updates to articles 2

AlizaBernstein · AlizaBernstein · commit f1ad7e0a4d9a · 2024-03-12T11:35:45.000+02:00
diff --git a/articles/defender-for-cloud/defender-for-app-service-introduction.md b/articles/defender-for-cloud/defender-for-app-service-introduction.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for App Service - the benefits and features
-description: Learn about the capabilities of Microsoft Defender for App Service and how to enable it on your subscription
-ms.date: 01/10/2023
+description: Learn about the capabilities of Microsoft Defender for App Service and how to enable it on your subscription.
+ms.date: 03/12/2024
 ms.topic: overview
 ms.author: dacurwin
 author: dcurwin
@@ -17,7 +17,7 @@ To protect your Azure App Service plan with Microsoft Defender for App Service,
 
 - A supported App Service plan associated with dedicated machines. Supported plans are listed in [Availability](#availability).
 
-- Defender for Cloud's enhanced protections enabled on your subscription as described in [Quickstart: Enable enhanced security features](enable-enhanced-security.md).
+- Defender for Cloud's enhanced protections enabled on your subscription as described in [Enable enhanced security features](connect-azure-subscription.md).
 
     > [!TIP]
     > You can optionally enable individual Microsoft Defender plans, like Microsoft Defender for App Service.
@@ -35,11 +35,11 @@ To protect your Azure App Service plan with Microsoft Defender for App Service,
 
 Azure App Service is a fully managed platform for building and hosting your web apps and APIs. Since the platform is fully managed, you don't have to worry about the infrastructure. It provides management, monitoring, and operational insights to meet enterprise-grade performance, security, and compliance requirements. For more information, see [Azure App Service](https://azure.microsoft.com/services/app-service/).
 
-**Microsoft Defender for App Service** uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that will be used later.
+**Microsoft Defender for App Service** uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that can be used later.
 
 When you enable Microsoft Defender for App Service, you immediately benefit from the following services offered by this Defender plan:
 
-- **Secure** - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. Use the detailed instructions in these recommendations to harden your App Service resources.
+- **Secure** - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. To harden your App Service resources, use the detailed instructions in these recommendations.
 
 - **Detect** - Defender for App Service detects a multitude of threats to your App Service resources by monitoring:
   - the VM instance in which your App Service is running, and its management interface
@@ -65,7 +65,7 @@ Defender for Cloud monitors for many threats to your App Service resources. The
 
 ### Dangling DNS detection
 
-Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a non-existent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for *existing* dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
+Defender for App Service also identifies any DNS entries remaining in your DNS registrar when an App Service website is decommissioned - these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing to a nonexistent resource, and your subdomain is vulnerable to a takeover. Defender for Cloud doesn't scan your DNS registrar for *existing* dangling DNS entries; it alerts you when an App Service website is decommissioned and its custom domain (DNS entry) isn't deleted.
 
 Subdomain takeovers are a common, high-severity threat for organizations. When a threat actor detects a dangling DNS entry, they create their own site at the destination address. The traffic intended for the organization’s domain is then directed to the threat actor's site, and they can use that traffic for a wide range of malicious activity.
 
@@ -89,6 +89,6 @@ In this article, you learned about Microsoft Defender for App Service.
 
 For related material, see the following articles:
 
-- To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md).
+- To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to monitoring solutions](export-to-siem.md).
 - For a list of the Microsoft Defender for App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-for-azure-app-service).
 - For more information on App Service plans, see [App Service plans](https://azure.microsoft.com/pricing/details/app-service/plans/).
diff --git a/articles/defender-for-cloud/defender-for-sql-introduction.md b/articles/defender-for-cloud/defender-for-sql-introduction.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for Azure SQL - the benefits and features
 description: Learn how Microsoft Defender for Azure SQL protects your Azure SQL databases.
-ms.date: 07/28/2022
+ms.date: 03/12/2024
 ms.topic: overview
 ms.custom: references_regions
 ms.author: dacurwin
@@ -13,7 +13,7 @@ author: dcurwin
 Microsoft Defender for Azure SQL helps you discover and mitigate potential [database vulnerabilities](sql-azure-vulnerability-assessment-overview.md) and alerts you to [anomalous activities](#advanced-threat-protection) that might be an indication of a threat to your databases.
 
 - [Vulnerability assessment](#discover-and-mitigate-vulnerabilities): Scan databases to discover, track, and remediate vulnerabilities. Learn more about [vulnerability assessment](sql-azure-vulnerability-assessment-overview.md).
-- [Threat protection](#advanced-threat-protection): Receive detailed security alerts and recommended actions based on SQL Advanced Threat Protection to provide to mitigate threats. Learn more about [SQL Advanced Threat Protection](/azure/azure-sql/database/threat-detection-overview).
+- [Threat protection](#advanced-threat-protection): Receive detailed security alerts and recommended actions based on SQL Advanced Threat Protection to mitigate threats. Learn more about [SQL Advanced Threat Protection](/azure/azure-sql/database/threat-detection-overview).
 
 When you enable **Microsoft Defender for Azure SQL**, all supported resources that exist within the subscription are protected. Future resources created on the same subscription will also be protected.
 
@@ -42,9 +42,9 @@ Threat intelligence enriched security alerts are triggered when there's:
 
 - **Potential SQL injection attacks** - including vulnerabilities detected when applications generate a faulty SQL statement in the database
 - **Anomalous database access and query patterns** - for example, an abnormally high number of failed sign-in attempts with different credentials (a brute force attempt)
-- **Suspicious database activity** - for example, a legitimate user accessing an SQL Server from a breached computer which communicated with a crypto-mining C&C server
+- **Suspicious database activity** - for example, a legitimate user accessing an SQL Server from a breached computer that communicated with a crypto-mining C&C server
 
-Alerts include details of the incident that triggered them, as well as recommendations on how to investigate and remediate threats. Learn more about the [security alerts for SQL servers](alerts-reference.md#alerts-for-sql-database-and-azure-synapse-analytics).
+Alerts include details of the incident that triggered them, and recommendations on how to investigate and remediate threats. Learn more about the [security alerts for SQL servers](alerts-reference.md#alerts-for-sql-database-and-azure-synapse-analytics).
 
 ## Next steps
 
diff --git a/articles/defender-for-cloud/file-integrity-monitoring-enable-ama.md b/articles/defender-for-cloud/file-integrity-monitoring-enable-ama.md
@@ -1,17 +1,17 @@
 ---
 title: Enable File Integrity Monitoring (Azure Monitor Agent)
-description: Learn how to enable File Integrity Monitor when you collect data with the Azure Monitor Agent (AMA)
+description: Learn how to enable File Integrity Monitor when you collect data with the Azure Monitor Agent (AMA.
 author: dcurwin
 ms.author: dacurwin
 ms.topic: how-to
-ms.date: 02/28/2024
+ms.date: 03/12/2024
 ---
 # Enable File Integrity Monitoring when using the Azure Monitor Agent
 
 To provide [File Integrity Monitoring (FIM)](file-integrity-monitoring-overview.md), the Azure Monitor Agent (AMA) collects data from machines according to [data collection rules](../azure-monitor/essentials/data-collection-rule-overview.md). When the current state of your system files is compared with the state during the previous scan, FIM notifies you about suspicious modifications.
 
 > [!NOTE]
-> As part of our Defender for Cloud updated strategy, the Azure Monitor Agent will no longer be required to receive all the capabilities of Defender for Servers. All features that currently rely on the Azure Monitor Agent, including those described on this page, will be available through [Microsoft Defender for Endpoint integration](integration-defender-for-endpoint.md) or [agentless scanning](concept-agentless-data-collection.md), by August 2024. To access the full capabilities of Defender for SQL server on machines, the Azure monitoring Agent (also known as AMA) is required. For more information about the feature road map, see [this announcement](upcoming-changes.md#defender-for-cloud-plan-and-strategy-for-the-log-analytics-agent-deprecation).
+> As part of our Defender for Cloud updated strategy, the Azure Monitor Agent will no longer be required to receive all the capabilities of Defender for Servers. All features that currently rely on the Azure Monitor Agent, including those described on this page, will be available through [Microsoft Defender for Endpoint integration](integration-defender-for-endpoint.md) or [agentless scanning](concept-agentless-data-collection.md), by August 2024. To access the full capabilities of Defender for SQL server on machines, the Azure monitoring agent (also known as AMA) is required. For more information about the feature road map, see [this announcement](upcoming-changes.md#defender-for-cloud-plan-and-strategy-for-the-log-analytics-agent-deprecation).
 
 File Integrity Monitoring with the Azure Monitor Agent offers:
 
@@ -42,7 +42,7 @@ To track changes to your files on machines with AMA:
 
 - Enable [Defender for Servers Plan 2](defender-for-servers-introduction.md).
 
-- [Install AMA](../azure-monitor/vm/monitor-virtual-machine-agent.md) on machines that you want to monitor.
+- [Install AMA](../azure-monitor/vm/monitor-virtual-machine-agent.md) on machines you want to monitor.
 
