MicrosoftDocs
diff --git a/‎articles/external-attack-surface-management/TOC.yml‎
Lines changed: 1 addition & 1 deletion b/‎articles/external-attack-surface-management/TOC.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/external-attack-surface-management/easm-copilot.md‎
Lines changed: 15 additions & 13 deletions b/‎articles/external-attack-surface-management/easm-copilot.md‎
Lines changed: 15 additions & 13 deletions
diff --git a/‎articles/external-attack-surface-management/media/copilot-4.png‎
71.5 KB b/‎articles/external-attack-surface-management/media/copilot-4.png‎
71.5 KB
diff --git a/‎articles/external-attack-surface-management/overview.md‎
Lines changed: 2 additions & 2 deletions b/‎articles/external-attack-surface-management/overview.md‎
Lines changed: 2 additions & 2 deletions
@@ -57,5 +57,5 @@
 
 - name: Integrations
   items: 
-  - name: Copilot for Security and Defender EASM
+  - name: Microsoft Security Copilot and Defender EASM
     href: easm-copilot.md
@@ -2,7 +2,7 @@
 # required metadata
 
 title: Microsoft Security Copilot in Defender EASM
-description: You can use Microsoft Security Copilot to get information about your EASM data.
+description: Learn how to use Microsoft Security Copilot to get information about your Microsoft Defender External Attack Surface Management (Defender EASM) data.
 author: dandennis
 ms.author: dandennis
 ms.date: 11/20/2024
@@ -12,25 +12,27 @@ ms.localizationpriority: high
 
 ---
 
-# Microsoft Security Copilot in Defender EASM
+# Microsoft Security Copilot integration in Defender EASM
 
 Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall. Attack Surface Insights are generated by analyzing vulnerability and infrastructure data to showcase the key areas of concern for your organization.
 
-Defender EASM’s integration with Microsoft Security Copilot enables users to interact with Microsoft’s discovered attack surfaces. These attack surfaces allow users to quickly understand their externally facing infrastructure and relevant, critical risks to their organization. They provide insight into specific areas of risk, including vulnerabilities, compliance, and security hygiene. For more information about Microsoft Security Copilot, go to [What is Microsoft Security Copilot](/security-copilot/microsoft-security-copilot).  For more information on the embedded Microsoft Security Copilot experience, refer to [Query your attack surface with Defender EASM using Microsoft Copilot in Azure](/azure/copilot/query-attack-surface).
+Microsoft Security Copilot integration in Defender EASM helps you interact with Microsoft-discovered attack surfaces. Identifying attack surfaces helps your organization quickly understand its externally facing infrastructure and relevant, critical risks. It provides insight into specific areas of risk, including vulnerabilities, compliance, and security hygiene.
+
+For more information about Microsoft Security Copilot, see [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot). For information about the embedded Microsoft Security Copilot experience, see [Query your attack surface with Defender EASM by using Microsoft Security Copilot in Azure](/azure/copilot/query-attack-surface).
 
 ## Know before you begin
 
-If you're new to Microsoft Security Copilot, it's a good idea to familiarize yourself with it by reading these articles:
+If you're new to Microsoft Security Copilot, it's a good idea to familiarize yourself with the system by reading these articles:
 
 - [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot)
 - [Microsoft Security Copilot experiences](/security-copilot/experiences-security-copilot)
 - [Get started with Microsoft Security Copilot](/security-copilot/get-started-security-copilot)
 - [Understand authentication in Microsoft Security Copilot](/security-copilot/authentication)
 - [Prompting in Microsoft Security Copilot](/security-copilot/prompting-security-copilot)
 
-## Microsoft Security Copilot integration in Defender EASM
+## Microsoft Security Copilot in Defender EASM
 
-Microsoft Security Copilot can surface insights from Defender EASM about an organization's attack surface. You can use the system features built into Microsoft Security Copilot, and use prompts to get more information. This information can help you understand your security posture and mitigate vulnerabilities.
+Microsoft Security Copilot can surface insights from Defender EASM about your organization's attack surface. You can use Microsoft Security Copilot built-in system features, and use prompts to get more information. This information can help you understand your security posture and mitigate vulnerabilities.
 
 This article introduces you to Microsoft Security Copilot and includes sample prompts that can help Defender EASM users.
 
@@ -48,7 +50,7 @@ The EASM Security Copilot integration can help you:
 
 - Use Security Copilot to surface insights.
 
-  You can use Security Copilot to ask about insights by using natural language and extract insights from Defender EASM about your organization's attack surface. Query details like the number of SSL certificates that are not secure, ports detected, and specific vulnerabilities that affect the attack surface.
+  You can use Security Copilot to ask about insights by using natural language and extract insights from Defender EASM about your organization's attack surface. Query details like the number of Secure Sockets Layer (SSL) certificates that aren't secure, ports that are detected, and specific vulnerabilities that affect the attack surface.
 
 - Expedite attack surface curation.
 
@@ -85,15 +87,15 @@ To enable integration, you need to have these prerequisites:
 
 ## Sample Defender EASM prompts
 
-Microsoft Security Copilot primarily uses natural language prompts. When you querying information from Defender EASM, you submit a prompt that guides Microsoft Security Copilot to select the Defender EASM plugin and invoke the relevant capability.
+Microsoft Security Copilot primarily uses natural language prompts. When you query information from Defender EASM, you submit a prompt that guides Microsoft Security Copilot to select the Defender EASM plugin and invoke the relevant capability.
 
-For success with Copilot prompts, we recommend the following:
+For success with Security Copilot prompts, we recommend the following approaches:
 
-- Ensure that you reference the company name in your first prompt. Unless otherwise specified, all future prompts will provide data about the initially specified company.
+- Ensure that you reference the company name in your first prompt. Unless otherwise specified, all future prompts then provide data about the initially specified company.
 
 - Be clear and specific with your prompts. You might get better results if you include specific asset names or metadata values (for example, CVE IDs) in your prompts.
 
-  It might also help to add **Defender EASM** to your prompt, like:
+  It might also help to add **Defender EASM** to your prompt, like in these examples:
 
