reviewed WAF and Firewall section

Author: duongau

articles/security/fundamentals/operational-checklist.md

@@ -30,7 +30,7 @@ This checklist is intended to help enterprises think through various operational
 | ------------ | -------- |
 | [<br>Security Roles & Access Controls](/azure/defender-for-cloud/defender-for-cloud-planning-and-operations-guide)|<ul><li>Use [Azure role-based access control (Azure RBAC)](../../role-based-access-control/role-assignments-portal.yml) to provide user-specific that used to assign permissions to users, groups, and applications at a certain scope.</li></ul> |
 | [<br>Data Protection & Storage](../../storage/blobs/security-recommendations.md)|<ul><li>Use Management Plane Security to secure your Storage Account using [Azure role-based access control (Azure RBAC)](../../role-based-access-control/role-assignments-portal.yml).</li><li>Data Plane Security to Securing Access to your Data using [Shared Access Signatures (SAS)](../../storage/common/storage-sas-overview.md) and Stored Access Policies.</li><li>Use Transport-Level Encryption – Using HTTPS and the encryption used by [SMB (Server message block protocols) 3.0](/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview) for [Azure File Shares](../../storage/files/storage-dotnet-how-to-use-files.md).</li><li>Use [Client-side encryption](../../storage/common/storage-client-side-encryption.md) to secure data that you send to storage accounts when you require sole control of encryption keys. </li><li>Use [Storage Service Encryption (SSE)](../../storage/common/storage-service-encryption.md)  to automatically encrypt data in Azure Storage, and [Azure Disk Encryption for Linux VMs](/azure/virtual-machines/linux/disk-encryption-overview) and [Azure Disk Encryption for Windows VMs](/azure/virtual-machines/linux/disk-encryption-overview) to encrypt virtual machine disk files for the OS and data disks.</li><li>Use Azure [Storage Analytics](/rest/api/storageservices/storage-analytics) to monitor authorization type; like with Blob Storage, you can see if users have used a Shared Access Signature or the storage account keys.</li><li>Use [Cross-Origin Resource Sharing (CORS)](/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services) to access storage resources from different domains.</li></ul> |
-|[<br>Security Policies & Recommendations](/azure/defender-for-cloud/defender-for-cloud-planning-and-operations-guide#security-policies-and-recommendations)|<ul><li>Use [Microsoft Defender for Cloud](/azure/defender-for-cloud/integration-defender-for-endpoint) to deploy endpoint solutions.</li><li>Add a [web application firewall (WAF)](../../web-application-firewall/ag/ag-overview.md) to secure web applications.</li><li>Use [Azure Firewall](../../firewall/overview.md) to increase your security protections. </li><li>Apply security contact details for your Azure subscription. The [Microsoft Security Response Center (MSRC)](https://technet.microsoft.com/security/dn528958.aspx) contacts you if it discovers that your customer data has been accessed by an unlawful or unauthorized party.</li></ul> |
+|[<br>Security Policies & Recommendations](/azure/defender-for-cloud/defender-for-cloud-planning-and-operations-guide#security-policies-and-recommendations)|<ul><li>Use [Microsoft Defender for Cloud](/azure/defender-for-cloud/integration-defender-for-endpoint) to deploy endpoint solutions.</li><li>Add a [web application firewall (WAF)](../../web-application-firewall/overview.md) to secure web applications.</li><li>Use [Azure Firewall](../../firewall/overview.md) to increase your security protections. </li><li>Apply security contact details for your Azure subscription. The [Microsoft Security Response Center (MSRC)](https://technet.microsoft.com/security/dn528958.aspx) contacts you if it discovers that your customer data has been accessed by an unlawful or unauthorized party.</li></ul> |
 | [<br>Identity & Access Management](identity-management-best-practices.md)|<ul><li>[Synchronize your on-premises directory with your cloud directory using Microsoft Entra ID](../../active-directory/hybrid/whatis-hybrid-identity.md).</li><li>Use [single sign-on](../../active-directory/manage-apps/what-is-single-sign-on.md) to enable users to access their SaaS applications based on their organizational account in Azure AD.</li><li>Use the [Password Reset Registration Activity](../../active-directory/authentication/howto-sspr-reporting.md) report to monitor the users that are registering.</li><li>Enable [multi-factor authentication (MFA)](../../active-directory/authentication/concept-mfa-howitworks.md) for users.</li><li>Developers to use secure identity capabilities for apps like [Microsoft Security Development Lifecycle (SDL)](https://www.microsoft.com/download/details.aspx?id=12379).</li><li>Actively monitor for suspicious activities by using Microsoft Entra ID P1 or P2 anomaly reports and [Microsoft Entra ID Protection capability](../../active-directory/identity-protection/overview-identity-protection.md).</li></ul> |
 |[<br>Ongoing Security Monitoring](/azure/defender-for-cloud/defender-for-cloud-introduction)|<ul><li>Use Malware Assessment Solution [Azure Monitor logs](/azure/azure-monitor/logs/log-query-overview) to report on the status of antimalware protection in your infrastructure.</li><li>Use [Update Management](../../automation/update-management/overview.md) to determine the overall exposure to potential security problems, and whether or how critical these updates are for your environment.</li><li>The [Microsoft Entra admin center](https://entra.microsoft.com) provides visibility into the integrity and security of your organization's directory. |
 | [<br>Microsoft Defender for Cloud detection capabilities](../../security-center/security-center-alerts-overview.md#detect-threats)|<ul><li>Use [Cloud Security Posture Management (CSPM)](/azure/defender-for-cloud/concept-cloud-security-posture-management) for hardening guidance that helps you efficiently and effectively improve your security.</li><li>Use [alerts](/azure/defender-for-cloud/alerts-overview) to be notified when threats are identified in your cloud, hybrid, or on-premises environment. </li><li>Use [security policies, initiatives, and recommendations](/azure/defender-for-cloud/security-policy-concept) to improve your security posture.</li></ul> |

