Merge pull request #266249 from dcurwin/fix-formatting-feb14-2024

Fix formatting

Author: prmerger-automator[bot]

articles/defender-for-cloud/managing-and-responding-alerts.md

@@ -35,14 +35,14 @@ When triaging security alerts, you should prioritize alerts based on their alert
 
 Each alert contains information regarding the alert that assists you in your investigation.
 
-**To investigate a security alert**: 
+**To investigate a security alert**:
 
-1. Select an alert. A side pane opens and shows a description of the alert and all the affected resources. 
+1. Select an alert. A side pane opens and shows a description of the alert and all the affected resources.
 
     :::image type="content" source="./media/managing-and-responding-alerts/alerts-details-pane.png" alt-text="Screenshot of the high-level details view of a security alert.":::
 
 1. Review the high-level information about the security alert.
-    
+
     - Alert severity, status, and activity time
     - Description that explains the precise activity that was detected
     - Affected resources
@@ -51,7 +51,7 @@ Each alert contains information regarding the alert that assists you in your inv
 1. Select **View full details**.
 
     The right pane includes the **Alert details** tab containing further details of the alert to help you investigate the issue: IP addresses, files, processes, and more.
-     
+
     :::image type="content" source="./media/managing-and-responding-alerts/security-center-alert-remediate.png" alt-text="Screenshot that shows the full details page for an alert.":::
 
     Also in the right pane is the **Take action** tab. Use this tab to take further actions regarding the security alert. Actions such as:
@@ -71,21 +71,21 @@ The alerts list includes checkboxes so you can handle multiple alerts at once. F
 
 1. Filter according to the alerts you want to handle in bulk.
 
-    In this example, the alerts with severity of `Informational` for the resource `ASC-AKS-CLOUD-TALK` are selected. 
+    In this example, the alerts with severity of `Informational` for the resource `ASC-AKS-CLOUD-TALK` are selected.
 
     :::image type="content" source="media/managing-and-responding-alerts/processing-alerts-bulk-filter.png" alt-text="Screenshot that shows how to filter alerts to show related alerts.":::
 
-1. Use the checkboxes to select the alerts to be processed. 
+1. Use the checkboxes to select the alerts to be processed.
 
-    In this example, all alerts are selected. The **Change status** button is now available. 
+    In this example, all alerts are selected. The **Change status** button is now available.
 
     :::image type="content" source="media/managing-and-responding-alerts/processing-alerts-bulk-select.png" alt-text="Screenshot of selecting all alerts to handle in bulk.":::
 
 1. Use the **Change status** options to set the desired status.
 
     :::image type="content" source="media/managing-and-responding-alerts/processing-alerts-bulk-change-status.png" alt-text="Screenshot of the security alerts status tab.":::
 
-The alerts shown in the current page have their status changed to the selected value. 
+The alerts shown in the current page have their status changed to the selected value.
 
 ## Respond to a security alert
 
@@ -97,7 +97,7 @@ After investigating a security alert, you can respond to the alert from within M
 
     :::image type="content" source="./media/managing-and-responding-alerts/alert-details-take-action.png" alt-text="Screenshot of the security alerts take action tab." lightbox="./media/managing-and-responding-alerts/alert-details-take-action.png":::
 
-1.	Review the **Mitigate the threat** section for the manual investigation steps necessary to mitigate the issue.
+1. Review the **Mitigate the threat** section for the manual investigation steps necessary to mitigate the issue.
 
 1. To harden your resources and prevent future attacks of this kind, remediate the security recommendations in the **Prevent future attacks** section.
 
@@ -113,11 +113,11 @@ After investigating a security alert, you can respond to the alert from within M
 
     The alert is removed from the main alerts list. You can use the filter from the alerts list page to view all alerts with **Dismissed** status.
 
-1.	We encourage you to provide feedback about the alert to Microsoft:
+1. We encourage you to provide feedback about the alert to Microsoft:
     1. Marking the alert as **Useful** or **Not useful**.
     1. Select a reason and add a comment.
 
-        :::image type="content" source="./media/managing-and-responding-alerts/alert-feedback.png" alt-text="Screenshot of the provide feedback to Microsoft window which allows you to select the usefulness of an alert.":::
+        :::image type="content" source="./media/managing-and-responding-alerts/alert-feedback.png" alt-text="Screenshot of the provide feedback to Microsoft window that allows you to select the usefulness of an alert.":::
 
     > [!TIP]
     > We review your feedback to improve our algorithms and provide better security alerts.

articles/defender-for-cloud/monitoring-components.md

@@ -76,7 +76,7 @@ Defender for Cloud depends on the [Log Analytics agent](../azure-monitor/agents/
 - [Log Analytics agent for Windows supported operating systems](../azure-monitor/agents/agents-overview.md#supported-operating-systems)
 - [Log Analytics agent for Linux supported operating systems](../azure-monitor/agents/agents-overview.md#supported-operating-systems)
 
-Also ensure your Log Analytics agent is [properly configured to send data to Defender for Cloud](working-with-log-analytics-agent.md#manual-agent)
+Also ensure your Log Analytics agent is [properly configured to send data to Defender for Cloud](working-with-log-analytics-agent.md#manual-agent).
 
