Merge branch 'main' into repo_sync_working_branch

Stacyrch140 · web-flow · commit 62209910c6eb · 2024-11-27T16:11:57.000-05:00
diff --git a/CloudAppSecurityDocs/posture-overview.md b/CloudAppSecurityDocs/posture-overview.md
@@ -1,29 +1,28 @@
 ---
-title: SaaS security posture management (SSPM) - overview 
+title: SaaS security posture management (SSPM) - overview
 description: Learn what is SaaS security posture management (SSPM) in Microsoft Defender for cloud apps
 ms.topic: how-to
 ms.date: 11/17/2024
 ---
 
-# SaaS security posture management (SSPM) - overview 
+# SaaS security posture management (SSPM) - overview
 
 > [!NOTE]
 > Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD. For these environments, it is recommended to consume SaaS security posture recommendations via [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation).
 
-One of Microsoft Defender for Cloud Apps’ core pillars is SaaS Security Posture Management (SSPM), which offers detailed visibility into the security state of your SaaS applications and provides actionable guidance to help you strengthen your security posture efficiently. Your SaaS application environments might be configured with a risky posture, and Defender for Cloud Apps provides risk-based security configuration assessments to help you identify and mitigate potential risks. These recommendations are shown in [Microsoft Security Exposure Management](../exposure-management/microsoft-security-exposure-management.md) once you have a connector to an application. For example:
+One of Microsoft Defender for Cloud Apps’ core pillars is SaaS Security Posture Management (SSPM), which offers detailed visibility into the security state of your SaaS applications and provides actionable guidance to help you strengthen your security posture efficiently. Your SaaS application environments might be configured with a risky posture, and Defender for Cloud Apps provides risk-based security configuration assessments to help you identify and mitigate potential risks. These recommendations are shown in [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management) once you have a connector to an application. For example:
 
 ![Screenshot of the SalesForce recommendations in Secure Score.](media/security-saas-sspm-in-secure-score-salesforce-filter.png)
 
-![Screenshot of the SaaS security initiative.](<media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png>)
+![Screenshot of the SaaS security initiative.](media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png)
 
 ## Prerequisites
 
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
 - Your app must be connected to Defender for Cloud Apps. For more information, see:
+  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
 
-    - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-    - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
- 
 ## Turn on SaaS security recommendations
 
 Follow these steps to ensure that your application connector is set to show data in Microsoft Security Exposure Management.
@@ -33,14 +32,16 @@ Follow these steps to ensure that your application connector is set to show data
 1. Use the filter to locate the application where you want to turn on security recommendations.
 
 1. Open the instance drawer and note whether 'Security recommendations' are turned on or off. For example, the following example shows that 'Security recommendations' are turned on for **Okta Contoso EU** instance:
-![Screenshot of an instance where Secure Score recommendations are turned on.](<media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png>)
 
-    If the instance is currently set to **Off**, select the **...** options menu and then select **Turn on 'Security recommendations'**. For example:
-![Screenshot of the Turn on Secure Score or 'Exposure management' recommendations option.](<media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png>)
+   ![Screenshot of an instance where Secure Score recommendations are turned on.](media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png)
 
-    > [!NOTE]
-    > If you have multiple instances of the same app, you can send security recommendations for each instance separately.
-Security recommendations for the selected instance are added to Microsoft Security Exposure Management in addition to the current recommendations.
+   If the instance is currently set to **Off**, select the **...** options menu and then select **Turn on 'Security recommendations'**. For example:
+
+   ![Screenshot of the Turn on Secure Score or 'Exposure management' recommendations option.](media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png)
+
+   > [!NOTE]
+   > If you have multiple instances of the same app, you can send security recommendations for each instance separately.
+   > Security recommendations for the selected instance are added to Microsoft Security Exposure Management in addition to the current recommendations.
 
 Security recommendations are shown automatically in [Microsoft Security Exposure Management](/microsoft-365/security/defender/microsoft-secure-score). Recommendations are based on Microsoft benchmarks, and might take up to 24 hours to update.
 
@@ -57,9 +58,7 @@ For more information, see [Assess your security posture with Microsoft Secure Sc
 > [!IMPORTANT]
 > Since Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD, it is recommended for these environments to consume SaaS security posture recommendations in [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation) as explained above.
 
