Merge pull request #134568 from memildin/asc-melvyn-test

ttorble · web-flow · commit f6f960f39c6f · 2020-10-20T11:35:37.000+01:00
Resolved the build suggestion regarding linking to specific versions &amp;preserve-view=true
diff --git a/articles/security-center/alerts-schemas.md b/articles/security-center/alerts-schemas.md
@@ -2,7 +2,6 @@
 title: Schemas for the Azure Security Center alerts
 description: This article describes the different schemas used by Azure Security Center for security alerts.
 services: security-center
-documentationcenter: na
 author: memildin
 manager: rkarlin
 ms.service: security-center
@@ -169,7 +168,7 @@ You can view the security alerts events in Activity Log by searching for the Act
 
 Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. Use the wealth of data in Microsoft Graph to build apps for organizations and consumers that interact with millions of users.
 
-The schema and a JSON representation for security alerts sent to MS Graph, are available in [the Microsoft Graph documentation](https://docs.microsoft.com/graph/api/resources/alert?view=graph-rest-1.0).
+The schema and a JSON representation for security alerts sent to MS Graph, are available in [the Microsoft Graph documentation](https://docs.microsoft.com/graph/api/resources/alert?view=graph-rest-1.0&preserve-view=true).
 
 ---
 
diff --git a/articles/security-center/defender-for-sql-usage.md b/articles/security-center/defender-for-sql-usage.md
@@ -114,7 +114,7 @@ Azure Defender alerts are available in Security Center's alerts page, the resour
 
 1. Alerts are designed to be self-contained, with detailed remediation steps and investigation information in each one. You can investigate further by using other Azure Security Center and Azure Sentinel capabilities for a broader view:
 
-    * Enable SQL Server's auditing feature for further investigations. If you're an Azure Sentinel user, you can upload the SQL auditing logs from the Windows Security Log events to Sentinel and enjoy a rich investigation experience. [Learn more about SQL Server Auditing](https://docs.microsoft.com/sql/relational-databases/security/auditing/create-a-server-audit-and-server-audit-specification?view=sql-server-ver15).
+    * Enable SQL Server's auditing feature for further investigations. If you're an Azure Sentinel user, you can upload the SQL auditing logs from the Windows Security Log events to Sentinel and enjoy a rich investigation experience. [Learn more about SQL Server Auditing](https://docs.microsoft.com/sql/relational-databases/security/auditing/create-a-server-audit-and-server-audit-specification?view=sql-server-ver15&preserve-view=true).
     * To improve your security posture, use Security Center's recommendations for the host machine indicated in each alert. This will reduce the risks of future attacks. 
 
     [Learn more about managing and responding to alerts](security-center-managing-and-responding-alerts.md).
diff --git a/articles/security-center/security-center-endpoint-protection.md b/articles/security-center/security-center-endpoint-protection.md
@@ -25,142 +25,114 @@ Azure Security Center provides health assessments of [supported](security-center
 
 ## Windows Defender
 
-* Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) runs and the result is **AMServiceEnabled: False**
+* Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) runs and the result is **AMServiceEnabled: False**
 
-* Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) runs and any of the following occurs:
+* Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) runs and any of the following occurs:
 
   * Any of the following properties are false:
 
-    **AMServiceEnabled**
+    - **AMServiceEnabled**
+    - **AntispywareEnabled**
+    - **RealTimeProtectionEnabled**
+    - **BehaviorMonitorEnabled**
+    - **IoavProtectionEnabled**
+    - **OnAccessProtectionEnabled**
 
-    **AntispywareEnabled**
+  * If one or both of the following properties are 7 or more:
 
-    **RealTimeProtectionEnabled**
-
-    **BehaviorMonitorEnabled**
-
-    **IoavProtectionEnabled**
-
-    **OnAccessProtectionEnabled**
-
-  * If one or both of the following properties are 7 or more.
-
-    **AntispywareSignatureAge**
-
-    **AntivirusSignatureAge**
+    - **AntispywareSignatureAge**
+    - **AntivirusSignatureAge**
 
 ## Microsoft System Center endpoint protection
 
-* Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when importing **SCEPMpModule ("$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1")** and running **Get-MProtComputerStatus** results with **AMServiceEnabled = false**
+* Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when importing **SCEPMpModule ("$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1")** and running **Get-MProtComputerStatus** results in **AMServiceEnabled = false**.
 
 * Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when **Get-MprotComputerStatus** runs and any of the following occurs:
 
   * At least one of the following properties is false:
 
-    * **AMServiceEnabled**
-    * **AntispywareEnabled**
-    * **RealTimeProtectionEnabled**
-    * **BehaviorMonitorEnabled**
-    * **IoavProtectionEnabled**
-    * **OnAccessProtectionEnabled**
+    - **AMServiceEnabled**
+    - **AntispywareEnabled**
+    - **RealTimeProtectionEnabled**
+    - **BehaviorMonitorEnabled**
+    - **IoavProtectionEnabled**
+    - **OnAccessProtectionEnabled**
 
-  * If one or both of the following Signature Updates is greater or equal to 7. 
+  * If one or both of the following Signature Updates are greater or equal to 7:
 
     * **AntispywareSignatureAge**
     * **AntivirusSignatureAge**
 
 ## Trend Micro
 
 * Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when any of the following checks aren't met:
-    * **HKLM:\SOFTWARE\TrendMicro\Deep Security Agent** exists
-    * **HKLM:\SOFTWARE\TrendMicro\Deep Security Agent\InstallationFolder** exists
-    * The **dsa_query.cmd** file is found in the Installation Folder
-    * Running **dsa_query.cmd** results with **Component.AM.mode: on - Trend Micro Deep Security Agent detected**
+    - **HKLM:\SOFTWARE\TrendMicro\Deep Security Agent** exists
+    - **HKLM:\SOFTWARE\TrendMicro\Deep Security Agent\InstallationFolder** exists
+    - The **dsa_query.cmd** file is found in the Installation Folder
+    - Running **dsa_query.cmd** results with **Component.AM.mode: on - Trend Micro Deep Security Agent detected**
 
 ## Symantec endpoint protection
 Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when any of the following checks aren't met:
 
-* **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\PRODUCTNAME = "Symantec Endpoint Protection"**
-
-* **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\ASRunningStatus = 1**
+- **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\PRODUCTNAME = "Symantec Endpoint Protection"**
+- **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\ASRunningStatus = 1**
 
 Or
 
-* **HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\PRODUCTNAME = "Symantec Endpoint Protection"**
-
-* **HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\ASRunningStatus = 1**
+- **HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\PRODUCTNAME = "Symantec Endpoint Protection"**
+- **HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\ASRunningStatus = 1**
 
 Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when any of the following checks aren't met:
 
-* Check Symantec Version >= 12: Registry location: **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion" -Value "PRODUCTVERSION"**
-
-* Check Real Time Protection status: **HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\OnOff == 1**
-
-* Check Signature Update status: **HKLM\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\LatestVirusDefsDate <= 7 days**
-
-* Check Full Scan status: **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\LastSuccessfulScanDateTime <= 7 days**
-
-* Find signature version number Path to signature version for Symantec 12: **Registry Paths+ "CurrentVersion\SharedDefs" -Value "SRTSP"** 
-
-* Path to signature version for Symantec 14: **Registry Paths+ "CurrentVersion\SharedDefs\SDSDefs" -Value "SRTSP"**
+- Check Symantec Version >= 12: Registry location: **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion" -Value "PRODUCTVERSION"**
+- Check Real-Time Protection status: **HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\OnOff == 1**
+- Check Signature Update status: **HKLM\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\LatestVirusDefsDate <= 7 days**
+- Check Full Scan status: **HKLM:\Software\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate\LastSuccessfulScanDateTime <= 7 days**
+- Find signature version number Path to signature version for Symantec 12: **Registry Paths+ "CurrentVersion\SharedDefs" -Value "SRTSP"** 
+- Path to signature version for Symantec 14: **Registry Paths+ "CurrentVersion\SharedDefs\SDSDefs" -Value "SRTSP"**
 
 Registry Paths:
-
-* **"HKLM:\Software\Symantec\Symantec Endpoint Protection" + $Path;**
-* **"HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection" + $Path**
+- **"HKLM:\Software\Symantec\Symantec Endpoint Protection" + $Path;**
+- **"HKLM:\Software\Wow6432Node\Symantec\Symantec Endpoint Protection" + $Path**
 
 ## McAfee endpoint protection for Windows
 
 Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when any of the following checks aren't met:
 
-* **HKLM:\SOFTWARE\McAfee\Endpoint\AV\ProductVersion** exists
-
-* **HKLM:\SOFTWARE\McAfee\AVSolution\MCSHIELDGLOBAL\GLOBAL\enableoas = 1**
+- **HKLM:\SOFTWARE\McAfee\Endpoint\AV\ProductVersion** exists
+- **HKLM:\SOFTWARE\McAfee\AVSolution\MCSHIELDGLOBAL\GLOBAL\enableoas = 1**
 
 Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when any of the following checks aren't met:
 
-* McAfee Version: **HKLM:\SOFTWARE\McAfee\Endpoint\AV\ProductVersion >= 10**
-
-* Find Signature Version: **HKLM:\Software\McAfee\AVSolution\DS\DS -Value "dwContentMajorVersion"**
-
-* Find Signature date: **HKLM:\Software\McAfee\AVSolution\DS\DS -Value "szContentCreationDate" >= 7 days**
-
-* Find Scan date: **HKLM:\Software\McAfee\Endpoint\AV\ODS -Value "LastFullScanOdsRunTime" >= 7 days**
+- McAfee Version: **HKLM:\SOFTWARE\McAfee\Endpoint\AV\ProductVersion >= 10**
+- Find Signature Version: **HKLM:\Software\McAfee\AVSolution\DS\DS -Value "dwContentMajorVersion"**
+- Find Signature date: **HKLM:\Software\McAfee\AVSolution\DS\DS -Value "szContentCreationDate" >= 7 days**
+- Find Scan date: **HKLM:\Software\McAfee\Endpoint\AV\ODS -Value "LastFullScanOdsRunTime" >= 7 days**
 
 ## McAfee Endpoint Security for Linux Threat Prevention 
 
 Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when any of the following checks aren't met:
 
-- File **/opt/isec/ens/threatprevention/bin/isecav** exits 
-
+- File **/opt/isec/ens/threatprevention/bin/isecav** exists
 - **"/opt/isec/ens/threatprevention/bin/isecav --version"** output is: **McAfee name = McAfee Endpoint Security for Linux Threat Prevention and McAfee version >= 10**
 
 Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when any of the following checks aren't met:
 
 - **"/opt/isec/ens/threatprevention/bin/isecav --listtask"** returns **Quick scan, Full scan** and both of the scans <= 7 days
-
 - **"/opt/isec/ens/threatprevention/bin/isecav --listtask"** returns **DAT and engine Update time** and both of them <= 7 days
-
 - **"/opt/isec/ens/threatprevention/bin/isecav --getoasconfig --summary"** returns **On Access Scan** status
 
 ## Sophos Antivirus for Linux 
 
 Security Center recommends you **"Install endpoint protection solutions on virtual machine"** when any of the following checks aren't met:
-
 - File **/opt/sophos-av/bin/savdstatus** exits or search for customized location **"readlink $(which savscan)"**
-
 - **"/opt/sophos-av/bin/savdstatus --version"** returns Sophos name = **Sophos Anti-Virus and Sophos version >= 9**
 
 Security Center recommends you **"Resolve endpoint protection health issues on your machines"** when any of the following checks aren't met:
-
 - **"/opt/sophos-av/bin/savlog --maxage=7 | grep -i "Scheduled scan .\* completed" | tail -1"**, returns a value
-
 - **"/opt/sophos-av/bin/savlog --maxage=7 | grep "scan finished"** | tail -1", returns a value
-
 - **"/opt/sophos-av/bin/savdstatus --lastupdate"** returns lastUpdate, which should be <= 7 days 
-
 - **"/opt/sophos-av/bin/savdstatus -v"** is equal to **"On-access scanning is running"** 
-
 - **"/opt/sophos-av/bin/savconfig get LiveProtection"** returns enabled
 
 ## Troubleshoot and support
diff --git a/articles/security/benchmarks/security-control-identity-access-control.md b/articles/security/benchmarks/security-control-identity-access-control.md
@@ -22,9 +22,9 @@ Identity and access management recommendations focus on addressing issues relate
 
 Azure AD has built-in roles that must be explicitly assigned and are queryable. Use the Azure AD PowerShell module to perform ad hoc queries to discover accounts that are members of administrative groups.
 
-- [How to get a directory role in Azure AD with PowerShell](https://docs.microsoft.com/powershell/module/azuread/get-azureaddirectoryrole?view=azureadps-2.0)
+- [How to get a directory role in Azure AD with PowerShell](https://docs.microsoft.com/powershell/module/azuread/get-azureaddirectoryrole?view=azureadps-2.0&preserve-view=true)
 
-- [How to get members of a directory role in Azure AD with PowerShell](https://docs.microsoft.com/powershell/module/azuread/get-azureaddirectoryrolemember?view=azureadps-2.0)
+- [How to get members of a directory role in Azure AD with PowerShell](https://docs.microsoft.com/powershell/module/azuread/get-azureaddirectoryrolemember?view=azureadps-2.0&preserve-view=true)
 
 ## 3.2: Change default passwords where applicable
 
