Acrolinx fixes

Author: DeCohen

CloudAppSecurityDocs/ems-cloud-app-security-govt-service-byok-troubleshoot.md

@@ -22,7 +22,7 @@ The following table lists the possible scenarios that can cause data encryption
 | <a name="missing-kv-key-permissions"></a>**Missing Key Vault or key permissions** | In the selected Key Vault, under access policy, make sure that the following key permissions are selected:<br />Under **Key management operations**<br />- List<br />Under **Cryptographic operations**<br />- Wrap key<br />- Unwrap key<br /><br />For the selected key, make sure you're using an RSA encryption and that the following operations are permitted:<br />- Wrap key<br />- Unwrap key<br /> |
 | <a name="firewall-block"></a>**Azure Key Vault firewall blocking access to key** | In the selected Key Vault, make sure that the firewall is configured with the following IP addresses:<br />- 13.66.200.132<br />- 23.100.71.251<br />- 40.78.82.214<br />- 51.105.4.145<br />- 52.166.166.111 |
 | <a name="key-not-enabled"></a>**Encryption key is not enabled** | In the selected key's settings, make sure that the key is enabled.<br />![Screenshot showing key enable option.](media/cloud-app-security-byok/byok-kv-key-enabled.PNG) |
-| <a name="key-not-active"></a>**Encryption key is not active** | In the selected key's settings, make sure that the activation date and time is prior to the current date and time.<br />![Screenshot showing key activation date.](media/cloud-app-security-byok/byok-kv-key-activation-date.PNG) |
+| <a name="key-not-active"></a>**Encryption key is not active** | In the selected key's settings, make sure that the activation date and time is before the current date and time.<br />![Screenshot showing key activation date.](media/cloud-app-security-byok/byok-kv-key-activation-date.PNG) |
 | <a name="key-expired"></a>**Encryption key has expired** | In the selected key's settings, make sure that the expiration date and time hasn't passed.<br />![Screenshot showing key expiration date.](media/cloud-app-security-byok/byok-kv-key-expiration-date.PNG) |
 | <a name="key-not-found"></a>**Encryption key not found or deleted** | Verify that the selected key exists in your Key Vault. If key was deleted, recover and enable it again. If the key was moved to another Key Vault, move it back to the selected Key Vault. |
 

CloudAppSecurityDocs/includes/classic-banner.md

@@ -4,7 +4,7 @@
 >
 > Microsoft Defender for Cloud Apps is now part of [Microsoft Defender XDR](https://security.microsoft.com), which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. Automatic redirection from the classic portal is on by default for all customers.
 >
-> Starting June 16th, 2024, the redirection toggle to switch back to the classic portal will no longer be available. From then on, all users accessing the classic Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft Defender portal, with no option to opt-out.
+> Starting June 16, 2024, the redirection toggle to switch back to the classic portal will no longer be available. From then on, all users accessing the classic Microsoft Defender for Cloud Apps will be automatically rerouted to the Microsoft Defender portal, with no option to opt out.
 >
 > To prepare for this change, we recommend that any customers still using the classic portal move operations to the Microsoft Defender portal. For more information, see [Microsoft Defender for Cloud Apps in the Microsoft Defender portal](/defender-xdr/microsoft-365-security-center-defender-cloud-apps).
 

CloudAppSecurityDocs/troubleshooting-siem.md

@@ -15,10 +15,10 @@ This article provides a list of possible issues when connecting your SIEM to Def
 
 Before you proceed, check that your [Defender for Cloud Apps license](https://aka.ms/M365EnterprisePlans) supports the SIEM integration you're trying to configure.
 
-If you received a system alert regarding an issue with activity delivery through the SIEM agent, follow the steps below to recover the activity events in the timeframe of the issue. These steps will guide you through setting up a new Recovery SIEM agent that will run in parallel and resend the activity events to your SIEM.
+If you received a system alert regarding an issue with activity delivery through the SIEM agent, follow the steps below to recover the activity events in the timeframe of the issue. These steps guide you through setting up a new Recovery SIEM agent that will run in parallel and resend the activity events to your SIEM.
 
 > [!NOTE]
-> The recovery process will resend all activity events in the timeframe described in the system alert. If your SIEM already contains activity events from this timeframe, you will experience duplicated events after this recovery.
+> The recovery process resends all activity events in the timeframe described in the system alert. If your SIEM already contains activity events from this timeframe, you'll experience duplicated events after this recovery.
 
