Merge pull request #2502 from MicrosoftDocs/fix-files-in-pr-2484

garycentric · web-flow · commit 790e286c84d2 · 2025-01-21T12:50:42.000-08:00
Minor fixes for articles in PR 2484
diff --git a/CloudAppSecurityDocs/best-practices.md b/CloudAppSecurityDocs/best-practices.md
@@ -59,9 +59,7 @@ Defender for Cloud Apps provides you with the ability to investigate and monitor
 * [OAuth app policies](app-permission-policy.md)
 
 ---
----
----
----
+<br/><br/>
 
 ## Apply cloud governance policies
 
@@ -137,6 +135,8 @@ Defender for Cloud Apps provides you with the ability to investigate and monitor
 * [Content inspection](content-inspection.md)
 
 ---
+<br/><br/>
+
 
 ## Enforce DLP and compliance policies for data stored in the cloud
 
@@ -147,6 +147,8 @@ Defender for Cloud Apps provides you with the ability to investigate and monitor
 * [Governing connected apps](governance-actions.md)
 
 ---
+<br/><br/>
+
 
 ## Block and protect download of sensitive data to unmanaged or risky devices
 
@@ -158,9 +160,8 @@ Defender for Cloud Apps provides you with the ability to investigate and monitor
 * [Session policies](session-policy-aad.md)
 
 ---
----
----
----
+<br/><br/>
+
 
 ## Secure collaboration with external users by enforcing real-time session controls
 
@@ -172,9 +173,8 @@ Defender for Cloud Apps provides you with the ability to investigate and monitor
 * [Session policies](session-policy-aad.md)
 
 ---
----
----
----
+<br/><br/>
+
 
 ## Detect cloud threats, compromised accounts, malicious insiders, and ransomware
 
@@ -214,9 +214,8 @@ Anomaly detection policies are triggered when there are unusual activities perfo
 * [OAuth app policies](app-permission-policy.md)
 
 ---
----
----
----
+<br/><br/>
+
 
 ## Use the audit trail of activities for forensic investigations
 
@@ -231,9 +230,8 @@ When dismissing alerts, it's important to investigate and understand why they ar
 * [Activities](activity-filters.md)
 
 ---
----
----
----
+<br/><br/>
+
 
 ## Secure IaaS services and custom apps
 
diff --git a/CloudAppSecurityDocs/data-protection-policies.md b/CloudAppSecurityDocs/data-protection-policies.md
@@ -7,8 +7,6 @@ ms.topic: how-to
 
 # File policies in Microsoft Defender for Cloud Apps
 
-
-
 File Policies allow you to enforce a wide range of automated processes using the cloud provider's APIs. Policies can be set to provide continuous compliance scans, legal eDiscovery tasks, DLP for sensitive content shared publicly, and many more use cases. Defender for Cloud Apps can monitor any file type based on more than 20 metadata filters (for example, access level, file type).
 
 ## Supported file types
@@ -24,8 +22,9 @@ The engine combines three aspects under each policy:
 * Context filters including user roles, file metadata, sharing level, organizational group integration, collaboration context, and additional customizable attributes.
 
 * Automated actions for governance and remediation.
-    > [!NOTE]
-    > Only the governance action of the first triggered policy is guaranteed to be applied. For example, if a file policy has already applied a sensitivity label to a file, a second file policy cannot apply another sensitivity label to it.
+
+  > [!NOTE]
+  > Only the governance action of the first triggered policy is guaranteed to be applied. For example, if a file policy has already applied a sensitivity label to a file, a second file policy cannot apply another sensitivity label to it.
 
 Once enabled, the policy continuously scans your cloud environment and identifies files that match the content and context filters, and apply the requested automated actions. These policies detect and remediate any violations for at-rest information or when new content is created. Policies can be monitored using real-time alerts or using console-generated reports.
 
@@ -55,7 +54,7 @@ To create a new file policy, follow this procedure:
 
 1. Select **Create policy** and select **File policy**.
 
-    ![Create a Information Protection policy.](media/create-policy-from-information-protection-tab.png)
+   ![Create a Information Protection policy.](media/create-policy-from-information-protection-tab.png)
    
 1. Give your policy a name and description, if you want you can base it on a template, for more information on policy templates, see [Control cloud apps with policies](control-cloud-apps-with-policies.md).
 
@@ -64,10 +63,12 @@ To create a new file policy, follow this procedure:
 1. Within **Category**, link the policy to the most appropriate risk type. This field is informative only and helps you search for specific policies and alerts later, based on risk type.  The risk may already be preselected according to the category for which you chose to create the policy. By default, File policies are set to DLP.
 
