update

Author: msmbaldwin

articles/security/fundamentals/identity-management-best-practices.md

@@ -103,7 +103,7 @@ In a mobile-first, cloud-first world, you want to enable single sign-on (SSO) to
 By using the same identity solution for all your apps and resources, you can achieve SSO. And your users can use the same set of credentials to sign in and access the resources that they need, whether the resources are located on-premises or in the cloud.
 
 **Best practice**: Enable SSO.  
-**Detail**: Microsoft Entra ID [extends on-premises Active Directory](/entra/identity/hybrid/whatis-hybrid-identity) to the cloud. Users can use their primary work or school account for their domain-joined devices, company resources, and all of the web and SaaS applications that they need to get their jobs done. Users don't have to remember multiple sets of usernames and passwords, and their application access can be automatically provisioned (or deprovisioned) based on their organization group memberships and their status as an employee. And you can control that access for gallery apps or for your own on-premises apps that you've developed and published through the [Microsoft Entra application proxy](/entra/identity/app-proxy/what-is-application-proxy).
+**Detail**: Microsoft Entra ID [extends on-premises Active Directory](/entra/identity/hybrid/whatis-hybrid-identity) to the cloud. Users can use their primary work or school account for their domain-joined devices, company resources, and all of the web and SaaS applications that they need to get their jobs done. Users don't have to remember multiple sets of usernames and passwords, and their application access can be automatically provisioned (or deprovisioned) based on their organization group memberships and their status as an employee. And you can control that access for gallery apps or for your own on-premises apps that you've developed and published through the [Microsoft Entra application proxy](/entra/identity/app-proxy/overview-what-is-app-proxy).
 
 Use SSO to enable users to access their [SaaS applications](/entra/identity/enterprise-apps/what-is-single-sign-on) based on their work or school account in Microsoft Entra ID. This is applicable not only for Microsoft SaaS apps, but also other apps, such as [Google Apps](/entra/identity/saas-apps/google-apps-tutorial) and [Salesforce](/entra/identity/saas-apps/salesforce-tutorial). You can configure your application to use Microsoft Entra ID as a [SAML-based identity](/entra/fundamentals/whatis) provider. As a security control, Microsoft Entra ID does not issue a token that allows users to sign in to the application unless they have been granted access through Microsoft Entra ID. You can grant access directly, or through a group that users are a member of.
 

articles/security/fundamentals/operational-best-practices.md

@@ -239,7 +239,7 @@ Azure has two DDoS [service offerings](../../ddos-protection/ddos-protection-ove
 Enable Azure Policy to monitor and enforce your organization's written policy. This will ensure compliance with your company or regulatory security requirements by centrally managing security policies across your hybrid cloud workloads. Learn how to [create and manage policies to enforce compliance](../../governance/policy/tutorials/create-and-manage.md). See [Azure Policy definition structure](../../governance/policy/concepts/definition-structure.md) for an overview of the elements of a policy.
 
 **Best practice**: Use Azure Policy to enforce Microsoft Cloud Security Benchmark v2 (preview) recommendations across your environment.  
-**Detail**: The [Microsoft Cloud Security Benchmark v2 (preview)](/security/benchmark/azure/overview) provides comprehensive security best practices with expanded Azure Policy coverage (420+ policy-based measurements). Assign Microsoft Cloud Security Benchmark v2 (preview) policies to your subscriptions and management groups to continuously audit and enforce secure configurations. The benchmark includes new controls for AI security, confidential computing, and enhanced threat detection. Use the [Defender for Cloud regulatory compliance dashboard](../../defender-for-cloud/update-regulatory-compliance-packages.md) to track compliance and identify security gaps requiring remediation.
+**Detail**: The [Microsoft Cloud Security Benchmark v2 (preview)](/security/benchmark/azure/overview) provides comprehensive security best practices with expanded Azure Policy coverage (420+ policy-based measurements). Assign Microsoft Cloud Security Benchmark v2 (preview) policies to your subscriptions and management groups to continuously audit and enforce secure configurations. The benchmark includes new controls for AI security, confidential computing, and enhanced threat detection. Use the [Defender for Cloud regulatory compliance dashboard](../../defender-for-cloud/regulatory-compliance-dashboard.md) to track compliance and identify security gaps requiring remediation.
 
 Here are some security best practices to follow after you adopt Azure Policy: