Merge pull request #2067 from ShawnJackson/defender-sspm

aditisrivastava07 · web-flow · commit e1902c3b457d · 2024-12-03T11:25:51.000+05:30
[AQ] edit pass: Microsoft Defender for Cloud Apps SSPM articles
diff --git a/CloudAppSecurityDocs/posture-overview.md b/CloudAppSecurityDocs/posture-overview.md
@@ -1,75 +1,69 @@
 ---
-title: SaaS security posture management (SSPM) - overview
-description: Learn what is SaaS security posture management (SSPM) in Microsoft Defender for cloud apps
+title: SaaS Security Posture Management (SSPM) - Overview 
+description: Learn about SaaS security posture management (SSPM) in Microsoft Defender for Cloud Apps.
 ms.topic: how-to
 ms.date: 11/17/2024
 ---
 
-# SaaS security posture management (SSPM) - overview
+# SaaS security posture management (SSPM) overview 
 
-> [!NOTE]
-> Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD. For these environments, it is recommended to consume SaaS security posture recommendations via [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation).
+One of the pillars of Microsoft Defender for Cloud Apps is SaaS security posture management (SSPM). SSPM offers detailed visibility into the security state of your software as a service (SaaS) applications. It also provides actionable guidance to help you strengthen your security posture efficiently.
 
-One of Microsoft Defender for Cloud Apps’ core pillars is SaaS Security Posture Management (SSPM), which offers detailed visibility into the security state of your SaaS applications and provides actionable guidance to help you strengthen your security posture efficiently. Your SaaS application environments might be configured with a risky posture, and Defender for Cloud Apps provides risk-based security configuration assessments to help you identify and mitigate potential risks. These recommendations are shown in [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management) once you have a connector to an application. For example:
+Defender for Cloud Apps provides security configuration assessments to help you identify and mitigate potential risks in your SaaS application environments. These recommendations appear in [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management) after you have a connector to an application.
 
-![Screenshot of the SalesForce recommendations in Secure Score.](media/security-saas-sspm-in-secure-score-salesforce-filter.png)
+However, Microsoft Security Exposure Management data and capabilities are currently unavailable in US government clouds: GCC, GCC High, and DoD. For these environments, we recommend consuming SaaS security posture recommendations via [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation). The following example shows Secure Score recommendations for a Salesforce app.
 
-![Screenshot of the SaaS security initiative.](media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png)
+:::image type="content" source="media/security-saas-sspm-in-secure-score-salesforce-filter.png" alt-text="Screenshot of Salesforce recommendations in Secure Score." lightbox="media/security-saas-sspm-in-secure-score-salesforce-filter.png" :::
 
 ## Prerequisites
 
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
-- Your app must be connected to Defender for Cloud Apps. For more information, see:
-  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
+- Your app must be connected to Defender for Cloud Apps. For information about connecting and about which of the app connectors provide security recommendations, see [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md).
 
 ## Turn on SaaS security recommendations
 
-Follow these steps to ensure that your application connector is set to show data in Microsoft Security Exposure Management.
+To ensure that your application connector is set to show data in Microsoft Security Exposure Management, follow these steps:
 
 1. In Microsoft Defender XDR, select **Settings** > **Cloud Apps** > **Connected apps** > **App Connectors**.
 
 1. Use the filter to locate the application where you want to turn on security recommendations.
 
-1. Open the instance drawer and note whether 'Security recommendations' are turned on or off. For example, the following example shows that 'Security recommendations' are turned on for **Okta Contoso EU** instance:
+1. Open the instance drawer and note whether **Security recommendations** is turned on or off. The following example shows that **Security recommendations** is turned on.
 
-   ![Screenshot of an instance where Secure Score recommendations are turned on.](media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png)
+   :::image type="content" source="media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png" alt-text="Screenshot of an app instance where Secure Score recommendations are turned on." lightbox="media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png":::
 
-   If the instance is currently set to **Off**, select the **...** options menu and then select **Turn on 'Security recommendations'**. For example:
+   If the instance is currently set to **Off**, select the ellipsis that denotes the options menu (**...**), and then select **Turn on Security recommendations**.
 
-   ![Screenshot of the Turn on Secure Score or 'Exposure management' recommendations option.](media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png)
+   :::image type="content" source="media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png" alt-text="Screenshot that shows the command for turning on security recommendations." lightbox="media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png":::
 
    > [!NOTE]
-   > If you have multiple instances of the same app, you can send security recommendations for each instance separately.
-   > Security recommendations for the selected instance are added to Microsoft Security Exposure Management in addition to the current recommendations.
+   > If you have multiple instances of the same app, you can send security recommendations for each instance separately. Security recommendations for the selected instance are added to Microsoft Security Exposure Management in addition to the current recommendations.
 
-Security recommendations are shown automatically in [Microsoft Security Exposure Management](/microsoft-365/security/defender/microsoft-secure-score). Recommendations are based on Microsoft benchmarks, and might take up to 24 hours to update.
+Security recommendations appear automatically in Microsoft Security Exposure Management. Recommendations are based on Microsoft benchmarks, and they might take up to 24 hours to update.
 
-In Microsoft Secure Score, filter the **Recommended actions** tab by product to view any recommended actions. If you have multiple instances of an app, you can select to filter recommendations from specific instances only. For example:
+In [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score), filter the **Recommended actions** tab by product to view any recommended actions. If you have multiple instances of an app, you can choose to filter recommendations from specific instances only. The following example shows options for filtering specific instances.
 
