Merge pull request #4565 from alexbuckgit/alexbuckgit/docutune-autopr…

…-20211111-231236-6746615

DocuTune: Final review for security rebranding

docs/aws-professional/security-identity.md

@@ -37,7 +37,7 @@ A combination of multi-factor authentication (MFA) and conditional access (CA) p
 
 ## Cloud Platform Security (multi-cloud)
 
-Once a common identity has been established in your multi-cloud environment, the [Cloud Platform Security (CPS)](/cloud-app-security/tutorial-cloud-platform-security) service of [Microsoft Cloud App Security (MCAS)](/cloud-app-security/) can be used to discover, monitor, assess, and protect those services. Using the Cloud Discovery dashboard, security operations personnel can review the apps and resources being used across AWS and Azure cloud platforms. Once services are reviewed and sanctioned for use, the services can then be managed as enterprise applications in Azure Active Directory to enable SAML, password-based, and linked Single Sign-On mode for the convenience of users.
+Once a common identity has been established in your multi-cloud environment, the [Cloud Platform Security (CPS)](/cloud-app-security/tutorial-cloud-platform-security) service of [Microsoft Defender for Cloud Apps](/cloud-app-security/) can be used to discover, monitor, assess, and protect those services. Using the Cloud Discovery dashboard, security operations personnel can review the apps and resources being used across AWS and Azure cloud platforms. Once services are reviewed and sanctioned for use, the services can then be managed as enterprise applications in Azure Active Directory to enable SAML, password-based, and linked Single Sign-On mode for the convenience of users.
 
 CPS also provides for the ability to assess the cloud platforms connected for misconfigurations and compliance using vendor specific recommended security and configuration controls. This design enables organizations to maintain a single consolidated view of all cloud platform services and their compliance status.
 
@@ -47,7 +47,7 @@ Additionally, CPS provides access and session control policies to prevent and pr
 
 To limit and control access for your highest privileged accounts in Azure AD, [Privileged Identity Management (PIM)](/azure/active-directory/privileged-identity-management/) can be enabled to provide just-in-time access to services for Azure cloud services. Once deployed, PIM can be used to control and limit access using the assignment model for roles, eliminate persistent access for these privileged accounts, and provide additional discover and monitoring of users with these account types.
 
-When combined with [Azure Sentinel](/azure/sentinel/), workbooks and playbooks can be established to monitor and raise alerts to your security operations center personnel when there is lateral movement of accounts that have been compromised.
+When combined with [Microsoft Sentinel](/azure/sentinel/), workbooks and playbooks can be established to monitor and raise alerts to your security operations center personnel when there is lateral movement of accounts that have been compromised.
 
 ## Consistent end-to-end identity management
 

docs/aws-professional/services.md

@@ -311,7 +311,7 @@ In addition to front-end testing, the [Azure DevTest Labs](https://azure.microso
 
 | AWS service | Azure service | Description |
 | ----------- | ------------- | ----------- |
-| [Inspector](https://aws.amazon.com/inspector) | [Security Center](https://azure.microsoft.com/services/security-center) | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. |
+| [Inspector](https://aws.amazon.com/inspector) | [Defender for Cloud](https://azure.microsoft.com/services/security-center) | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. |
 | [Certificate Manager](https://aws.amazon.com/certificate-manager) | [App Service Certificates available on the Portal](https://azure.microsoft.com/blog/internals-of-app-service-certificate) | Service that allows customers to create, manage, and consume certificates seamlessly in the cloud. |
 | [GuardDuty](https://aws.amazon.com/guardduty/) | [Advanced Threat Protection](https://azure.microsoft.com/features/azure-advanced-threat-protection) | Detect and investigate advanced attacks on-premises and in the cloud. |
 | [Artifact](https://aws.amazon.com/artifact) | [Service Trust Portal](https://servicetrust.microsoft.com/) | Provides access to audit reports, compliance guides, and trust documents from across cloud services. |
@@ -323,7 +323,7 @@ In addition to front-end testing, the [Azure DevTest Labs](https://azure.microso
 