 ### Step 1 – Configure a new SIEM Agent in parallel to your existing agent
 
@@ -44,10 +44,10 @@ Use the following steps to validate your configuration:
 > [!NOTE]
 > The agent will only send activities in the timeframe of the issue on which you were alerted.
 
-1. If data is not received by your SIEM, then on the new SIEM agent device, try listening to the port that you configured to forward activities to see if data is being sent from the agent to the SIEM. For example, run `netcat -l <port>` where `<port>` is the previously configured port number.
+1. If data isn't received by your SIEM, then on the new SIEM agent device, try listening to the port that you configured to forward activities to see if data is being sent from the agent to the SIEM. For example, run `netcat -l <port>` where `<port>` is the previously configured port number.
 
 > [!NOTE]
-> If you are using `ncat`, make sure you specify the ipv4 flag `-4`.
+> If you're using `ncat`, make sure you specify the ipv4 flag `-4`.
 
 1. If data is being sent by the agent but not received by your SIEM, check the SIEM agent log. If you can see "connection refused" messages, make sure that your SIEM agent is configured to use TLS 1.2 or newer.
 
@@ -78,9 +78,9 @@ After creating the agent, check the SIEM agent page in Defender for Cloud Apps.
 |----|----|----|
 |**Internal error**|Something unknown went wrong with your SIEM agent.|Contact support.|
 |**Data server send error**|You can get this error if you're working with a Syslog server over TCP. The SIEM agent can't connect to your Syslog server.  If you get this error, the agent will stop pulling new activities until it's fixed. Make sure to follow the remediation steps until the error stops appearing.|1. Make sure you properly defined your Syslog server: In the Defender for Cloud Apps UI, edit your SIEM agent as described above. Make sure you wrote the name of the server properly and set the right port. </br>2. Check connectivity to your Syslog server: Make sure your firewall isn't blocking communication.|
-|**Data server connection error**| You can get this error if you're working with a Syslog server over TCP. The SIEM agent can't connect to your Syslog server.  If you get this error, the agent will stop pulling new activities until it's fixed. Make sure to follow the remediation steps until the error stops appearing.|1. Make sure you properly defined your Syslog server: In the Defender for Cloud Apps UI, edit your SIEM agent as described above. Make sure you wrote the name of the server properly and set the right port. </br>2. Check connectivity to your Syslog server: Make sure your firewall isn't blocking communication.|
+|**Data server connection error**| You can get this error if you're working with a Syslog server over TCP. The SIEM agent can't connect to your Syslog server.  If you get this error, the agent stops pulling new activities until it's fixed. Make sure to follow the remediation steps until the error stops appearing.|1. Make sure you properly defined your Syslog server: In the Defender for Cloud Apps UI, edit your SIEM agent as described above. Make sure you wrote the name of the server properly and set the right port. </br>2. Check connectivity to your Syslog server: Make sure your firewall isn't blocking communication.|
 |**SIEM agent error**|The SIEM agent has been disconnected for more than X hours|Make sure that you didn't change the SIEM configuration in Defender for Cloud Apps. Otherwise, this error could indicate connectivity issues between Defender for Cloud Apps and the computer on which you're running the SIEM agent.|
-|**SIEM agent notification error**|SIEM agent notification forward errors were received from a SIEM agent.|This error indicates that you've received errors about the connection between the SIEM agent and your SIEM server. Make sure there isn't a firewall blocking your SIEM server or the computer on which you're running the SIEM agent. Also, check that the IP address of the SIEM server wasn't changed. If you've installed Java Runtime Engine (JRE) update 291 or higher, follow the instructions in [Issue with new versions of Java](#issue-with-new-versions-of-java).|
+|**SIEM agent notification error**|SIEM agent notifications forward errors were received from a SIEM agent.|This error indicates that you've received errors about the connection between the SIEM agent and your SIEM server. Make sure there isn't a firewall blocking your SIEM server or the computer on which you're running the SIEM agent. Also, check that the IP address of the SIEM server wasn't changed. If you've installed Java Runtime Engine (JRE) update 291 or higher, follow the instructions in [Issue with new versions of Java](#issue-with-new-versions-of-java).|
 
 ## Issue with new versions of Java