PM feedback changes in intro

Author: bmansheim

articles/defender-for-cloud/TOC.yml

@@ -156,25 +156,23 @@
       - name: Reference list of attack paths and cloud security graph components
         displayName: attack, paths, security, graph, components
         href: attack-path-reference.md
-  - name: Protect servers
+  - name: Plan Defender for Servers deployment
     items:
-    - name: Plan Defender for Servers deployment
-      items:
-      - name: Get started
-        displayName: VM, JIT, plan 1, plan 2, plans, vulnerability assessment, threat management, defender for endpoint, vulnerability scanner, Qualys, FIM, File integrity monitoring, adaptive application controls, adaptive network hardening, docker, fileless attack detection, auditd, simulate alerts
-        href: plan-defender-for-servers.md
-      - name: Review data residency and workspace design 
-        href: plan-defender-for-servers-data-workspace.md
-      - name: Determine roles and access
-        href: plan-defender-for-servers-roles.md
-      - name: Select a plan
-        href: plan-defender-for-servers-select-plan.md
-      - name: Review agents and extensions
-        href: plan-defender-for-servers-agents.md
-      - name: Scale a Defender for Servers deployment
-        href: plan-defender-for-servers-scale.md
-      - name: Common questions
-        href: faq-defender-for-servers.yml
+    - name: Get started
+      displayName: VM, JIT, plan 1, plan 2, plans, vulnerability assessment, threat management, defender for endpoint, vulnerability scanner, Qualys, FIM, File integrity monitoring, adaptive application controls, adaptive network hardening, docker, fileless attack detection, auditd, simulate alerts
+      href: plan-defender-for-servers.md
+    - name: Review data residency and workspace design 
+      href: plan-defender-for-servers-data-workspace.md
+    - name: Determine roles and access
+      href: plan-defender-for-servers-roles.md
+    - name: Select a plan
+      href: plan-defender-for-servers-select-plan.md
+    - name: Review agents and extensions
+      href: plan-defender-for-servers-agents.md
+    - name: Scale a Defender for Servers deployment
+      href: plan-defender-for-servers-scale.md
+    - name: Common questions
+      href: faq-defender-for-servers.yml
   - name: Protect cloud workloads
     items:
     - name: Agentless scanning

articles/defender-for-cloud/defender-for-cloud-introduction.md

@@ -7,15 +7,11 @@ ms.date: 12/05/2022
 ---
 # What is Microsoft Defender for Cloud?
 
-Microsoft Defender for Cloud is a unified security solution for Azure, AWS, and GCP resources, and on-premises machines. Defended for Cloud combines the capabilities of:
+Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud combines the capabilities of:
 
-- A cloud-native application protection platform (CNAPP) that protects your cloud applications in development and at runtime
+- A development security operations (DevSecOps) solution that unifies security management at the code level across multicloud and multiple-pipeline environments
 - A cloud security posture management (CSPM) solution that surfaces actions that you can take to prevent breaches
-- A cloud workload protection platform (CWPP) with specific protections for servers, containers, databases, and other workloads
-
-Evaluate your organization’s security posture across clouds and continually assess its state with a secure score. Use recommendations and other Defender for Cloud capabilities to improve your score and posture.
-
-Defender for Cloud includes Foundational CSPM (Free) capabilities for free. You can also enable advanced CSPM capabilities and cloud workload protections by enabling paid Defender plans.
+- A cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads
 
 ![Diagram that shows the core functionality of Microsoft Defender for Cloud.](media/defender-for-cloud-introduction/defender-for-cloud-pillars.png)
 
@@ -33,42 +29,41 @@ Today’s applications require security awareness at the code, infrastructure, a
 
 The security of your cloud and on-premises resources depends on proper configuration and deployment. Defender for Cloud recommendations identify the steps that you can take to secure your environment.
 