 [!INCLUDE [Real-time fraud detection](../../includes/cards/fraud-detection.md)]
 [!INCLUDE [Securely managed web applications](../../includes/cards/fully-managed-secure-apps.md)]
-[!INCLUDE [Threat indicators for cyber threat intelligence in Azure Sentinel](../../includes/cards/sentinel-threat-intelligence.md)]
+[!INCLUDE [Threat indicators for cyber threat intelligence in Sentinel](../../includes/cards/sentinel-threat-intelligence.md)]
 
 </ul>
 

docs/data-guide/scenarios/securing-data-solutions.md

@@ -70,7 +70,7 @@ For more information, see [Azure Logging and Auditing](/azure/security/azure-log
 
 Use [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/overview) to restrict access to Azure resources based on user roles. If you are using Active Directory on-premises, you can [synchronize with Azure AD](/azure/active-directory/active-directory-hybrid-identity-design-considerations-directory-sync-requirements) to provide users with a cloud identity based on their on-premises identity.
 
-Use [Conditional access in Azure Active Directory](/azure/active-directory/active-directory-conditional-access-azure-portal) to enforce controls on the access to applications in your environment based on specific conditions. For example, your policy statement could take the form of: _When contractors are trying to access our cloud apps from networks that are not trusted, then block access_.
+Use [Conditional access in Azure Active Directory](/azure/active-directory/active-directory-conditional-access-azure-portal) to enforce controls on the access to applications in your environment based on specific conditions. For example, your policy statement could take the form of: *When contractors are trying to access our cloud apps from networks that are not trusted, then block access*.
 
 [Azure AD Privileged Identity Management](/azure/active-directory/active-directory-privileged-identity-management-configure) can help you manage, control, and monitor your users and what sorts of tasks they are performing with their admin privileges. This is an important step to limiting who in your organization can carry out privileged operations in Azure AD, Azure, Microsoft 365, or SaaS apps, as well as monitor their activities.
 
@@ -88,7 +88,7 @@ For more information, see [Azure network security](/azure/security/azure-network
 
 ### Monitoring
 
-[Azure Security Center](/azure/security-center/security-center-intro) automatically collects, analyzes, and integrates log data from your Azure resources, the network, and connected partner solutions, such as firewall solutions, to detect real threats and reduce false positives.
+[Microsoft Defender for Cloud](/azure/security-center/security-center-intro) automatically collects, analyzes, and integrates log data from your Azure resources, the network, and connected partner solutions, such as firewall solutions, to detect real threats and reduce false positives.
 
 [Log Analytics](/azure/log-analytics/log-analytics-overview) provides centralized access to your logs and helps you analyze that data and create custom alerts.
 

docs/example-scenario/aadsec/azure-ad-security-content.md

@@ -1,5 +1,4 @@
 
-
 This architecture shows how Security Operations Center (SOC) teams can incorporate Azure Active Directory (Azure AD) identity and access capabilities into an overall integrated and layered *zero-trust* security strategy.
 
 Network security dominated SOC operations when all services and devices were contained on managed networks in organizations. However, [Gartner](https://www.gartner.com/en/newsroom/press-releases/2019-04-02-gartner-forecasts-worldwide-public-cloud-revenue-to-g) predicts that through 2022, the market size of cloud services will grow at a rate nearly three times that of overall IT services. As more companies embrace cloud computing, there's a shift toward treating [user identity](/azure/security/fundamentals/identity-management-best-practices#treat-identity-as-the-primary-security-perimeter) as the primary security boundary.
@@ -21,6 +20,7 @@ The [Microsoft Cybersecurity Reference Architecture (MCRA)](https://gallery.tech
 This article advances the zero-trust, adaptive security approach to IDaaS, emphasizing components available on the Azure AD platform.
 