articles/security/fundamentals/overview.md

@@ -93,7 +93,7 @@ We don’t perform [penetration testing](./pen-testing.md) of your application f
 
 ### Web Application firewall
 
-The web application firewall (WAF) in [Azure Application Gateway](../../application-gateway/features.md#web-application-firewall) helps protect web applications from common web-based attacks like SQL injection, cross-site scripting attacks, and session hijacking. It comes preconfigured with protection from threats identified by the [Open Web Application Security Project (OWASP) as the top 10 common vulnerabilities](https://owasp.org/www-project-top-ten/).
+The Web Application Firewall (WAF) in [Azure Application Gateway](../../web-application-firewall/ag/ag-overview.md) provides protection for web applications against common web-based attacks such as SQL injection, cross-site scripting, and session hijacking. It is preconfigured to defend against the top 10 vulnerabilities identified by the [Open Web Application Security Project (OWASP)](https://owasp.org/www-project-top-ten/).
 
 ### Authentication and authorization in Azure App Service
 
@@ -167,7 +167,7 @@ A [Network Security Group (NSG)](../../virtual-network/virtual-network-vnet-plan
 
 [Azure Firewall](../../firewall/overview.md) is a cloud-native and intelligent network firewall security service that provides threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
 
-Azure Firewall is offered in two SKUs: Standard and Premium. [Azure Firewall Standard](../../firewall/features.md) provides L3-L7 filtering and threat intelligence feeds directly from Microsoft Cyber Security. [Azure Firewall Premium](../../firewall/premium-features.md) provides advanced capabilities include signature-based IDPS to allow rapid detection of attacks by looking for specific patterns.
+Azure Firewall is offered in three SKUs: Basic, Standard and Premium. [Azure Firewall Basic](../../firewall/basic-features.md) offers simplified security similar to the Standard SKU but without advanced features. [Azure Firewall Standard](../../firewall/features.md) provides L3-L7 filtering and threat intelligence feeds directly from Microsoft Cyber Security. [Azure Firewall Premium](../../firewall/premium-features.md) provides advanced capabilities include signature-based IDPS to allow rapid detection of attacks by looking for specific patterns.
 
 #### Azure DDoS Protection
 
@@ -263,17 +263,17 @@ Web Application Firewall is a feature of [Azure Application Gateway](../../appli
 
 - SQL injection protection
 
-- Common Web Attacks Protection such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
+- Protection against common web attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion
 
 - Protection against HTTP protocol violations
 
-- Protection against HTTP protocol anomalies such as missing host user-agent and accept headers
+- Protection against HTTP protocol anomalies, such as missing host, user-agent, and accept headers
 
 - Prevention against bots, crawlers, and scanners
 
-- Detection of common application misconfigurations (that is, Apache, IIS, etc.)
+- Detection of common application misconfigurations (e.g., Apache, IIS)
 
-A centralized web application firewall to protect against web attacks makes security management simpler and gives better assurance to the application against the threats of intrusions. A WAF solution can also react to a security threat faster by patching a known vulnerability at a central location versus securing each of individual web applications. Existing application gateways can be converted to an application gateway with web application firewall easily.
+A centralized web application firewall (WAF) simplifies security management and enhances protection against web attacks. It provides better assurance against intrusion threats and can respond faster to security threats by patching known vulnerabilities centrally, rather than securing each individual web application. Existing application gateways can be easily upgraded to include a web application firewall.
 
 ### Traffic Manager