   - **According to Defender EASM, what are my expired domains?**
   - **Tell me about Defender EASM high-priority attack surface insights.**
@@ -113,15 +115,15 @@ For more information on writing Microsoft Security Copilot prompts, see [Microso
 | **Get attack surface summary** | Returns the attack surface summary for either the customer’s Defender EASM resource or a specific company name. | **Example inputs**: <br> • Get attack surface for LinkedIn.   <br> • Get my attack surface.  <br> • What is the attack surface for Microsoft?   <br> • What is my attack surface?  <br> • What are the externally facing assets for Azure?  <br> • What are my externally facing assets?  <br> <br>  **Optional Inputs**: <br> • CompanyName | If your plugin is configured to an active Defender EASM resource and no other company is specified:  <br> • Returns an attack surface summary for the customer’s Defender EASM resource. <br><br> If another company name is provided: <br> • If no exact for match for company name is found, returns a list of possible matches.  <br> • If there's an exact match, returns the attack surface summary for the company name. |
 | **Get attack surface insights** | Returns the attack surface insights for either the customer’s Defender EASM resource or a specific company name.  | **Example inputs**: <br> • Get high-priority attack surface insights for LinkedIn. <br> • Get my high-priority attack surface insights.  <br> • Get low priority attack surface insights for Microsoft.  <br> • Get low priority attack surface insights.  <br> • Do I have high-priority vulnerabilities in my external attack surface for Azure?  <br><br> **Required inputs**: <br> • PriorityLevel (the priority level must be high, medium, or low; if not provided, it defaults to high)  <br><br>**Optional inputs**: <br> • CompanyName (the company name)  | If your plugin is configured to an active Defender EASM resource and no other company is specified:  <br> • Returns attack surface insights for the customer’s Defender EASM resource.  <br><br> If another company name is provided: <br> • If no exact for match for company name is found, returns a list of possible matches. <br> • If there's an exact match, returns the attack surface insights for the company name.  |
 | **Get assets affected by a CVE** | Returns the assets affected by a CVE for either the customer's Defender EASM resource or a specific company name.  | **Example inputs**: <br><br> • Get assets affected by CVE-2023-0012 for LinkedIn.  <br> • Which assets are affected by CVE-2023-0012 for Microsoft?  <br> • Is Azure's external attack surface impacted by CVE-2023-0012?  <br> • Get assets affected by CVE-2023-0012 for my attack surface.  <br> • Which of my assets are affected by CVE-2023-0012?  <br> • Is my external attack surface impacted by CVE-2023-0012?  <br><br>**Required inputs**: <br> • CVE ID <br><br> **Optional inputs**: <br> • CompanyName | If your plugin is configured to an active Defender EASM resource and no other company is specified:  <br> • If plugin settings aren't filled out, fail graciously and remind customers.  <br> • If plugin settings are filled out, returns the assets affected by a CVE for the customer’s Defender EASM resource. <br><br> If another company name is provided: <br> • If no exact for match for company name is found, returns a list of possible matches.  <br> • If there's an exact match, returns the assets affected by a CVE for the specific company name.  |
-| **Get assets affected by a CVSS** | Returns the assets affected by a Common Vulnerability Scoring System (CVSS) score for either the customer’s Defender EASM resource or a specific company name.  | **Example inputs**: <br> • Get assets affected by high-priority CVSS scores in LinkedIn’s attack surface. <br> • How many assets have critical CVSS score for Microsoft?  <br> • Which assets have critical CVSS scores for Azure?  <br> • Get assets affected by high-priority CVSS's in my attack surface.  <br> • How many of my assets have critical CVSS scores?  <br> • Which of my assets have critical CVSS scores?  <br><br> **Required inputs**: <br> • CvssPriority (the CVSS priority must be *critical*, *high*, *medium*, or *low*) <br><br> **Optional inputs**: <br> • CompanyName | If your plugin is configured to an active Defender EASM resource and no other company is specified:    <br> • If plugin settings aren't filled out, fail graciously and remind customers.  <br> •  If plugin settings are filled out, returns the assets affected by a CVSS score for the customer’s Defender EASM resource. <br><br> If another company name is provided: <br> • If no exact for match for company name, returns a list of possible matches.  <br> • If there's an exact match, returns the assets affected by a CVSS score for the specific company name.  |
+| **Get assets affected by a CVSS** | Returns the assets affected by a Common Vulnerability Scoring System (CVSS) score for either the customer’s Defender EASM resource or a specific company name.  | **Example inputs**: <br> • Get assets affected by high-priority CVSS scores in LinkedIn’s attack surface. <br> • How many assets have critical CVSS score for Microsoft?  <br> • Which assets have critical CVSS scores for Azure?  <br> • Get assets affected by high-priority CVSS scores in my attack surface.  <br> • How many of my assets have critical CVSS scores?  <br> • Which of my assets have critical CVSS scores?  <br><br> **Required inputs**: <br> • CVSSPriority (the CVSS priority must be *critical*, *high*, *medium*, or *low*) <br><br> **Optional inputs**: <br> • CompanyName | If your plugin is configured to an active Defender EASM resource and no other company is specified:    <br> • If plugin settings aren't filled out, fail graciously and remind customers.  <br> •  If plugin settings are filled out, returns the assets affected by a CVSS score for the customer’s Defender EASM resource. <br><br> If another company name is provided: <br> • If no exact for match for company name is found, returns a list of possible matches.  <br> • If there's an exact match, returns the assets affected by a CVSS score for the specific company name.  |
 | **Get expired domains** | Returns the number of expired domains for either the customer’s Defender EASM resource or a specific company name.  | **Example inputs**: <br> • How many domains are expired in LinkedIn’s attack surface?    <br> • How many assets are using expired domains for Microsoft?   <br> • How many domains are expired in my attack surface?    <br> • How many of my assets are using expired domains for Microsoft?  <br><br> **Optional inputs**:  <br> • CompanyName | If your plugin is configured to an active Defender EASM resource and no other company is specified: <br> • Returns the number of expired domains for the customer’s Defender EASM resource.  <br><br>  If another company name is provided:  <br> • If no exact for match for company name is found, returns a list of possible matches.  <br> • If there's an exact match, returns the number of expired domains for the specific company name.  |
 | **Get expired certificates** | Returns the number of expired SSL certificates for either the customer’s Defender EASM resource or a specific company name.  | **Example inputs**:  <br> • How many SSL certificates are expired for LinkedIn?   <br> • How many assets are using expired SSL certificates for Microsoft?  <br> • How many SSL certificates are expired for my attack surface?   <br> • What are my expired SSL certificates?   <br><br> **Optional inputs**: <br> • CompanyName |  If your plugin is configured to an active Defender EASM resource and no other company is specified:  <br> • Returns the number of SSL certificates for the customer’s Defender EASM resource. <br><br> If another company name is provided: <br> • If no exact for match for company name is found, returns a list of possible matches.  <br> • If there's an exact match, returns the number of SSL certificates for the specific company name.  |
 | **Get SHA1 certificates** | Returns the number of SHA1 SSL certificates for either the customer’s Defender EASM resource or a specific company name.  | **Example inputs**: <br> • How many SSL SHA1 certificates are present for LinkedIn?   <br> • How many assets are using SSL SHA1 for Microsoft?  <br> • How many SSL SHA1 certificates are present for my attack surface?   <br> • How many of my assets are using SSL SHA1?  <br><br> **Optional inputs**: <br> • CompanyName |  If your plugin is configured to an active Defender EASM resource and no other company is specified:  <br> • Returns the number of SHA1 SSL certificates for the customer’s Defender EASM resource. <br><br>  If another company name is provided: <br> • If no exact for match for company name is found, returns a list of possible matches.  <br> • If there's an exact match, returns the number of SHA1 SSL certificates for the specific company name.  |
 | **Translate natural language to a Defender EASM query** | Translates any natural language question into a Defender EASM query and returns the assets that match the query. | **Example inputs**: <br> • What assets are using jQuery version 3.1.0? <br> • Get the hosts with port 80 open in my attack surface. <br> • Find all the page, host, and ASN assets in my inventory that have an IP address that is IP *X*, IP *Y*, or IP *Z*. <br> • Which of my assets have a registrant email of `<[email protected]>`? | If your plugin is configured to an active Defender EASM resource: <br> • Returns the assets matching with the translated query. |
 