-:::image type="content" source="media/secure-score-filter.png" alt-text="Screenshot of a Secure Score filter showing multiple instances of an app.":::
+:::image type="content" source="media/secure-score-filter.png" alt-text="Screenshot of a Secure Score filter that shows multiple instances of an app." lightbox="media/secure-score-filter.png":::
 
-Select a recommendation and then select the **Implementation** tab in the details pane for a step-by-step remediation guide.
+Select a recommendation, and then select the **Implementation** tab on the details pane for a step-by-step remediation guide.
 
 For more information, see [Assess your security posture with Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions).
 
-## How to manage your organization SaaS security posture
+## Manage your organization's SaaS security posture
 
-> [!IMPORTANT]
-> Since Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD, it is recommended for these environments to consume SaaS security posture recommendations in [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation) as explained above.
+To effectively manage your organization's SaaS security posture, we recommend beginning with the [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative). This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, so that you can prioritize and address the most impactful recommendations for SaaS environments. The following example shows security metrics from the SaaS Security Initiative.
 
-To effectively manage your organization's SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative).
+:::image type="content" source="media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png" alt-text="Screenshot of metrics from the SaaS Security Initiative." lightbox="media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png":::
 
-In addition you can find a variety of SSPM recommendations under different initiatives. Key initiatives include:
+You can also find a variety of SSPM recommendations under other initiatives:
 
-- SaaS Security
 - CIS Microsoft 365 Foundations Benchmark
 - Ransomware Protection
 - Identity Security
-- Business Email Compromise - Financial fraud
-- Zero Trust (Foundational)
+- Business Email Compromise (financial fraud)
+- Zero Trust (foundational)
 
-## Next steps
+## Next step
 
 > [!div class="nextstepaction"]
 > [Control cloud apps with policies](control-cloud-apps-with-policies.md)
diff --git a/CloudAppSecurityDocs/saas-security-initiative.md b/CloudAppSecurityDocs/saas-security-initiative.md
@@ -1,46 +1,37 @@
 ---
-title: SaaS security initiative
-description: Learn how to use the "SaaS security initiative" in Microsoft XDR
+title: SaaS Security Initiative
+description: Learn how to use the SaaS Security Initiative in Microsoft Defender XDR.
 ms.topic: how-to
 ms.date: 10/31/2024
 ---
-# SaaS Security Initiative
 
-> [!NOTE]
-> Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD.
+# SaaS Security Initiative 
 
-The SaaS Security Initiative provides a centralized place for SaaS security best practices, enabling organizations to manage and prioritize security recommendations effectively. By focusing on the most impactful metrics, organizations can enhance their SaaS security posture efficiently.
+The SaaS Security Initiative provides a centralized place for software as a service (SaaS) security best practices, so that organizations can manage and prioritize security recommendations effectively. By focusing on the most impactful metrics, organizations can enhance their SaaS security posture.
 
-![Screenshot of the SaaS security initiative home page.](media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png)
-
-
-## What is the SaaS Security Initiative?
-
-The SaaS Security Initiative serves as the main hub for SaaS Security Posture Management (SSPM), consolidating best-practice recommendations into 12 measurable metrics. These metrics facilitate the management and prioritization of a large number of security recommendations.
+The SaaS Security Initiative serves as the main hub for SaaS security posture management (SSPM). It consolidates best-practice recommendations into 12 measurable metrics. These metrics facilitate the management and prioritization of a large number of security recommendations.
 
 ## Prerequisites
 
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
-- The app which you wish to see security recommendations for, must be connected.
-- For more information, see:
-  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
-
-## Operational Guidelines
+- The app for which you want to view security recommendations must be connected to Defender for Cloud Apps. For information about connecting and about which of the app connectors provide security recommendations, see [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md).
 
-To initiate the process, navigate to the **Exposure Management** blade and select **Initiatives**. Click on the **SaaS Security** initiative and then select **Open Initiative Page**.
+## View SaaS Security Initiative recommendations
 
-On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations.
+1. In Microsoft Defender XDR, go to **Exposure Management** and select **Initiatives**.
+1. Select the  **SaaS Security** initiative, and then select **Open Initiative Page**.
 
-It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization's security posture. This target will serve as a benchmark for improvement and help track advancements over time.
+The page that appears lists the 12 metrics that categorize hundreds of best-practice recommendations.
 
-For instance, to gain visibility into all best practice recommendations pertaining to privileged access within SaaS applications, select the metric labeled **Missing Best Practices to Secure Privileged Access in SaaS Apps**.
+:::image type="content" source="media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png" alt-text="Screenshot of the SaaS Security Initiative home page." lightbox="media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png":::
 
-Once selected, you can click on any of the **Non-Compliant** recommendations to access the associated remediation steps.
+We recommend that you prioritize metrics with the highest **Impact on Initiative Score** level. This composite measure considers both the **Weight** value of each recommendation and the percentage of **Non-Compliant** recommendations.
 
-## Additional Information
+To effectively monitor progress, set a **target score** value for your organization's security posture. This target will serve as a benchmark for improvement and help track advancements over time.
 
-Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
+For instance, to gain visibility into all best-practice recommendations that pertain to privileged access within SaaS applications, select the metric labeled **Missing Best Practices to Secure Privileged Access in SaaS Apps**. You can then select any of the **Non-Compliant** recommendations to access the associated remediation steps.
 
-To learn more about Exposure Management initiatives, see [Review security initiatives](/security-exposure-management/initiatives).
+## Additional information
 
+- Each metric includes a list of associated app connectors. The list encourages organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, go to the **Security recommendations** tab and filter by the relevant application.
+- To learn more about Microsoft Security Exposure Management initiatives, see [Review security initiatives](/security-exposure-management/initiatives).
