Resolved merge conflicts

Author: msmbaldwin

articles/security/fundamentals/identity-management-best-practices.md

@@ -110,7 +110,7 @@ To balance security and productivity, you need to think about how a resource is
 
 Security is always evolving, and it is important to build into your cloud and identity management framework a way to regularly show growth and discover new ways to secure your environment.
 
-Identity Secure Score is a set of recommended security controls that Microsoft publishes that works to provide you a numerical score to objectively measure your security posture and help plan future security improvements. You can also view your score in comparison to those in other industries as well as your own trends over time.
+Identity Secure Score is a set of recommended security controls that Microsoft publishes that works to provide you with a numerical score to objectively measure your security posture and help plan future security improvements. You can also view your score in comparison to those in other industries as well as your own trends over time.
 
 - **Plan routine security reviews and improvements based on best practices in your industry.**: Use the Identity Secure Score feature to rank your improvements over time.
 
@@ -149,7 +149,7 @@ Following are options and benefits for enabling multifactor authentication:
 This method is available to all licensing tiers but is not able to be mixed with existing Conditional Access policies. You can find more information in [Microsoft Entra Security Defaults](/entra/fundamentals/security-defaults)
 
 **Option 2**: [Enable multifactor authentication by changing user state](/entra/identity/authentication/howto-mfa-userstates).   
-**Benefit**: This is the traditional method for requiring two-step verification. It works with both [Microsoft Entra multifactor authentication in the cloud and Azure Multi-Factor Authentication Server](/entra/identity/authentication/concept-mfa-howitworks). Using this method requires users to perform two-step verification every time they sign in and overrides Conditional Access policies.
+**Benefit**: This is the traditional method for requiring two-step verification. It works with both [Microsoft Entra multifactor authentication in the cloud and Azure Multifactor Authentication server](/entra/identity/authentication/concept-mfa-howitworks). Using this method requires users to perform two-step verification every time they sign in and overrides Conditional Access policies.
 
 To determine where multifactor authentication needs to be enabled, see [Which version of Microsoft Entra multifactor authentication is right for my organization?](/entra/identity/authentication/concept-mfa-howitworks)
 
@@ -218,12 +218,12 @@ The following summarizes the best practices found in [Securing privileged access
 
 - **Identify and categorize accounts that are in highly privileged roles.**: After turning on Microsoft Entra Privileged Identity Management, view the users who are in the global administrator, privileged role administrator, and other highly privileged roles. Remove any accounts that are no longer needed in those roles, and categorize the remaining accounts that are assigned to admin roles:
 
-* Individually assigned to administrative users and can be used for non-administrative purposes (for example, personal email)
-* Individually assigned to administrative users and designated for administrative purposes only
-* Shared across multiple users
-* For emergency access scenarios
-* For automated scripts
-* For external users
+   * Individually assigned to administrative users and can be used for non-administrative purposes (for example, personal email)
+   * Individually assigned to administrative users and designated for administrative purposes only
+   * Shared across multiple users
+   * For emergency access scenarios
+   * For automated scripts
+   * For external users
 
 - **Implement “just in time” (JIT) access to further lower the exposure time of privileges and increase your visibility into the use of privileged accounts.**: Microsoft Entra Privileged Identity Management lets you:
 

articles/security/fundamentals/incident-response-overview.md

@@ -44,7 +44,7 @@ Implement high-quality alert generation and systematic investigation capabilitie
 
 **Deploy Microsoft Defender XDR** as your primary unified security platform. Defender XDR automatically correlates alerts from endpoints, identities, email, and cloud apps into unified incidents, providing automated investigation and response at machine speed. For more information, see [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender).
 
-**Configure Microsoft Defender for Cloud** with appropriate Defender plans for your workloads (Servers, Storage, Containers, Key Vault). Tune alert thresholds and create suppression rules for known false positives while maintaining threat coverage. For more information, see [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction).
+**Configure Microsoft Defender for Cloud** with appropriate Defender plans for your workloads (Servers, Storage, Containers, Key Vault). Tune alert thresholds and create suppression rules for known false positives, while maintaining threat coverage. For more information, see [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction).
 
