Merge pull request #270775 from dcurwin/fix-formatting-april1-2024

fix formatting

Author: ttorble

articles/defender-for-cloud/alerts-schemas.md

@@ -10,7 +10,6 @@ ms.date: 03/25/2024
 
 # Alerts schemas
 
-
 Defender for Cloud provides alerts that help you identify, understand, and respond to security threats. Alerts are generated when Defender for Cloud detects suspicious activity or a security-related issue in your environment. You can view these alerts in the Defender for Cloud portal, or you can export them to external tools for further analysis and response.
 
 You can review security alerts from the [overview dashboard](overview-page.md), [alerts](managing-and-responding-alerts.md) page, [resource health pages](investigate-resource-health.md), or [workload protections dashboard](workload-protections-dashboard.md).

articles/defender-for-cloud/concept-easm.md

@@ -13,16 +13,15 @@ An external attack surface is the entire area of an organization or system that
 
 Defender EASM continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall.
 
-Defender EASM applies Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by applying vulnerability and infrastructure data to showcase the key areas of concern for your organization, such as: 
+Defender EASM applies Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by applying vulnerability and infrastructure data to showcase the key areas of concern for your organization, such as:
 
 - Discover digital assets, always-on inventory  
-- Analyze and prioritize risks and threats 
-- Pinpoint attacker-exposed weaknesses, anywhere and on-demand 
+- Analyze and prioritize risks and threats
+- Pinpoint attacker-exposed weaknesses, anywhere and on-demand
 - Gain visibility into third-party attack surfaces
 
 EASM collects data for publicly exposed assets (“outside-in”). Defender for Cloud CSPM (“inside-out”) can use that data to assist with internet-exposure validation and discovery capabilities, to provide better visibility to customers.
 
-
 ## Next steps
 
 - Learn about [cloud security explorer and attack paths](concept-attack-path.md) in Defender for Cloud.

articles/defender-for-cloud/continuous-export.md

@@ -24,14 +24,15 @@ This article describes how to set up continuous export to a Log Analytics worksp
 - You must [enable Microsoft Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
 
 Required roles and permissions:
+
 - Security Admin or Owner for the resource group
 - Write permissions for the target resource.
 - If you use the [Azure Policy DeployIfNotExist policies](continuous-export-azure-policy.md), you must have permissions that let you assign policies.
 - To export data to Event Hubs, you must have Write permissions on the Event Hubs policy.
-- To export to a Log Analytics workspace: 
-    - If it *has the SecurityCenterFree solution*, you must have a minimum of Read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read`.
-    - If it *doesn't have the SecurityCenterFree solution*, you must have write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action`.
-    
+- To export to a Log Analytics workspace:
+  - If it *has the SecurityCenterFree solution*, you must have a minimum of Read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read`.
+  - If it *doesn't have the SecurityCenterFree solution*, you must have write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action`.
+
     Learn more about [Azure Monitor and Log Analytics workspace solutions](/previous-versions/azure/azure-monitor/insights/solutions).
 
 ## Set up continuous export in the Azure portal

articles/defender-for-cloud/data-aware-security-dashboard-overview.md

@@ -81,7 +81,7 @@ The **Closer look** section provides a more detailed view into the sensitive dat
 
 - **Sensitive data discovery** - summarizes the results of the sensitive resources discovered, allowing customers to explore a specific sensitive information type and label.
 - **Internet-exposed data resources** - summarizes the discovery of sensitive data resources that are internet-exposed for storage and managed databases.
-  
+
     :::image type="content" source="media/data-aware-security-dashboard/closer-look.png" alt-text="Screenshot that shows the closer look section of the data security dashboard." lightbox="media/data-aware-security-dashboard/closer-look.png":::
 
 You can select the **Manage data sensitivity settings** to get to the **Data sensitivity** page. The **Data sensitivity** page allows you to manage the data sensitivity settings of cloud resources at the tenant level, based on selective info types and labels originating from the Purview compliance portal, and [customize sensitivity settings](data-sensitivity-settings.md) such as creating your own customized info types and labels, and setting sensitivity label thresholds.

