Merge pull request #241349 from AlizaBernstein/WI-64296-fix-d4Containers-for-ffx-mc

WI-64296-fix-d4Containers-for-ffx-mc

Author: v-ccolin

articles/aks/outbound-rules-control-egress.md

@@ -4,7 +4,7 @@ description: Learn what ports and addresses are required to control egress traff
 ms.subservice: aks-networking
 ms.topic: article
 ms.author: allensu
-ms.date: 03/10/2023
+ms.date: 06/13/2023
 author: asudbring
 
 #Customer intent: As an cluster operator, I want to learn the network and FQDNs rules to control egress traffic and improve security for my AKS clusters.
@@ -143,11 +143,11 @@ If you choose to block/not allow these FQDNs, the nodes will only receive OS upd
 
 #### Required FQDN / application rules
 
-| FQDN                                          | Port      | Use      |
-|-----------------------------------------------|-----------|----------|
-| **`login.microsoftonline.com`** | **`HTTPS:443`** | Required for Active Directory Authentication. |
-| **`*.ods.opinsights.azure.com`** | **`HTTPS:443`** | Required for Microsoft Defender to upload security events to the cloud.|
-| **`*.oms.opinsights.azure.com`** | **`HTTPS:443`** | Required to Authenticate with LogAnalytics workspaces.|
+| FQDN                                                       | Port      | Use      |
+|------------------------------------------------------------|-----------|----------|
+| **`login.microsoftonline.com`** <br/> **`login.microsoftonline.us`** (Azure Government) <br/> **`login.microsoftonline.cn`** (Azure China 21Vianet) | **`HTTPS:443`** | Required for Active Directory Authentication. |
+| **`*.ods.opinsights.azure.com`** <br/> **`*.ods.opinsights.azure.us`** (Azure Government) <br/> **`*.ods.opinsights.azure.cn`** (Azure China 21Vianet)| **`HTTPS:443`** | Required for Microsoft Defender to upload security events to the cloud.|
+| **`*.oms.opinsights.azure.com`** <br/> **`*.oms.opinsights.azure.us`** (Azure Government) <br/> **`*.oms.opinsights.azure.cn`** (Azure China 21Vianet)| **`HTTPS:443`** | Required to Authenticate with LogAnalytics workspaces.|
 
 ### CSI Secret Store
 

articles/defender-for-cloud/defender-for-containers-enable.md

@@ -6,7 +6,7 @@ author: dcurwin
 ms.author: dacurwin
 ms.custom: ignite-2022, devx-track-azurecli
 zone_pivot_groups: k8s-host
-ms.date: 10/30/2022
+ms.date: 06/13/2023
 ---
 
 # Enable Microsoft Defender for Containers
@@ -101,7 +101,7 @@ A full list of supported alerts is available in the [reference table of all Defe
 [!INCLUDE [FAQ](./includes/defender-for-containers-override-faq.md)]
 ::: zone-end
 
-## Learn More
+## Learn more
 
 You can check out the following blogs:
 

articles/defender-for-cloud/includes/defender-for-container-prerequisites-arc-eks-gke.md

@@ -11,13 +11,13 @@ author: dcurwin
 
 Validate the following endpoints are configured for outbound access so that the Defender extension can connect to Microsoft Defender for Cloud to send security data and events:
 
-For Azure public cloud deployments:
+For public cloud deployments:
 
-| Domain                     | Port |
-| -------------------------- | ---- |
-| *.ods.opinsights.azure.com | 443  |
-| *.oms.opinsights.azure.com | 443  |
-| login.microsoftonline.com  | 443  |
+| Azure Domain  | Azure Government Domain  | Azure China 21Vianet Domain | Port |
+| -------------------------- | -------------------------- | -------------------------- |---- |
+| *.ods.opinsights.azure.com | *.ods.opinsights.azure.us | *.ods.opinsights.azure.cn  | 443  |
+| *.oms.opinsights.azure.com | *.oms.opinsights.azure.us | *.oms.opinsights.azure.cn | 443 |
+| login.microsoftonline.com  | login.microsoftonline.us | login.chinacloudapi.cn  | 443  |
 
 The following domains are only necessary if you're using a relevant OS. For example, if you have EKS clusters running in AWS, then you would only need to apply the `Amazon Linux 2 (Eks): Domain: "amazonlinux.*.amazonaws.com/2/extras/*"` domain.