update

Author: msmbaldwin

articles/security/fundamentals/antimalware.md

@@ -8,7 +8,7 @@ ms.assetid: 265683c8-30d7-4f2b-b66c-5082a18f7a8b
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
-ms.date: 04/24/2025
+ms.date: 01/12/2026
 ms.author: mbaldwin
 ---
 
@@ -42,7 +42,7 @@ Microsoft Antimalware for Azure consists of several components:
 - Antimalware PowerShell cmdlets
 - Azure Diagnostics Extension
 
-### Platform Support and Deployment
+### Platform support and deployment
 
 **Virtual Machines:**
 - Not installed by default
@@ -100,13 +100,13 @@ The following table summarizes the configuration settings available for the Anti
 
 ![Table 1](./media/antimalware/sec-azantimal-tb18.png)
 
-## Antimalware Deployment Scenarios
+## Antimalware deployment scenarios
 
 The scenarios to enable and configure antimalware, including monitoring for Azure Cloud Services and Virtual Machines, are discussed in this section.
 
 ### Virtual machines - enable and configure antimalware
 
-#### Deployment While creating a VM using the Azure portal
+#### Deployment while creating a VM using the Azure portal
 
 Follow these steps to enable and configure Microsoft Antimalware for Azure Virtual Machines using the Azure portal while provisioning a Virtual Machine:
 
@@ -154,7 +154,7 @@ To enable and configure the Microsoft Antimalware service using Visual Studio:
 > [!NOTE]
 > The Visual Studio Virtual Machines configuration for Antimalware supports only JSON format configuration. For more information about sample configurations, see [Code samples to enable and configure Microsoft Antimalware for Azure](antimalware-code-samples.md).
 
-#### Deployment Using PowerShell cmdlets
+#### Deployment using PowerShell cmdlets
 
 An Azure application or service can enable and configure Microsoft Antimalware for Azure Virtual Machines using PowerShell cmdlets.
 
@@ -166,7 +166,7 @@ To enable and configure Microsoft Antimalware using PowerShell cmdlets:
 > [!NOTE]
 >The Azure Virtual Machines configuration for Antimalware supports only JSON format configuration. For more information about sample configurations, see [Code samples to enable and configure Microsoft Antimalware for Azure](antimalware-code-samples.md).
 
-### Enable and Configure Antimalware Using PowerShell cmdlets
+### Enable and configure antimalware using PowerShell cmdlets
 
 An Azure application or service can enable and configure Microsoft Antimalware for Azure Cloud Services using PowerShell cmdlets. Microsoft Antimalware is installed in a disabled state in the Cloud Services platform and requires an action by an Azure application to enable it.
 
@@ -177,7 +177,7 @@ To enable and configure Microsoft Antimalware using PowerShell cmdlets:
 
 For more information about sample PowerShell commands, see [Code samples to enable and configure Microsoft Antimalware for Azure](antimalware-code-samples.md).
 
-### Cloud Services and Virtual Machines - Configuration Using PowerShell cmdlets
+### Cloud Services and Virtual Machines - configuration using PowerShell cmdlets
 
 An Azure application or service can retrieve the Microsoft Antimalware configuration for Cloud Services and Virtual Machines using PowerShell cmdlets.
 
@@ -189,7 +189,7 @@ To retrieve the Microsoft Antimalware configuration using PowerShell cmdlets:
 
 ## Samples
 
-### Remove Antimalware Configuration Using PowerShell cmdlets
+### Remove antimalware configuration using PowerShell cmdlets
 
 An Azure application or service can completely remove Microsoft Antimalware protection by uninstalling the relevant extensions from your Cloud Services or Virtual Machines. This process removes both the antimalware protection and associated monitoring settings, completely discontinuing malware protection and event collection for the specified resources.
 
