Merge branch 'main' into gary-fix-links-4

Author: garycentric

CloudAppSecurityDocs/posture-overview.md

@@ -1,11 +1,11 @@
 ---
-title: SaaS security posture management (SSPM) - overview 
+title: SaaS security posture management (SSPM) - overview
 description: Learn what is SaaS security posture management (SSPM) in Microsoft Defender for cloud apps
 ms.topic: how-to
 ms.date: 11/17/2024
 ---
 
-# SaaS security posture management (SSPM) - overview 
+# SaaS security posture management (SSPM) - overview
 
 > [!NOTE]
 > Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD. For these environments, it is recommended to consume SaaS security posture recommendations via [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation).
@@ -20,10 +20,9 @@ One of Microsoft Defender for Cloud Apps’ core pillars is SaaS Security Postur
 
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
 - Your app must be connected to Defender for Cloud Apps. For more information, see:
+  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
 
-    - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-    - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
- 
 ## Turn on SaaS security recommendations
 
 Follow these steps to ensure that your application connector is set to show data in Microsoft Security Exposure Management.
@@ -57,7 +56,7 @@ For more information, see [Assess your security posture with Microsoft Secure Sc
 > [!IMPORTANT]
 > Since Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD, it is recommended for these environments to consume SaaS security posture recommendations in [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation) as explained above.
 
-To effectively manage your organization’s SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see:
+To effectively manage your organization's SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see:
 
 - [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative)
 
@@ -70,7 +69,6 @@ In addition you can find a variety of SSPM recommendations under different initi
 - Business Email Compromise - Financial fraud
 - Zero Trust (Foundational)
 
-
 ## Next steps
 
 > [!div class="nextstepaction"]

CloudAppSecurityDocs/saas-security-initiative.md

@@ -4,12 +4,13 @@ description: Learn how to use the "SaaS security initiative" in Microsoft XDR
 ms.topic: how-to
 ms.date: 10/31/2024
 ---
-# SaaS Security Initiative 
+# SaaS Security Initiative
 
 > [!NOTE]
 > Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD.
 
 The SaaS Security Initiative provides a centralized place for SaaS security best practices, enabling organizations to manage and prioritize security recommendations effectively. By focusing on the most impactful metrics, organizations can enhance their SaaS security posture efficiently.
+
 ![Screenshot of the SaaS security initiative home page.](media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png)
 
 
@@ -22,24 +23,24 @@ The SaaS Security Initiative serves as the main hub for SaaS Security Posture Ma
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
 - The app which you wish to see security recommendations for, must be connected.
 - For more information, see:
-
-    - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-    - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
+  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
 
 ## Operational Guidelines
+
 To initiate the process, navigate to the **Exposure Management** blade and select **Initiatives**. Click on the **SaaS Security** initiative and then select **Open Initiative Page**.
 
-On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations. 
+On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations.
 
-It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization’s security posture. This target will serve as a benchmark for improvement and help track advancements over time.
+It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization's security posture. This target will serve as a benchmark for improvement and help track advancements over time.
 
 For instance, to gain visibility into all best practice recommendations pertaining to privileged access within SaaS applications, select the metric labeled **Missing Best Practices to Secure Privileged Access in SaaS Apps**.
 
 Once selected, you can click on any of the **Non-Compliant** recommendations to access the associated remediation steps.
 
 ## Additional Information
 
-- Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
-- To learn more about Exposure Management initiatives, see [Review security initiatives](/security-exposure-management/initiatives).
+Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
 
+To learn more about Exposure Management initiatives, see [Review security initiatives](/security-exposure-management/initiatives).