+Defender for Cloud includes Foundational CSPM (Free) capabilities for free. You can also enable advanced CSPM capabilities and cloud workload protections by enabling paid Defender plans.
+
 | Capability | What problem does it solve? | Get started | Defender plan and pricing |
 | ---------- | --------------------------- | ----------- | ------------------------- |
 | [Centralized policy management](security-policy-concept.md)       | Define the security conditions that you want to maintain across your environment. The policy translates to recommendations that identify resource configurations that violate your security policy. The [Microsoft cloud security benchmark](concept-regulatory-compliance.md) is a built-in standard that applies security principles with detailed technical implementation guidance for Azure, for other cloud providers (such as AWS and GCP), and for other Microsoft clouds.            | [Customize security a policy](custom-security-policies.md)                          | Foundational CSPM (Free) |
 | [Secure score]( secure-score-security-controls.md) | Summarize your security posture based on the security recommendations. As you remediate recommendations, your secure score improves. | [Track your secure score](secure-score-access-and-track.md) | Foundational CSPM (Free) |
 | [Multicloud coverage](plan-multicloud-security-get-started.md) | Connect to your multicloud environments with agentless methods for CSPM insight and CWP protection. | Connect your [Amazon AWS](quickstart-onboard-aws.md) and [Google GCP](quickstart-onboard-gcp.md) cloud resources to Defender for Cloud | Foundational CSPM (Free) |
 | [Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) | Use the dashboard to see weaknesses in your security posture. | [Enable CSPM tools](enable-enhanced-security.md) | Foundational CSPM (Free) |
-| [Advanced Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md) | Get advanced tools to identify weaknesses in your security posture, including:</br>- Governance to drive actions to improve your security posture</br>- Regulatory compliance to verify compliance with security standards</br>- Cloud security explorer to build a comprehensive view of your environment | [Enable CSPM tools](enable-enhanced-security.md) | Defender CSPM |
-| [Attack path analysis](concept-attack-path.md) | Model traffic on your network to identify potential risks before you implement changes to your environment. | [Build queries to analyze paths](how-to-manage-cloud-security-explorer.md) | Defender CSPM |
+| [Advanced Cloud Security Posture Management](concept-cloud-security-posture-management.md) | Get advanced tools to identify weaknesses in your security posture, including:</br>- Governance to drive actions to improve your security posture</br>- Regulatory compliance to verify compliance with security standards</br>- Cloud security explorer to build a comprehensive view of your environment | [Enable CSPM tools](enable-enhanced-security.md) | Defender CSPM |
+| [Attack path analysis](concept-attack-path.md#what-is-attack-path-analysis) | Model traffic on your network to identify potential risks before you implement changes to your environment. | [Build queries to analyze paths](how-to-manage-attack-path.md) | Defender CSPM |
+| [Cloud Security Explorer](concept-attack-path.md#what-is-cloud-security-explorer) | A map of your cloud environment that lets you build queries to find security risks. | [Build queries to find security risks](how-to-manage-cloud-security-explorer.md) | Defender CSPM |
 | [Security governance](governance-rules.md#building-an-automated-process-for-improving-security-with-governance-rules) | Drive security improvements through your organization by assigning tasks to resource owners and tracking progress in aligning your security state with your security policy. | [Define governance rules](governance-rules.md#defining-governance-rules-to-automatically-set-the-owner-and-due-date-of-recommendations) | Defender CSPM |
+| [Microsoft Entra Permissions Management](../active-directory/cloud-infrastructure-entitlement-management/index.yml) | Provide comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS, and GCP. | [Review your Permission Creep Index (CPI)](other-threat-protections.md#entra-permission-management-formerly-cloudknox) | Defender CSPM |
 
 ## Protect cloud workloads
 
-### Cloud Workload Protections (CWP)
+### Cloud workload protections
+
+Proactive security principles require that you implement security practices that protect your workloads from threats. Cloud workload protections (CWP) surface workload-specific recommendations that lead you to the right security controls to protect your workloads.
 
-Proactive security principles require that you implement security practices that protect your workloads from threats. Cloud workload protections surface workload-specific recommendations that lead you to the right security controls to protect your workloads.
+When your environment is threatened, you need to know right away the nature and severity of the threat so you can plan your response. After you identify a threat in your environment, you need to quickly respond to limit the risk to your resources. 
 