articles/defender-for-cloud/iac-template-mapping.md

@@ -22,7 +22,7 @@ To set Microsoft Defender for Cloud to map IaC templates to cloud resources, you
   - Supported cloud platforms: Microsoft Azure, Amazon Web Services, Google Cloud Platform
   - Supported source code management systems: Azure DevOps
   - Supported template languages: Azure Resource Manager, Bicep, CloudFormation, Terraform
-  
+
 > [!NOTE]
 > Microsoft Defender for Cloud uses only the following tags from IaC templates for mapping:
 >

articles/defender-for-cloud/quickstart-onboard-gcp.md

@@ -204,7 +204,7 @@ The respective Azure Arc servers for GCP virtual machines that no longer exist (
 Ensure that you fulfill the [network requirements for Azure Arc](../azure-arc/servers/network-requirements.md?tabs=azure-cloud).
 
 Enable these other extensions on the Azure Arc-connected machines:
-  
+
 - Microsoft Defender for Endpoint
 - A vulnerability assessment solution (Microsoft Defender Vulnerability Management or Qualys)
 

articles/defender-for-cloud/release-notes.md

@@ -49,6 +49,7 @@ Learn more about [continuous export](benefits-of-continuous-export.md).
 March 21, 2024
 
 Until now agentless scanning covered CMK encrypted VMs in AWS and GCP. With this release we are completing support for Azure as well. The capability employs a unique scanning approach for CMK in Azure:
+
 - Defender for Cloud does not handle the key or decryption process. Key handling and decryption is seamlessly handled by Azure Compute and is transparent to Defender for Cloud's agentless scanning service.
 - The unencrypted VM disk data is never copied or re-encrypted with another key.
 - The original key is not replicated during the process. Purging it eradicates the data on both your production VM and Defender for Cloud’s temporary snapshot.
@@ -58,14 +59,13 @@ During public preview this capability is not automatically enabled. If you are u
 - [Learn more on agentless scanning for VMs](concept-agentless-data-collection.md)
 - [Learn more on agentless scanning permissions](faq-permissions.yml#which-permissions-are-used-by-agentless-scanning-)
 
-
 ### New endpoint detection and response recommendations
 
 March 18, 2024
 
-We are announcing new endpoint detection and response recommendations that discover and assesses the configuration of supported endpoint detection and response solutions. If issues are found, these recommendations offer remediation steps. 
+We are announcing new endpoint detection and response recommendations that discover and assesses the configuration of supported endpoint detection and response solutions. If issues are found, these recommendations offer remediation steps.
 
-The following new agentless endpoint protection recommendations are now available if you have Defender for Servers Plan 2 or the Defender CSPM plan enabled on your subscription with the agentless machine scanning feature enabled. The recommendations support Azure and multicloud machines. On-premises machines are not supported. 
+The following new agentless endpoint protection recommendations are now available if you have Defender for Servers Plan 2 or the Defender CSPM plan enabled on your subscription with the agentless machine scanning feature enabled. The recommendations support Azure and multicloud machines. On-premises machines are not supported.
 
 | Recommendation name | Description | Severity |
 |--|

articles/defender-for-cloud/view-and-remediate-vulnerabilities-for-images.md

@@ -39,8 +39,8 @@ If you are using Defender CSPM, first review and remediate vulnerabilities expos
 
     :::image type="content" source="media/view-and-remediate-vulnerabilities-for-images-running-on-aks/running-select-container.png" alt-text="Screenshot showing where to select a specific container." lightbox="media/view-and-remediate-vulnerabilities-for-images-running-on-aks/running-select-container.png":::
 
-1. This pane includes a list of the container vulnerabilities. Select each vulnerability to [resolve the vulnerability](#remediate-vulnerabilities).  
-  
+1. This pane includes a list of the container vulnerabilities. Select each vulnerability to [resolve the vulnerability](#remediate-vulnerabilities).
+
     :::image type="content" source="media/view-and-remediate-vulnerabilities-for-images-running-on-aks/running-list-vulnerabilities.png" alt-text="Screenshot showing the list of container vulnerabilities." lightbox="media/view-and-remediate-vulnerabilities-for-images-running-on-aks/running-list-vulnerabilities.png":::
 
 ## View container images affected by a specific vulnerability