 ## Use cases
+
 - Design new security solutions
 - Enhance or integrate with existing implementations
 - Educate SOC teams
@@ -81,13 +81,15 @@ Azure AD can use the following conditional access controls with conditional acce
 
   You can use PIM to [require approval](/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings) or justification for activating administrative roles. Users can maintain normal privileges most of the time, and request and receive access to roles they need to complete administrative or specialized tasks. When they complete their work and sign out, or the time limit on their access expires, they can reauthenticate with their standard user permissions.
 
-- [Microsoft cloud app security (MCAS)](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/cloud-app-security) is a *cloud app security broker (CAS-B)* that analyzes traffic logs to discover and monitor the applications and services in use in your organization. With MCAS, you can:
+- [Microsoft Defender for Cloud Apps](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/cloud-app-security) is a *cloud access security broker (CASB)* that analyzes traffic logs to discover and monitor the applications and services in use in your organization. With Defender for Cloud Apps, you can:
+
   - [Create policies](/cloud-app-security/control-cloud-apps-with-policies) to manage interaction with apps and services
   - Identify applications as [sanctioned or unsanctioned](/cloud-app-security/governance-discovery)
   - [Control and limit access to data](/cloud-app-security/governance-actions)
   - [Apply information protection](/cloud-app-security/azip-integration) to guard against information loss
 
-  MCAS can also work with [access policies](/cloud-app-security/access-policy-aad) and [session policies](/cloud-app-security/session-policy-aad) to control user access to SaaS apps. For example, you can:
+  Defender for Cloud Apps can also work with [access policies](/cloud-app-security/access-policy-aad) and [session policies](/cloud-app-security/session-policy-aad) to control user access to SaaS apps. For example, you can:
+
   - [Limit the IP ranges](/azure/active-directory/conditional-access/location-condition) that can access apps
   - [Require MFA](/azure/active-directory/authentication/concept-mfa-howitworks) for app access
   - [Allow activities only from within approved apps](/azure/active-directory/conditional-access/app-based-conditional-access)
@@ -115,10 +117,11 @@ Azure AD can use the following conditional access controls with conditional acce
 Azure AD [audit reports](/azure/active-directory/reports-monitoring/concept-audit-logs) provide traceability for Azure activities with audit logs, sign-in logs, and risky sign-in and risky user reports. You can filter and search the log data based on several parameters, including service, category, activity, and status.
 
 You can route Azure AD log data to endpoints like:
+
 - Azure Storage accounts
 - [Azure Monitor logs](/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor)
 - [Azure event hubs](/azure/azure-monitor/platform/stream-monitoring-data-event-hubs)
-- SIEM solutions like [Azure Sentinel](/azure/sentinel/quickstart-onboard), [ArcSight](/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-arcsight), [Splunk](/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-splunk), [SumoLogic](/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-sumologic), [other external SIEM tools](/azure/azure-monitor/platform/stream-monitoring-data-event-hubs#partner-tools-with-azure-monitor-integration), or your own solution.
+- SIEM solutions like [Microsoft Sentinel](/azure/sentinel/quickstart-onboard), [ArcSight](/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-arcsight), [Splunk](/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-splunk), [SumoLogic](/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-sumologic), [other external SIEM tools](/azure/azure-monitor/platform/stream-monitoring-data-event-hubs#partner-tools-with-azure-monitor-integration), or your own solution.
 
 You can also use the Microsoft Graph [reporting API](/azure/active-directory/reports-monitoring/concept-reporting-api) to retrieve and consume Azure AD log data within your own scripts.
 
@@ -128,7 +131,7 @@ Authentication methods are key to securing your organization's identities in a h
 
 [Azure Advanced Threat Protection (AATP)](/azure-advanced-threat-protection/what-is-atp) can use your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions. AATP focuses on UEBA to identify insider threats and flag risk. Even if an identity becomes compromised, AATP can help identify the compromise based on unusual user behavior.
 