 1. **Create a filter for the files this policy will act on** to set which discovered apps trigger this policy. Narrow down the policy filters until you reach an accurate set of files you wish to act upon. Be as restrictive as possible to avoid false positives. For example, if you wish to remove public permissions, remember to add the **Public** filter, if you wish to remove an external user, use the "External" filter and so on.
+
    > [!NOTE]
    > When using the policy filters, **Contains**  searches only for full words – separated by commas, dots, spaces, or underscores. For example if you search for **malware** or **virus**, it finds virus_malware_file.exe but it does not find malwarevirusfile.exe. If you search for **malware.exe**, then you find ALL files with either malware or exe in their filename, whereas if you search for **"malware.exe"** (with the quotation marks) you find only files that contain exactly "malware.exe". **Equals** searches only for the complete string, for example if you search for **malware.exe** it finds malware.exe but not malware.exe.txt.
    >
    > For more information about File Policy Filters, see [File filters in Microsoft Defender for Cloud Apps](file-filters.md#file-filters).
+
 1. Under the first **Apply to** filter, select **all files excluding selected folders** or **selected folders** for Box, SharePoint, Dropbox, or OneDrive, where you can enforce your file policy over all files on the app or on specific folders. You're redirected to sign in the cloud app, and then add the relevant folders.
 
 1. Under the second **Apply to** filter, select either **all file owners**, **file owners from selected user groups** or **all file owners excluding selected groups**. Then select the relevant user groups to determine which users and groups should be included in the policy.
@@ -125,15 +126,18 @@ Each policy is composed of the following parts:
 You can go to the Policy center to review file policy violations.
 
 1. In the Microsoft Defender Portal, under **Cloud Apps**, go to **Policies** -> **Policy management**, and then select the **Information protection** tab.
+
 1. For each file policy, you can see the file policy violations by selecting the **matches**.  
 
-    ![Screenshot of sample PCI matches.](media/pci-matches.png "Screenshot of sample PCI matches.")
+   :::image type="content" alt-text="Screenshot of sample PCI matches." source="media/pci-matches.png" lightbox="media/pci-matches.png":::
 
 1. You can select the file itself to get information about the files.  
 
-    ![Screenshot of sample PCI content matches.](media/pci-content-matches.png "Screenshot of sample PCI content matches.")
+   :::image type="content" alt-text="Screenshot of sample PCI content matches." source="media/pci-content-matches.png" lightbox="media/pci-content-matches.png":::
+
+1. For example, you can select **Collaborators** to see who has access to this file, and you can select **Matches** to see the Social Security numbers. 
 
-1. For example, you can select **Collaborators** to see who has access to this file, and you can select **Matches** to see the Social Security numbers. ![Content matches credit card numbers.](media/content-matches-ccn.png "content matches Social Security numbers")
+   :::image type="content" alt-text="Content matches Social Security numbers." source="media/content-matches-ccn.png" lightbox="media/content-matches-ccn.png":::
 
 ## Related videos
 
diff --git a/CloudAppSecurityDocs/release-note-archive.md b/CloudAppSecurityDocs/release-note-archive.md
@@ -65,6 +65,7 @@ Defender for Cloud Apps plans to rotate its application certificate. If you’ve
     
