Carlos feedback

v-sissondan · v-sissondan · commit 2d48fbf4c0e0 · 2025-07-21T13:47:09.000-07:00
diff --git a/azure-local/security-book/operational-security-compliance.md b/azure-local/security-book/operational-security-compliance.md
@@ -3,7 +3,7 @@ title:  Azure Local security book ongoing compliance
 description: Ongoing compliance for the Azure Local security book.
 author: alkohli
 ms.topic: conceptual
-ms.date: 06/16/2025
+ms.date: 07/21/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -25,7 +25,7 @@ For those who need to adjust or update security settings based on their own busi
 
 [Azure Policy](/azure/governance/policy/overview) helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, perpolicy granularity.
 
-During run-time, you can use Azure Policy to audit Azure Local host machine configuration and perform compliance assessments based on Azure security baseline policies. In the future, we will also have the capability to remediate the security settings via Azure Policy and [Azure Automanage](https://azure.microsoft.com/products/azure-automanage/). 
+During run-time, you can use Azure Policy to audit Azure Local host machine configuration and perform compliance assessments based on Azure security baseline policies. In the future, we will also have the capability to remediate the security settings via Azure Policy. 
 
 ## SIEM integration
 
diff --git a/azure-local/security-book/operational-security-operations.md b/azure-local/security-book/operational-security-operations.md
@@ -3,7 +3,7 @@ title:  Azure Local security book ongoing operations
 description: Ongoing operations for the Azure Local security book.
 author: alkohli
 ms.topic: conceptual
-ms.date: 06/16/2025
+ms.date: 07/21/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -45,7 +45,7 @@ Windows Admin Center, just like any other Azure service, is always up to date wi
 
 ### Security tool
 
-The built-in security tool within Windows Admin Center gives you the ability to monitor and toggle Azure Local security settings. This tool lets you monitor and change your Secured-core, Windows Defender Application Control, and many other settings, all from within the Azure portal.
+The built-in security tool within Windows Admin Center gives you the ability to monitor and toggle Azure Local security settings. This tool lets you monitor and change your Secured-core, Application Control for Windows, and many other settings, all from within the Azure portal.
 
 ### Lost Azure connectivity
 
diff --git a/azure-local/security-book/trustworthy-addition-application-control.md b/azure-local/security-book/trustworthy-addition-application-control.md
@@ -3,7 +3,7 @@ title:  Azure Local security book application control
 description: Application control for the Azure Local security book.
 author: alkohli
 ms.topic: conceptual
-ms.date: 06/16/2025
+ms.date: 07/21/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -15,9 +15,9 @@ ms.reviewer: alkohli
 
 Preventing unwanted or malicious applications from running is an important part of an effective security strategy. Application control is one of the most effective means for addressing the threat of executable file-based malware. Application control helps mitigate security threats by restricting the applications that users are allowed to run.  
 
-While most customers inherently understand the value of application control, the reality is that only some have been able to employ application control solutions in a manageable way. Windows [Defender Application Control](/windows/security/application-security/application-control/app-control-for-business/appcontrol) (WDAC) provides powerful control over what applications are allowed to run and the code that runs in the OS (kernel).
+While most customers inherently understand the value of application control, the reality is that only some have been able to employ application control solutions in a manageable way. [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol) provides powerful control over what applications are allowed to run and the code that runs in the OS (kernel).
 
-WDAC is enabled by default on Azure Local, and out of the box it includes a set of base policies to ensure that only known platform components and applications are allowed to run. You can extend and customize this application control policy. For more information on base policies included in Azure Local and how to create supplemental policies, see [Windows Defender Application Control for Azure Local](/azure/azure-local/manage/manage-wdac).
+Application Control for Windows is enabled by default on Azure Local, and out of the box it includes a set of base policies to ensure that only known platform components and applications are allowed to run. You can extend and customize this application control policy. For more information on base policies included in Azure Local and how to create supplemental policies, see [Manage Application Control for Azure Local](/azure/azure-local/manage/manage-wdac).
 
 
 ## Related content
diff --git a/azure-local/security-book/trustworthy-addition-credential-protection.md b/azure-local/security-book/trustworthy-addition-credential-protection.md
@@ -3,7 +3,7 @@ title:  Azure Local security book credential protection
 description: Credential protection for the Azure Local security book.
 author: alkohli
 ms.topic: conceptual
-ms.date: 06/30/2025
+ms.date: 07/21/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -12,7 +12,7 @@ ms.reviewer: alkohli
 
 [!INCLUDE [hci-applies-to-23h2](../includes/hci-applies-to-23h2.md)]
 
-[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/how-it-works) uses virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects Active Directory secrets in an isolated environment that is not accessible to the rest of the operating system. By protecting the LSA process with virtualization-based security, Windows Defender Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. Windows Defender Credential Guard is enabled by default in Azure Local. 
+[Credential Guard](/windows/security/identity-protection/credential-guard/how-it-works) uses virtualization-based security (VBS) to protect against credential theft. With Credential Guard, the Local Security Authority (LSA) stores and protects Active Directory secrets in an isolated environment that is not accessible to the rest of the operating system. By protecting the LSA process with virtualization-based security, Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. Credential Guard is enabled by default in Azure Local. 
 
 
 ## Related content
diff --git a/azure-local/security-book/trustworthy-addition-overview.md b/azure-local/security-book/trustworthy-addition-overview.md
@@ -3,7 +3,7 @@ title:  Azure Local security book trustworthy addition overview
 description: Trustworthy addition overview for the Azure Local security book.
 author: alkohli
 ms.topic: conceptual
-ms.date: 06/16/2025
+ms.date: 07/21/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -14,7 +14,7 @@ ms.reviewer: alkohli
 
 Our customers face the significant burden of getting their infrastructure to meet a wide variety of security standards and be compliant with industry specific compliance requirements. They may spend several millions of dollars on external tools to get their infrastructure to meet those requirements. This is a tall order for many customers as they need to identify and enable various security capabilities. Even when they do, how those various security capabilities work together is yet another challenge to deal with. 
  
-Our goal is to empower customers to achieve their security requirements, regardless of industry regulations or compliance, more easily and in a flexible manner. Azure Local builds on industry-leading security features such as Windows Defender Application Control and BitLocker. With Azure Local, we have enabled security right from the start, where the system is by default deployed in a known good state in accordance with the [Microsoft Cloud Security Benchmark](/security/benchmark/azure/overview). 
+Our goal is to empower customers to achieve their security requirements, regardless of industry regulations or compliance, more easily and in a flexible manner. Azure Local builds on industry-leading security features such as Application Control for Windows and BitLocker. With Azure Local, we have enabled security right from the start, where the system is by default deployed in a known good state in accordance with the [Microsoft Cloud Security Benchmark](/security/benchmark/azure/overview). 
  
 With this change, customers do not have to burden themselves with the mechanics of enabling the various security capabilities, at least not for most of the well-known security requirements. From a customer standpoint, security "just works". 
 