-AATP is [integrated with MCAS](/azure-advanced-threat-protection/atp-mcas-integration) to extend protection to cloud apps. You can use MCAS to create [session policies](/cloud-app-security/session-policy-aad#protect-download) that protect your files on download. For example, you may automatically set view-only permissions on any file downloaded by specific types of users.
+AATP is [integrated with Defender for Cloud Apps](/azure-advanced-threat-protection/atp-mcas-integration) to extend protection to cloud apps. You can use Defender for Cloud Apps to create [session policies](/cloud-app-security/session-policy-aad#protect-download) that protect your files on download. For example, you may automatically set view-only permissions on any file downloaded by specific types of users.
 
 You can use AATP with [Azure Identity Protection](/azure/active-directory/identity-protection/) to help protect user identities that are synchronized to Azure with [Azure AD Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect).
 
@@ -141,6 +144,7 @@ If some of your apps already use an existing [delivery controller or network con
 Azure Active Directory pricing ranges from free, for features like SSO and MFA, to Premium P2, for features like PIM and Entitlement Management. For pricing details, see [Azure Active Directory pricing](https://azure.microsoft.com/pricing/details/active-directory/).
 
 ## Next steps
+
 - [Zero Trust security](https://www.microsoft.com/security/business/zero-trust)
 - [Zero Trust Deployment Guide for Microsoft Azure Active Directory](https://www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/)
 - [Overview of the security pillar](../../framework/security/overview.md)

docs/example-scenario/ai/citizen-ai-power-platform-content.md

@@ -34,7 +34,7 @@ The architecture below extends on the [Analytics end-to-end with Azure Synapse](
 1. **Train and deploy model:** [Azure Machine Learning](https://azure.microsoft.com/services/machine-learning) provides an enterprise-grade ML service for building and deploying models faster. It provides users at all skill levels with a low-code designer, automated ML, and a hosted Jupyter notebook environment. Models can be deployed either as real-time endpoints on [Azure Kubernetes Service, or as a Machine Learning managed endpoint](/azure/machine-learning/concept-endpoints). For batch inferencing of ML models, you can use [Machine Learning pipelines](/azure/machine-learning/concept-ml-pipelines).
 1. **Consume:** A model—either batch or real-time—published in Machine Learning can generate a REST endpoint that can be consumed in a [custom application built using the low-code Power Apps platform](/connectors/custom-connectors/use-custom-connector-powerapps). You can also call a [real-time Machine Learning endpoint from a Power BI report](/power-bi/connect-data/service-aml-integrate) to present predictions in business reports.
 
-> [!Note]
+> [!NOTE]
 > Both Machine Learning and Power Platform stack have a range of built-in connectors to help ingest data directly. These may be useful for a one-off minimum viable product (MVP). However, the **Ingest** and **Store** sections of the architecture advise on the role of standardized data pipelines for the sourcing and storage of data from different sources at scale – patterns that are typically implemented and maintained by the enterprise data platform teams.
 
 ### Components
@@ -71,7 +71,7 @@ To create a design that respects these recommendations, consider the following s
 - [Azure Cost Management and Billing](https://azure.microsoft.com/services/cost-management): Financial governance over your Azure workloads.
 - [Azure Key Vault](https://azure.microsoft.com/services/key-vault): Secure credential and certificate management.
 - [Azure Monitor](https://azure.microsoft.com/services/monitor): Collection, analysis, and display of telemetry from your Azure resources. Use Monitor to proactively identify problems, to maximize performance and reliability.
-- [Azure Security Center](https://azure.microsoft.com/services/security-center): Strengthen and monitor the security posture of your Azure workloads.
+- [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center): Strengthen and monitor the security posture of your Azure workloads.
 - [Azure DevOps](https://azure.microsoft.com/solutions/devops) & [GitHub](https://azure.microsoft.com/products/github): Implement DevOps practices to enforce automation and compliance of your workload development and deployment pipelines for Azure Synapse and Machine Learning.
 - [Azure Policy](/azure/governance/policy): Implement organizational standards and governance for resource consistency, regulatory compliance, security, cost, and management.