 | Capability | What problem does it solve? | Get started | Defender plan and pricing |
 | ---------- | --------------------------- | ----------- | ------------------------- |
 | Protect cloud servers | Provide server protections through Microsoft Defender for Endpoint or extended protection with just-in-time network access, file integrity monitoring, vulnerability assessment, and more. | [Secure your multicloud and on-premises servers](defender-for-servers-introduction.md) | [Defender for Servers](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
 | Identify threats to your storage resources | Detect unusual and potentially harmful attempts to access or exploit your storage accounts using advanced threat detection capabilities and Microsoft Threat Intelligence data to provide contextual security alerts. | [Protect your cloud storage resources](defender-for-storage-introduction.md) | [Defender for Storage](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
 | Protect cloud databases | Protect your entire database estate with attack detection and threat response for the most popular database types in Azure to protect the database engines and data types, according to their attack surface and security risks. | [Deploy specialized protections for cloud and on-premises databases](quickstart-enable-database-protections.md) | - [Defender for Azure SQL Databases](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br>- [Defender for SQL servers on machines](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br>- [Defender for Open-source relational databases](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br>- [Defender for Azure Cosmos DB](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
 | Protect containers | Secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications with environment hardening, vulnerability assessments, and run-time protection. | [Find security risks in your containers](defender-for-containers-introduction.md) | [Defender for Containers](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
-
-### Threat detection and response
-
-When your environment is threatened, you need to know right away the nature and severity of the threat so you can plan your response. After you identify a threat in your environment, you need to quickly respond to limit the risk to your resources. 
-
-| Capability | What problem does it solve? | Get started | Defender plan and pricing |
-| ---------- | --------------------------- | ----------- | ------------------------- |
 | [Infrastructure service insights](asset-inventory.md) | Diagnose weaknesses in your application infrastructure that can leave your environment susceptible to attack. | - [Identify attacks targeting applications running over App Service](defender-for-app-service-introduction.md)</br>- [Detect attempts to exploit Key Vault accounts](defender-for-key-vault-introduction.md)</br>- [Get alerted on suspicious Resource Manager operations](defender-for-resource-manager-introduction.md)</br>- [Expose anomalous DNS activities](defender-for-dns-introduction.md) | - [Defender for App Service](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br></br>- [Defender for Key Vault](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br></br>- [Defender for Resource Manager](https://azure.microsoft.com/pricing/details/defender-for-cloud/)</br></br>- [Defender for DNS](https://azure.microsoft.com/pricing/details/defender-for-cloud/)|
-| [Security alerts](alerts-overview.md) | Get informed you of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | [Manage security alerts]( managing-and-responding-alerts.md) | Defender CSPM |
-| [Security incidents](alerts-overview.md#what-are-security-incidents) | Correlate alerts to identify attack patterns and integrate with Security Information and Event Management (SIEM), Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions to respond to threats and limit the risk to your resources. | [Export alerts to SIEM, SOAR, or ITSM systems](export-to-siem.md) | Defender CSPM |
+| [Security alerts](alerts-overview.md) | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | [Manage security alerts]( managing-and-responding-alerts.md) | [Any workload protection Defender plan](#cloud-workload-protections-cwp) |
+| [Security incidents](alerts-overview.md#what-are-security-incidents) | Correlate alerts to identify attack patterns and integrate with Security Information and Event Management (SIEM), Security Orchestration Automated Response (SOAR), and IT Service Management (ITSM) solutions to respond to threats and limit the risk to your resources. | [Export alerts to SIEM, SOAR, or ITSM systems](export-to-siem.md) | [Any workload protection Defender plan](#cloud-workload-protections-cwp) |
 
 ## Learn More
 
-You can also check out:
+For more information about Defender for Cloud and how it works, check out:
 
 - A [step-by-step walkthrough](https://mslearn.cloudguides.com/en-us/guides/Protect%20your%20multi-cloud%20environment%20with%20Microsoft%20Defender%20for%20Cloud) of Defender for Cloud
 - An interview about Defender for Cloud with an expert in cybersecurity in [Lessons Learned from the Field](episode-six.md)
@@ -77,9 +72,5 @@ You can also check out:
 
 ## Next steps
 
-- To get started with Defender for Cloud, you need a subscription to Microsoft Azure. If you don't have a subscription, [sign up for a free trial](https://azure.microsoft.com/free/).
-- Defender for Cloud's free plan is enabled on all your current Azure subscriptions when you visit the Defender for Cloud pages in the Azure portal for the first time, or if enabled programmatically via the REST API. To take advantage of advanced security management and threat detection capabilities, you must enable the Defender plans. These features are free for the first 30 days. [Learn more about the pricing](https://azure.microsoft.com/pricing/details/defender-for-cloud/).
-- If you're ready to enable enhanced security features now, [Enable enhanced security features](enable-enhanced-security.md) walks you through the steps.
-
 > [!div class="nextstepaction"]
 > [Enable Microsoft Defender plans](enable-enhanced-security.md)

articles/defender-for-cloud/permissions.md

@@ -1,7 +1,7 @@
 ---
 title: User roles and permissions in Microsoft Defender for Cloud
 description: This article explains how Microsoft Defender for Cloud uses role-based access control to assign permissions to users and identify the permitted actions for each role.
-ms.topic: overview
+ms.topic: limits-and-quotas
 ms.custom: ignite-2022
 ms.date: 01/24/2023
 ---

articles/defender-for-cloud/plan-defender-for-servers-data-workspace.md

@@ -171,7 +171,7 @@ You can learn how to [Analyze usage in Log Analytics workspace](../azure-monitor
 
 Based on your usage, you won't be billed until you've used your daily allowance. If you're receiving a bill, it's only for the data used after the 500-MB limit is reached, or for other service that doesn't fall under the coverage of Defender for Cloud.
 
-## How can I manage my costs?
+### How can I manage my costs?
 
 You may want to manage your costs and limit the amount of data collected for a solution by limiting it to a particular set of agents. Use [solution targeting](../azure-monitor/insights/solution-targeting.md) to apply a scope to the solution and target a subset of computers in the workspace. If you're using solution targeting, Defender for Cloud lists the workspace as not having a solution.
 > [!IMPORTANT]

articles/defender-for-cloud/support-matrix-defender-for-cloud.md

@@ -1,7 +1,7 @@
 ---
 title: Features supported in different Azure cloud environments - Microsoft Defender for Cloud
 description: Learn about the Azure cloud environments where Defender for Cloud can be used.
-ms.topic: overview
+ms.topic: limits-and-quotas
 author: bmansheim
 ms.author: benmansheim
 ms.date: 02/07/2023