@@ -211,7 +211,7 @@ Antimalware events are collected from the Windows event system logs to your Azur
 
 ![Metrics and diagnostics](./media/antimalware/sec-azantimal-fig8.PNG)
 
-### Enable and configure Antimalware using PowerShell cmdlets for Azure Resource Manager VMs
+### Enable and configure antimalware using PowerShell cmdlets for Azure Resource Manager VMs
 
 To enable and configure Microsoft Antimalware for Azure Resource Manager VMs using PowerShell cmdlets:
 
@@ -223,7 +223,7 @@ The following code samples are available:
 - [Deploy Microsoft Antimalware on ARM template VMs](antimalware-code-samples.md#deploy-microsoft-antimalware-on-azure-resource-manager-vms)
 - [Add Microsoft Antimalware to Azure Service Fabric Clusters](antimalware-code-samples.md#add-microsoft-antimalware-to-azure-service-fabric-clusters)
 
-### Enable and configure Antimalware to Azure Cloud Service Extended Support (CS-ES) using PowerShell cmdlets
+### Enable and configure antimalware to Azure Cloud Service Extended Support (CS-ES) using PowerShell cmdlets
 
 To enable and configure Microsoft Antimalware using PowerShell cmdlets:
 
@@ -234,7 +234,7 @@ The following code sample is available:
 
 - [Add Microsoft Antimalware to Azure Cloud Service using Extended Support(CS-ES)](antimalware-code-samples.md#add-microsoft-antimalware-to-azure-cloud-service-using-extended-support)
 
-### Enable and configure Antimalware using PowerShell cmdlets for Azure Arc-enabled servers
+### Enable and configure antimalware using PowerShell cmdlets for Azure Arc-enabled servers
 
 To enable and configure Microsoft Antimalware for Azure Arc-enabled servers using PowerShell cmdlets:
 

articles/security/fundamentals/managed-tls-changes.md

@@ -5,7 +5,7 @@ services: security
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: concept-article
-ms.date: 08/26/2025
+ms.date: 01/12/2026
 
 ms.author: sarahlipsey
 author: shlipsey3
@@ -30,7 +30,7 @@ Starting in late 2025, Azure began updating its managed TLS solution to align wi
 - Azure Container Apps
 - Azure Static Web Apps
 
-## Key Changes
+## Key changes
 
 This update includes two key changes:
 
@@ -42,7 +42,7 @@ This update includes two key changes:
     - These new CAs will not support client authentication in accordance with browser trusted root program requirements.
     All managed TLS certificates under the new CAs will only include the Server Authentication Extended Key Usage (EKU).
 
-## Potential Customer impact
+## Potential customer impact
 
 To prepare for the change, it's important to know how the changes could potentially affect customers.
 

articles/security/fundamentals/operational-best-practices.md

@@ -14,11 +14,13 @@ ms.author: mbaldwin
 ---
 
 # Azure Operational Security best practices
+
 This article provides a set of operational best practices for protecting your data, applications, and other assets in Azure.
 
 The best practices are based on a consensus of opinion, and they work with current Azure platform capabilities and feature sets. Opinions and technologies change over time and this article is updated on a regular basis to reflect those changes.
 
 ## Define and deploy strong operational security practices
+
 Azure operational security refers to the services, controls, and features available to users for protecting their data, applications, and other assets in Azure. Azure operational security is built on a framework that incorporates the knowledge gained through capabilities that are unique to Microsoft, including the [Security Development Lifecycle (SDL)](https://www.microsoft.com/sdl), the [Microsoft Security Response Center](https://www.microsoft.com/msrc?rtc=1) program, and deep awareness of the cybersecurity threat landscape.
 
 <a name='enforce-multi-factor-verification-for-users'></a>

articles/security/fundamentals/operational-overview.md

@@ -7,7 +7,7 @@ author: msmbaldwin
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
-ms.date: 12/03/2025
+ms.date: 01/12/2026
 ms.author: mbaldwin
 
 ---
@@ -98,7 +98,7 @@ You can also use monitoring data to gain deep insights about your application. T
 
 Azure Monitor includes the following components.
 