 <a name="preexisting"></a>
 
@@ -95,7 +95,7 @@ The following use cases explain how deployment of the Log Analytics agent works
 - **System Center Operations Manager agent is installed on the machine** - Defender for Cloud will install the Log Analytics agent extension side by side to the existing Operations Manager. The existing Operations Manager agent will continue to report to the Operations Manager server normally. The Operations Manager agent and Log Analytics agent share common run-time libraries, which will be updated to the latest version during this process.
 
 - **A pre-existing VM extension is present**:
-  - When the Monitoring Agent is installed as an extension, the extension configuration allows reporting to only a single workspace. Defender for Cloud doesn't override existing connections to user workspaces. Defender for Cloud will store security data from the VM in the workspace already connected, if the "Security" or "SecurityCenterFree" solution has been installed on it. Defender for Cloud might upgrade the extension version to the latest version in this process.
+  - When the Monitoring Agent is installed as an extension, the extension configuration allows reporting to only a single workspace. Defender for Cloud doesn't override existing connections to user workspaces. Defender for Cloud will store security data from the VM in the workspace already connected, if the "Security" or "SecurityCenterFree" solution was installed on it. Defender for Cloud might upgrade the extension version to the latest version in this process.
   - To see to which workspace the existing extension is sending data to, run the *TestCloudConnection.exe* tool to validate connectivity with Microsoft Defender for Cloud, as described in [Verify Log Analytics Agent connectivity](/services-hub/unified/health/assessments-troubleshooting#verify-log-analytics-agent-connectivity). Alternatively, you can open Log Analytics workspaces, select a workspace, select the VM, and look at the Log Analytics agent connection.
   - If you have an environment where the Log Analytics agent is installed on client workstations and reporting to an existing Log Analytics workspace, review the list of [operating systems supported by Microsoft Defender for Cloud](security-center-os-coverage.md) to make sure your operating system is supported.
 
@@ -139,7 +139,7 @@ Learn more about Azure's [Guest Configuration extension](../governance/machine-c
 
 ### Defender for Containers extensions
 
-This table shows the availability details for the components that are required by the protections offered by [Microsoft Defender for Containers](defender-for-containers-introduction.md).
+This table shows the availability details for the components required by the protections offered by [Microsoft Defender for Containers](defender-for-containers-introduction.md).
 
 By default, the required extensions are enabled when you enable Defender for Containers from the Azure portal.
 
@@ -150,7 +150,7 @@ By default, the required extensions are enabled when you enable Defender for Con
 | Required roles and permissions (subscription-level): | [Owner](../role-based-access-control/built-in-roles.md#owner) or [User Access Administrator](../role-based-access-control/built-in-roles.md#user-access-administrator)                          | [Owner](../role-based-access-control/built-in-roles.md#owner) or [User Access Administrator](../role-based-access-control/built-in-roles.md#user-access-administrator)                               |
 | Supported destinations:                              | The AKS Defender agent only supports [AKS clusters that have RBAC enabled](../aks/concepts-identity.md#kubernetes-rbac).                                                                                   | [See Kubernetes distributions supported for Arc-enabled Kubernetes](supported-machines-endpoint-solutions-clouds-containers.md?tabs=azure-aks#kubernetes-distributions-and-configurations)             |
 | Policy-based:                                        | :::image type="icon" source="./media/icons/yes-icon.png"::: Yes                        | :::image type="icon" source="./media/icons/yes-icon.png"::: Yes                             |
-| Clouds:                                              | **Defender agent**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet<br>**Azure Policy for Kubernetes **:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet|**Defender agent**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet<br>**Azure Policy for Kubernetes**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet|
+| Clouds:                                              | **Defender agent**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet<br>**Azure Policy for Kubernetes**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet|**Defender agent**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet<br>**Azure Policy for Kubernetes**:<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure Government, Microsoft Azure operated by 21Vianet|
 
 Learn more about the [roles used to provision Defender for Containers extensions](permissions.md#roles-used-to-automatically-provision-agents-and-extensions).
 

articles/defender-for-cloud/multi-factor-authentication-enforcement.md

@@ -1,6 +1,6 @@
 ---
 title: Security recommendations for multifactor authentication
-description: Learn how to enforce multifactor authentication for your Azure subscriptions using Microsoft Defender for Cloud
+description: Learn how to enforce multifactor authentication for your Azure subscriptions using Microsoft Defender for Cloud.
 ms.topic: conceptual
 ms.date: 08/22/2023
 ---
@@ -21,7 +21,6 @@ The following recommendations in the Enable MFA control ensure you're meeting th
 - Accounts with write permissions on Azure resources should be MFA enabled
 - Accounts with read permissions on Azure resources should be MFA enabled
 
-
 There are three ways to enable MFA and be compliant with the two recommendations in Defender for Cloud: security defaults, per-user assignment, and conditional access (CA) policy.
 