     ```powershell
     keytool -list -keystore ..\lib\security\cacerts
+    ```
 
 1. If you see the following four aliases, that means you have previously explicitly trusted our certificate and need to take action. If those aliases aren't present, no action should be needed.
     - *azuretls01crt*
diff --git a/CloudAppSecurityDocs/tutorial-dlp.md b/CloudAppSecurityDocs/tutorial-dlp.md
@@ -45,11 +45,13 @@ Our approach to information protection can be split into the following phases th
 1. **Define which information is sensitive**: Before looking for sensitive information in your files, you first need to define what counts as sensitive for your organization. As part of our [data classification service](dcs-inspection.md), we offer over 100 out-of-the-box sensitive information types, or you can [create your own](/microsoft-365/compliance/create-a-custom-sensitive-information-type) to suit to your company policy. **Defender for Cloud Apps is natively integrated with Microsoft Purview Information Protection** and the same sensitive types and labels are available throughout both services. So when you want to define sensitive information, head over to the Microsoft Purview Information Protection portal to create them, and once defined they'll be available in Defender for Cloud Apps. You can also use advanced classifications types such as fingerprint or Exact Data Match (EDM).
 
     For those of you that have already done the hard work of identifying sensitive information and applying the appropriate sensitivity labels, you can use those labels in your policies without having to scan the contents again.
+
 1. **Enable Microsoft Information Protection integration**
     1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**.
     1. Under **Information Protection**,  go to **Microsoft Information Protection**. Select **Automatically scan new files for Microsoft Information Protection sensitivity labels and content inspection warnings**.
 
     For more information, see [Microsoft Purview Information Protection integration](azip-integration.md).
+
 1. **Create policies to identify sensitive information in files**: Once you know the kinds of information you want to protect, it's time to create policies to detect them. Start by creating the following policies:
 
     **File policy**  
diff --git a/CloudAppSecurityDocs/use-case-admin-quarantine.md b/CloudAppSecurityDocs/use-case-admin-quarantine.md
@@ -7,8 +7,6 @@ ms.topic: tutorial
 
 # Tutorial: Protect files with admin quarantine
 
-
-
 [File policies](data-protection-policies.md) are a great tool for finding threats to your information protection policies. For instance, create file policies that find places where users stored sensitive information, credit card numbers, and third-party ICAP files in your cloud.
 
 In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to detect unwanted files stored in your cloud that leave you vulnerable, and take immediate action to stop them in their tracks and lock down the files that pose a threat by using **Admin quarantine** to protect your files in the cloud, remediate problems, and prevent future leaks from occurring.
@@ -33,27 +31,27 @@ In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to d
 
 1. Do one of the following actions to quarantine the file:
 
-    - Manually apply the **Admin quarantine** action:
+   - Manually apply the **Admin quarantine** action:
 
-        ![quarantine action.](media/quarantine-action.png)
+     :::image type="content" alt-text="quarantine action." source="media/quarantine-action.png" lightbox="media/quarantine-action.png":::
 
-    - Set it as an automated quarantine action in the policy:
+   - Set it as an automated quarantine action in the policy:
 
-        ![quarantine automatically.](media/quarantine-automated.png)
+     :::image type="content" alt-text="quarantine automatically." source="media/quarantine-automated.png" lightbox="media/quarantine-automated.png":::
 
 1. When **Admin quarantine** is applied, the following things occur behind the scenes:
 
     1. The original file is moved to the admin quarantine folder you set.
     1. The original file is deleted.
     1. A tombstone file is uploaded to the original file location.
 
-        ![quarantine tombstone.](media/quarantine-tombstone.png)
+       :::image type="content" alt-text="quarantine tombstone." source="media/quarantine-tombstone.png":::
 
     1. The user can only access the tombstone file. In the file, they can read the custom guidelines provided by IT and the correlation ID to give IT to release the file.
 
 1. When you receive the alert that a file has been quarantined, go to **Policies** -> **Policy Management**. Then select the **Information Protection** tab.  In the row with your file policy, choose the three dots at the end of the line, and select **View all matches**. This brings you the report of matches, where you can see the matching and quarantined files:
 
-    ![Quarantined files.](media/quarantine-alerts.png)
+   :::image type="content" alt-text="Quarantined files." source="media/quarantine-alerts.png" lightbox="media/quarantine-alerts.png":::
 
 1. After a file is quarantined, use the following process to remediate the threat situation:
 
@@ -62,7 +60,7 @@ In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to d
     1. If you find the file is against corporate policy, run the organization's Incident Response (IR) process.
     1. If you find that the file is harmless, you can restore the file from quarantine. At that point the original file is released, meaning it's copied back to the original location, the tombstone is deleted, and the user can access the file.
 
-      ![quarantine restore.](media/quarantine-restore.png)
+       :::image type="content" alt-text="quarantine restore." source="media/quarantine-restore.png":::
 
 1. Validate that the policy runs smoothly. Then, you can use the automatic governance actions in the policy to prevent further leaks and automatically apply an Admin quarantine when the policy is matched.
 
@@ -77,26 +75,28 @@ In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to d
 
 1. Set file policies that detect breaches. Examples of these types of policies include:
 
-    - A metadata only policy such as a sensitivity label in SharePoint Online
-    - A native DLP policy such as a policy that searches for credit card numbers
-    - An ICAP third-party policy such as a policy that looks for Vontu
+   - A metadata only policy such as a sensitivity label in SharePoint Online
+   - A native DLP policy such as a policy that searches for credit card numbers
+   - An ICAP third-party policy such as a policy that looks for Vontu
 
 1. Set a quarantine location:
-    1. For Microsoft 365 SharePoint or OneDrive for Business, you can't put files in admin quarantine as part of a policy until you set it up:
-        ![quarantine warning.](media/quarantine-warning.png)
 
-        To set admin quarantine settings, in the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Information Protection**, choose **Admin quarantine**. Provide a site for the quarantine folder location and a user notification that your user will receive when their file is quarantined.
-        ![quarantine settings.](media/quarantine-settings.png)
+   1. For Microsoft 365 SharePoint or OneDrive for Business, you can't put files in admin quarantine as part of a policy until you set it up:
+
+      :::image type="content" alt-text="quarantine warning." source="media/quarantine-warning.png":::
 
-        > [!NOTE]
-        > Defender for Cloud Apps will create a quarantine folder on the selected site.
+      To set admin quarantine settings, in the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Information Protection**, choose **Admin quarantine**. Provide a site for the quarantine folder location and a user notification that your user will receive when their file is quarantined.
 
-    1. For Box, the quarantine folder location and user message can't be customized. The folder location is the drive of the admin who connected Box to Defender for Cloud Apps and the user message is: This file was quarantined to your administrator's drive because it might violate your company's security and compliance policies. Contact your IT administrator for help.
+      :::image type="content" alt-text="quarantine settings." source="media/quarantine-settings.png" lightbox="media/quarantine-settings.png":::
+
+      > [!NOTE]
+      > Defender for Cloud Apps will create a quarantine folder on the selected site.
+
+   1. For Box, the quarantine folder location and user message can't be customized. The folder location is the drive of the admin who connected Box to Defender for Cloud Apps and the user message is: This file was quarantined to your administrator's drive because it might violate your company's security and compliance policies. Contact your IT administrator for help.
 
 ## Next steps
 
 > [!div class="nextstepaction"]
 > [Best practices for protecting your organization](best-practices.md)
 
 [!INCLUDE [Open support ticket](includes/support.md)]
-