-### Azure Activity Log
+### Azure activity log
 
 The [Azure Activity Log](/azure/azure-monitor/essentials/platform-logs-overview) provides insight into the operations that were performed on resources in your subscription. It was previously known as “Audit Log” or “Operational Log,” because it reports control-plane events for your subscriptions.
 
@@ -114,7 +114,7 @@ Diagnostic logs differ from the [Activity Log](/azure/azure-monitor/essentials/p
 
 Azure Monitor provides telemetry that gives you visibility into the performance and health of your workloads on Azure. The most important type of Azure telemetry data is the [metrics](/azure/azure-monitor/data-platform) (also called performance counters) emitted by most Azure resources. Azure Monitor provides several ways to configure and consume these metrics for monitoring and troubleshooting.
 
-### Azure Diagnostics
+### Azure diagnostics
 
 Azure Diagnostics enables the collection of diagnostic data on a deployed application. You can use the Diagnostics extension from various sources. Currently supported are [Azure cloud service roles](/visualstudio/azure/vs-azure-tools-configure-roles-for-cloud-service), [Azure virtual machines](/visualstudio/azure/vs-azure-tools-configure-roles-for-cloud-service) running Microsoft Windows, and [Azure Service Fabric](/azure/azure-monitor/agents/diagnostics-extension-overview).
 
@@ -144,13 +144,13 @@ Network Watcher currently has the following capabilities:
 
 For more information, see [Configure Network Watcher](../../network-watcher/network-watcher-create.md).
 
-## Cloud Service Provider Access Transparency
+## Cloud service provider access transparency
 
 [Customer Lockbox for Microsoft Azure](customer-lockbox-overview.md) is a service integrated into Azure portal that gives you explicit control in the rare instance when a Microsoft Support Engineer may need access to your data to resolve an issue.
 There are very few instances, such as a debugging remote access issue, where a Microsoft Support Engineer requires elevated permissions to resolve this issue. In such cases, Microsoft engineers use just-in-time access service that provides limited, time-bound authorization with access limited to the service.  
 While Microsoft has always obtained customer consent for access, Customer Lockbox now gives you the ability to review and approve or deny such requests from the Azure portal. Microsoft support engineers will not be granted access until you approve the request.
 
-## Standardized and Compliant Deployments
+## Standardized and compliant deployments
 
 [Azure Blueprints](../../governance/blueprints/overview.md) enable cloud architects and central information technology groups to define a repeatable set of Azure resources that implement and adhere to an organization's standards, patterns, and requirements.  
 This makes it possible for DevOps teams to rapidly build and stand up new environments and trust that they're building them with infrastructure that maintains organizational compliance.

articles/security/fundamentals/operational-security.md

@@ -2,19 +2,16 @@
 title: Azure Operational Security | Microsoft Docs
 description: Introduce yourself to Microsoft Azure Monitor logs, its services, and how it works by reading this overview.
 services: security
-author: UnifyCloud
-manager: barbkess
-editor: TomSh
-
+author: msmbaldwin
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article 
-ms.date: 11/21/2017
-ms.author: TomSh
+ms.date: 01/12/2026
+ms.author: mbaldwin
 
 ---
 
-# Azure Operational Security
+# Azure operational security
 ## Introduction
 
 ### Overview
@@ -91,7 +88,7 @@ The Azure Monitor service manages your cloud-based data securely by using the fo
 
 Protected data in Azure Backup is stored in a backup vault located in a particular geographic region. The data is replicated within the same region and, depending on the type of vault, may also be replicated to another region for further resiliency.
 
-### Management Solutions
+### Management solutions
 [Azure Monitor](../../security-center/security-center-introduction.md) is Microsoft's cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure.
 
 
@@ -172,7 +169,7 @@ Cloud applications are complex with many moving parts. Monitoring provides data
 
 In addition, you can use monitoring data to gain deep insights about your application. That knowledge can help you to improve application performance or maintainability, or automate actions that would otherwise require manual intervention.
 