 **Implement Microsoft Sentinel** for centralized SIEM and SOAR capabilities. Configure analytics rules for automated incident creation with intelligent alert grouping and entity enrichment. Use the investigation graph and entity behavior analytics for comprehensive investigation. For more information, see [Microsoft Sentinel](/azure/sentinel/overview).
 

articles/security/fundamentals/operational-best-practices.md

@@ -31,7 +31,7 @@ Azure operational security refers to the services, controls, and features availa
 
 We recommend that you require two-step verification for all of your users. This includes administrators and others in your organization who can have a significant impact if their account is compromised (for example, financial officers).
 
-There are multiple options for requiring two-step verification. The best option for you depends on your goals, the Microsoft Entra edition you're running, and your licensing program. See [How to require two-step verification for a user](/entra/identity/authentication/howto-mfa-userstates) to determine the best option for you. See the [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra-pricing) and [Microsoft Entra multifactor authentication](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) pricing pages for more information about licenses and pricing.
+There are multiple options for requiring two-step verification. The best option for you depends on your goals, the Microsoft Entra edition you're running, and your licensing program. See [How to require two-step verification for a user](/entra/identity/authentication/howto-mfa-userstates) to determine the best option for you. See the [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra-pricing) and [Microsoft Entra Multifactor Authentication](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) pricing pages for more information about licenses and pricing.
 
 Following are options and benefits for enabling two-step verification:
 
@@ -45,7 +45,7 @@ Following are options and benefits for enabling two-step verification:
 This method is available to all licensing tiers but is not able to be mixed with existing Conditional Access policies. You can find more information in [Microsoft Entra Security Defaults](/entra/fundamentals/security-defaults)
 
 **Option 2**: [Enable multifactor authentication by changing user state](/entra/identity/authentication/howto-mfa-userstates).   
-**Benefit**: This is the traditional method for requiring two-step verification. It works with both [Microsoft Entra multifactor authentication in the cloud and Azure Multifactor Authentication Server](/entra/identity/authentication/concept-mfa-howitworks). Using this method requires users to perform two-step verification every time they sign in and overrides Conditional Access policies.
+**Benefit**: This is the traditional method for requiring two-step verification. It works with both [Microsoft Entra multifactor authentication in the cloud and Azure Multifactor Authentication server](/entra/identity/authentication/concept-mfa-howitworks). Using this method requires users to perform two-step verification every time they sign in and overrides Conditional Access policies.
 
 To determine where multifactor authentication needs to be enabled, see [Which version of Microsoft Entra multifactor authentication is right for my organization?](/entra/identity/authentication/concept-mfa-howitworks)
 
@@ -223,7 +223,7 @@ Here are some security best practices to follow after you adopt Azure Policy:
 
 - **Policy supports several types of effects. You can read about them in [Azure Policy definition structure](../../governance/policy/concepts/definition-structure.md#policy-rule). Business operations can be negatively affected by the **deny** effect and the **remediate** effect, so start with the **audit** effect to limit the risk of negative impact from policy.**: [Start policy deployments in audit mode](../../governance/policy/concepts/definition-structure.md#policy-rule) and then later progress to **deny** or **remediate**. Test and review the results of the audit effect before you move to **deny** or **remediate**.
 
-For more information, see [Create and manage policies to enforce compliance](../../governance/policy/tutorials/create-and-manage.md).
+   For more information, see [Create and manage policies to enforce compliance](../../governance/policy/tutorials/create-and-manage.md).
 
 - **Identify the roles responsible for monitoring for policy violations and ensuring the right remediation action is taken quickly.**: Have the assigned role monitor compliance through the [Azure portal](../../governance/policy/how-to/get-compliance-data.md#portal) or via the [command line](../../governance/policy/how-to/get-compliance-data.md#command-line).