 ## Enable File Integrity Monitoring with AMA
 
@@ -55,7 +55,7 @@ To enable File Integrity Monitoring (FIM), use the FIM recommendation to select
     The recommendation fix:
 
     - Installs the `ChangeTracking-Windows` or `ChangeTracking-Linux` extension on the machines.
-    - Generates a data collection rule (DCR) for the subscription, named `Microsoft-ChangeTracking-[subscriptionId]-default-dcr`, that defines what files and registries should be monitored based on default settings. The fix attaches the DCR to all machines in the subscription that have AMA installed and FIM enabled.
+    - Generates a data collection rule (DCR) for the subscription named `Microsoft-ChangeTracking-[subscriptionId]-default-dcr` that defines what files and registries should be monitored based on default settings. The fix attaches the DCR to all machines in the subscription that have AMA installed and FIM enabled.
     - Creates a new Log Analytics workspace with the naming convention `defaultWorkspace-[subscriptionId]-fim` and with the default workspace settings.
 
     You can update the DCR and Log Analytics workspace settings later.
diff --git a/articles/defender-for-cloud/plan-defender-for-servers-agents.md b/articles/defender-for-cloud/plan-defender-for-servers-agents.md
@@ -4,7 +4,7 @@ description: Plan for agent deployment to protect Azure, AWS, GCP, and on-premis
 ms.topic: conceptual
 ms.author: dacurwin
 author: dcurwin
-ms.date: 11/06/2022
+ms.date: 03/12/2024
 ---
 # Plan agents, extensions, and Azure Arc for Defender for Servers
 
@@ -75,8 +75,8 @@ Here's more information:
 
 - The Qualys extension sends metadata for analysis to one of two Qualys datacenter regions, depending on your Azure region.
 
-  - If you're in a European Azure geography, data is processed in the Qualys European datacenter.
-  - For other regions, data is processed in the US datacenter.
+  - If you’re operating within a European Azure region, data processing occurs at the Qualys European data center.
+  - For other regions, data processing occurs at the US data center.
 
 - To use Qualys on a machine, the extension must be installed and the machine must be able to communicate with the relevant network endpoint:
   - Europe datacenter: `https://qagpublic.qg2.apps.qualys.eu`
@@ -130,7 +130,7 @@ AWS and GCP machines | Configure automatic provisioning when you set up the AWS
 Manual installation | If you don't want Defender for Cloud to provision the Log Analytics agent and Azure Monitor agent, you can install agents manually.<br/><br/> You can connect the agent to the default Defender for Cloud workspace or to a custom workspace.<br/><br/> The workspace must have the *SecurityCenterFree* (for free foundational CSPM) or *Security* solution enabled (Defender for Servers Plan 2).
 [Log Analytics agent running directly](faq-data-collection-agents.yml#what-if-a-log-analytics-agent-is-directly-installed-on-the-machine-but-not-as-an-extension--direct-agent--) | If a Windows VM has the Log Analytics agent running but not as a VM extension, Defender for Cloud installs the extension. The agent reports to the Defender for Cloud workspace and to the existing agent workspace. <br/><br/> On Linux VMs, multi-homing isn't supported. If an existing agent exists, the Log Analytics agent isn't automatically provisioned.
 [Operations Manager agent](faq-data-collection-agents.yml#what-if-a-system-center-operations-manager-agent-is-already-installed-on-my-vm-) | The Log Analytics agent can work side by side with the Operations Manager agent. The agents share common runtime libraries that are updated when the Log Analytics agent is deployed.
-Removing the Log Analytics extension | If you remove the Log Analytics extension, Defender for Cloud can't collect security data and recommendations, and alerts will be missing. Within 24 hours, Defender for Cloud determines that the extension is missing and reinstalls it.
+Removing the Log Analytics extension | If you remove the Log Analytics extension, Defender for Cloud can't collect security data and recommendations, resulting in missing alerts. Within 24 hours, Defender for Cloud determines that the extension is missing and reinstalls it.
 
 ## When to opt out of auto provisioning
 
@@ -139,7 +139,7 @@ You might want to opt out of automatic provisioning in the circumstances that ar
 Situation | Relevant agent | Details
 --- | --- | ---
 You have critical VMs that shouldn't have agents installed | Log Analytics agent, Azure Monitor agent | Automatic provisioning is for an entire subscription. You can't opt out for specific machines.
-You're running the System Center Operations Manager agent version 2012 with Operations Manager 2012 | Log Analytics agent | With this configuration, don't turn on automatic provisioning. Management capabilities might be lost.
+You're running the System Center Operations Manager agent version 2012 with Operations Manager 2012 | Log Analytics agent | With this configuration, don't turn on automatic provisioning; management capabilities might be lost.
 You want to configure a custom workspace | Log Analytics agent, Azure Monitor agent | You have two options with a custom workspace:<br/><br/> - Opt out of automatic provisioning when you first set up Defender for Cloud. Then, configure provisioning on your custom workspace.<br/><br/>- Let automatic provisioning run to install the Log Analytics agents on machines. Set a custom workspace, and then reconfigure existing VMs with the new workspace setting.
 
 ## Next steps