 ### Free option - security defaults
@@ -72,7 +71,7 @@ To see which accounts don't have MFA enabled, use the following Azure Resource G
 
 1. Enter the following query and select **Run query**.
 
-    ```
+    ```Kusto
     securityresources
     | where type =~ "microsoft.security/assessments/subassessments"
     | where id has "assessments/dabc9bc4-b8a8-45bd-9a5a-43000df8aa1c" or id has "assessments/c0cb17b2-0607-48a7-b0e0-903ed22de39b" or id has "assessments/6240402e-f77c-46fa-9060-a7ce53997754"
@@ -95,7 +94,6 @@ To see which accounts don't have MFA enabled, use the following Azure Resource G
 - Conditional Access policy applied to Microsoft Entra roles (such as all global admins, external users, external domain, etc.) isn't supported yet.
 - External MFA solutions such as Okta, Ping, Duo, and more aren't supported within the identity MFA recommendations.
 
-
 ## Next steps
 
 To learn more about recommendations that apply to other Azure resource types, see the following articles:

articles/defender-for-cloud/onboard-management-group.md

@@ -7,7 +7,7 @@ ms.date: 02/21/2023
 
 # Enable Defender for Cloud on all subscriptions in a management group
 
-You can use Azure Policy to enable Microsoft Defender for Cloud on all the Azure subscriptions within the same management group (MG). This is more convenient than accessing them individually from the portal, and works even if the subscriptions belong to different owners. 
+You can use Azure Policy to enable Microsoft Defender for Cloud on all the Azure subscriptions within the same management group (MG). This is more convenient than accessing them individually from the portal, and works even if the subscriptions belong to different owners.
 
 ## Prerequisites
 
@@ -32,7 +32,7 @@ az provider register --namespace Microsoft.Security --management-group-id …
     > [!TIP]
     > Other than the scope, there are no required parameters.
 
-1. Select **Remediation**, and select **Create a remediation task** to ensure all existing subscriptions that don't have Defender for Cloud enabled, will get onboarded.
+1. Select **Remediation**, and select **Create a remediation task** to ensure all existing subscriptions that don't have Defender for Cloud enabled will get onboarded.
 
     :::image type="content" source="./media/get-started/remediation-task.png" alt-text="Screenshot that shows how to create a remediation task for the Azure Policy definition Enable Defender for Cloud on your subscription.":::
 
@@ -50,16 +50,16 @@ The remediation task will then enable Defender for Cloud's basic functionality o
 
 ## Optional modifications
 
-There are various ways you might choose to modify the Azure Policy definition: 
+There are various ways you might choose to modify the Azure Policy definition:
 
 - **Define compliance differently** - The supplied policy classifies all subscriptions in the MG that aren't yet registered with Defender for Cloud as “non-compliant”. You might choose to set it to all subscriptions without Defender for Cloud's enhanced security features enabled.
 
     The supplied definition, defines *either* of the 'pricing' settings below as compliant. Meaning that a subscription set to 'standard' or 'free' is compliant.
 
     > [!TIP]
-    > When any Microsoft Defender plan is enabled, it's described in a policy definition as being on the 'Standard' setting. When it's disabled, it's 'Free'. To learn about the differences between these plans, see [Microsoft Defender for Cloud's Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads). 
+    > When any Microsoft Defender plan is enabled, it's described in a policy definition as being on the 'Standard' setting. When it's disabled, it's 'Free'. To learn about the differences between these plans, see [Microsoft Defender for Cloud's Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).
 
-    ```
+    ```json
     "existenceCondition": {
         "anyof": [
             {
@@ -76,7 +76,7 @@ There are various ways you might choose to modify the Azure Policy definition:
 
     If you change it to the following, only subscriptions set to 'standard' would be classified as compliant:
 
-    ```
+    ```json
     "existenceCondition": {
           {
             "field": "microsoft.security/pricings/pricingTier",
@@ -87,12 +87,11 @@ There are various ways you might choose to modify the Azure Policy definition:
 
 - **Define some Microsoft Defender plans to apply when enabling Defender for Cloud** - The supplied policy enables Defender for Cloud without any of the optional enhanced security features. You might choose to enable one or more of the Microsoft Defender plans.
 
-    The supplied definition's `deployment` section has a parameter `pricingTier`. By default, this is set to `free`, but you can modify it. 
-
+    The supplied definition's `deployment` section has a parameter `pricingTier`. By default, this is set to `free`, but you can modify it.
 
-## Next steps:
+## Next steps
 
-Now that you've onboarded an entire management group, enable the enhanced security features. 
+Now that you onboarded an entire management group, enable the enhanced security features.
 
 > [!div class="nextstepaction"]
 > [Enable enhanced protections](enable-enhanced-security.md)