-To effectively manage your organization’s SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see:
-
-- [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative)
+To effectively manage your organization's SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative).
 
 In addition you can find a variety of SSPM recommendations under different initiatives. Key initiatives include:
 
@@ -70,7 +69,6 @@ In addition you can find a variety of SSPM recommendations under different initi
 - Business Email Compromise - Financial fraud
 - Zero Trust (Foundational)
 
-
 ## Next steps
 
 > [!div class="nextstepaction"]
diff --git a/CloudAppSecurityDocs/saas-security-initiative.md b/CloudAppSecurityDocs/saas-security-initiative.md
@@ -4,13 +4,14 @@ description: Learn how to use the "SaaS security initiative" in Microsoft XDR
 ms.topic: how-to
 ms.date: 10/31/2024
 ---
-# SaaS Security Initiative 
+# SaaS Security Initiative
 
 > [!NOTE]
 > Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD.
 
 The SaaS Security Initiative provides a centralized place for SaaS security best practices, enabling organizations to manage and prioritize security recommendations effectively. By focusing on the most impactful metrics, organizations can enhance their SaaS security posture efficiently.
-![Screenshot of the SaaS security initiative home page.](<media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png>)
+
+![Screenshot of the SaaS security initiative home page.](media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png)
 
 
 ## What is the SaaS Security Initiative?
@@ -22,24 +23,24 @@ The SaaS Security Initiative serves as the main hub for SaaS Security Posture Ma
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
 - The app which you wish to see security recommendations for, must be connected.
 - For more information, see:
-
-    - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-    - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
+  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
 
 ## Operational Guidelines
+
 To initiate the process, navigate to the **Exposure Management** blade and select **Initiatives**. Click on the **SaaS Security** initiative and then select **Open Initiative Page**.
 
-On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations. 
+On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations.
 
-It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization’s security posture. This target will serve as a benchmark for improvement and help track advancements over time.
+It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization's security posture. This target will serve as a benchmark for improvement and help track advancements over time.
 
 For instance, to gain visibility into all best practice recommendations pertaining to privileged access within SaaS applications, select the metric labeled **Missing Best Practices to Secure Privileged Access in SaaS Apps**.
 
 Once selected, you can click on any of the **Non-Compliant** recommendations to access the associated remediation steps.
 
 ## Additional Information
 
-- Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
-- To learn more about Exposure Management initiatives visit [here](../exposure-management/initiatives.md).
+Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
 
+To learn more about Exposure Management initiatives, see [Review security initiatives](/security-exposure-management/initiatives).
 
diff --git a/defender-office-365/tenant-allow-block-list-email-spoof-configure.md b/defender-office-365/tenant-allow-block-list-email-spoof-configure.md
@@ -15,7 +15,7 @@ ms.collection:
   - tier1
 description: Admins can learn how to allow or block email and spoofed sender entries in the Tenant Allow/Block List.
 ms.service: defender-office-365
-ms.date: 07/18/2024
+ms.date: 11/27/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -92,7 +92,7 @@ To create block entries for *spoofed senders*, see [this section](#create-block-
 Email from these blocked senders is marked as *high confidence phishing* and quarantined.
 
 > [!NOTE]
-> Currently, subdomains of the specified domain aren't blocked. For example, if you create a block entry for email from contoso.com, mail from marketing.contoso.com isn't also blocked. You need to create a separate block entry for marketing.contoso.com.
+> Currently, if the block entry doesn't use the syntax \*.TLD, subdomains of the specified domain aren't blocked. For example, if you create a block entry for contoso.com, mail from marketing.contoso.com isn't also blocked. You need to create a separate block entry for marketing.contoso.com or use the \*.TLD syntax, where TLD can be any top-level domain, internal domain, or email address domain.
 >
 > Users in the organization also can't *send* email to these blocked domains and addresses. The message is returned in the following non-delivery report (also known as an NDR or bounce message): `550 5.7.703 Your message can't be delivered because messages to XXX, YYY are blocked by your organization using Tenant Allow Block List.` The entire message is blocked for all internal and external recipients of the message, even if only one recipient email address or domain is defined in a block entry.
 