-### Azure Activity Log
+### Azure activity log
 
 
 It is a log that provides insight into the operations that were performed on resources in your subscription. The Activity Log was previously known as “Audit Logs” or “Operational Logs,” since it reports control-plane events for your subscriptions.
@@ -181,7 +178,7 @@ It is a log that provides insight into the operations that were performed on res
 
 Using the Activity Log, you can determine the ‘what, who, and when’ for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. You can also understand the status of the operation and other relevant properties. The Activity Log does not include read (GET) operations or operations for resources that use the Classic model.
 
-### Azure Diagnostic Logs
+### Azure diagnostic logs
 
 These logs are emitted by a resource and provide rich, frequent data about the operation of that resource. The content of these logs varies by resource type.
 
@@ -325,7 +322,7 @@ This article explains
 </ul>
 </ul>
 
-## Next Steps
+## Next steps
 
 - [Design and operational security](https://www.microsoft.com/trustcenter/security/designopsecurity)
 

articles/security/fundamentals/protection-customer-data.md

@@ -8,7 +8,7 @@ ms.assetid: 61e95a87-39c5-48f5-aee6-6f90ddcd336e
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
-ms.date: 12/03/2025
+ms.date: 01/12/2026
 ms.author: mbaldwin
 
 ---

articles/security/fundamentals/services-technologies.md

@@ -8,7 +8,7 @@ ms.assetid: a5a7f60a-97e2-49b4-a8c5-7c010ff27ef8
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: conceptual
-ms.date: 01/08/2026
+ms.date: 01/12/2026
 ms.author: mbaldwin
 
 ---

articles/security/fundamentals/shared-responsibility.md

@@ -6,7 +6,7 @@ author: msmbaldwin
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
-ms.date: 01/08/2026
+ms.date: 01/12/2026
 ms.author: mbaldwin
 #customer intent: As a cloud security administrator, I want to understand the shared responsibility model in Azure so that I can clearly identify which security tasks are mine and which are handled by Microsoft.
 ---
@@ -72,7 +72,7 @@ Microsoft is responsible for the underlying cloud infrastructure, which includes
 - **Hypervisor** - Managing the virtualization layer that enables virtual machines in IaaS and PaaS.
 - **Platform services** - In PaaS and SaaS, Microsoft manages operating systems, runtime environments, and middleware.
 
-## AI Shared Responsibility
+## AI shared responsibility
 
 When using AI services, the shared responsibility model introduces unique considerations beyond traditional IaaS, PaaS, and SaaS. Microsoft is responsible for securing the AI infrastructure, model hosting, and platform-level safeguards. Customers, however, remain accountable for how AI is applied within their environment—this includes protecting sensitive data, managing prompt security, mitigating prompt injection risks, and ensuring compliance with organizational and regulatory requirements.
 

articles/security/fundamentals/subdomain-takeover.md

@@ -8,7 +8,7 @@ author: msmbaldwin
 ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
-ms.date: 04/16/2025
+ms.date: 01/12/2026
 ms.author: mbaldwin
 
 ---
@@ -182,7 +182,7 @@ It's often up to developers and operations teams to run cleanup processes to avo
     - Investigate why the address wasn't rerouted when the resource was decommissioned.
     - Delete the DNS record if it's no longer in use, or point it to the correct Azure resource (FQDN) owned by your organization.
 
-### Clean up DNS pointers or Re-claim the DNS
+### Clean up DNS pointers or re-claim the DNS
 
 Upon deletion of the classic cloud service resource, the corresponding DNS is reserved as per Azure DNS policies. During the reservation period, re-use of the DNS will be forbidden EXCEPT for subscriptions belonging to the Microsoft Entra tenant of the subscription originally owning the DNS. After the reservation expires, the DNS is free to be claimed by any subscription. By taking DNS reservations, the customer is afforded some time to either 1) clean up any associations/pointers to said DNS or 2) re-claim the DNS in Azure. The recommendation would be to delete unwanted DNS entries at the earliest. The DNS name being reserved can be derived by appending the cloud service name to the DNS zone for that cloud.