use the health monitoring workbook
 
-1. From the Microsoft Sentinel portal, select **Workbooks** from the **Threat management** menu.
+1. From the Microsoft Sentinel portal, select **Content hub** from the **Content management** section of the navigation menu.
 
-1. In the **Workbooks** gallery, enter *health* in the search bar, and select **Data collection health monitoring** from among the results.
+1. In the **Content hub**, enter *health* in the search bar, and select **Data collection health monitoring** from among the results.
+
+1. Select **Install** from the details pane. When you see a notification message that the workbook is installed, or if instead of *Install*, you see *Configuration*, proceed to the next step.
+
+1. Select **Workbooks** from the **Threat management** section of the navigation menu.
+
+1. In the **Workbooks** page, select the **Templates** tab, enter *health* in the search bar, and select **Data collection health monitoring** from among the results.
 
 1. Select **View template** to use the workbook as is, or select **Save** to create an editable copy of the workbook. When the copy is created, select **View saved workbook**.
 

articles/storage/blobs/versioning-enable.md

@@ -33,7 +33,7 @@ To enable blob versioning for a storage account in the Azure portal:
     :::image type="content" source="media/versioning-enable/portal-enable-versioning.png" alt-text="Screenshot showing how to enable blob versioning in Azure portal":::
 
 > [!IMPORTANT]
-> If you set the **Delete versions after** option, a rule is automatically added to the lifecycle management policy of the storage account. Once that rule is added, the **Delete versions after** option no appears in the **Data protection** configuration page. 
+> If you set the **Delete versions after** option, a rule is automatically added to the lifecycle management policy of the storage account. Once that rule is added, the **Delete versions after** option no longer appears in the **Data protection** configuration page. 
 >
 > You can make that option reappear in the **Data protection** page by removing the rule. If your lifecycle management policy contains other rules that delete versions, then you'll have to remove those rules as well before the **Delete versions after** option can reappear.