 ### Switch between resource data and company data
 
-Even though we added resource integration for our skills, we still support pulling data from prebuilt attack surfaces for specific companies. To improve the Security Copilot accuracy in determining when a customer wants to pull from their attack surface or from a prebuilt, company attack surface, we recommend using **my**, **my attack surface**, and so on, to convey that you want to use your resource. Use **their**, ***specific company name***, and so on to convey that you want to use a prebuilt attack surface. Although this does improve the experience in a single session, we strongly recommend using two separate sessions to avoid any confusion.
+Even though we added resource integration for our skills, we still support pulling data from prebuilt attack surfaces for specific companies. To improve the Security Copilot accuracy in determining when a customer wants to pull from their attack surface or from a prebuilt, company attack surface, we recommend using **my**, **my attack surface**, and so on, to convey that you want to use your resource. Use **their**, ***specific company name***, and so on, to convey that you want to use a prebuilt attack surface. Although this approach does improve the experience in a single session, we strongly recommend using two separate sessions to avoid any confusion.
 
 ## Provide feedback
 
 
@@ -1,5 +1,5 @@
 ---
-title: "What is Microsoft Defender External Attack Surface Management?"
+title: "What Is Defender EASM?"
 description: Learn how Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to give you an external view of your online infrastructure.
 author: danielledennis
 ms.author: dandennis
@@ -41,7 +41,7 @@ Defender EASM uses dashboards to help you quickly understand your online infrast
 
 ## Asset management
 
-You can filter your inventory to surface the insights that are most important to you and your organization. Filtering gives you flexibility and customization to help you access a specific subset of assets. Filtering also puts Defender EASM data to work for your specific use case, whether you are searching for assets that connect to deprecating infrastructure or identifying new cloud resources.
+You can filter your inventory to surface the insights that are most important to you and your organization. Filtering gives you flexibility and customization to help you access a specific subset of assets. Filtering also puts Defender EASM data to work for your specific use case, whether you're searching for assets that connect to deprecating infrastructure or identifying new cloud resources.
 
 :::image type="content" source="media/overview-inventory.png" alt-text="Screenshot of the Inventory pane.":::