7.1 Updates (#729)

* 7.1 Updates

* note syntax

* title typo

* RLP-142589

* clean up

* RLP-142589

* image cleanup and UI check of policies topic

* syntax issue

* test

* test 2

* test 3

* test 4

* test 5

* test 5

* test 6

* test 7

* test 8

* test 9

* azure test

* chapter heading change for alignment

* DP and AN feedback

* feedback

* clean up

* consistency

docs/en/enterprise-edition/content-collections/book.yml

@@ -83,12 +83,12 @@ topics:
             file: manually-set-up-prisma-cloud-role-for-aws.adoc
           - name: Automate AWS Cloud Accounts Onboarding
             file: automate-aws-onboarding.adoc
-      - name: Onboard Your Azure Account
+      - name: Onboard Azure 
         dir: onboard-your-azure-account
         topics:
-          - name: Onboard Your Azure Account
+          - name: Onboard your Azure Account
             file: onboard-your-azure-account.adoc
-          - name: Connect you Azure Account
+          - name: Connect your Azure Account
             file: connect-azure-account.adoc
           - name: Connect an Azure Tenant
             file: connect-azure-tenant.adoc

docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account.adoc

@@ -90,7 +90,18 @@ To successfully onboard and monitor the resources within your Azure subscription
 .. The process of setting up Prisma Cloud on Azure Active Directory provides you with the keys and IDs required to establish an identity for sign-in and access to resources in your Azure subscription. 
 .. The Enterprise Application Object ID defines the permissions and scope assumed by Prisma Cloud.			 
 
-. Elevate access for a https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin#elevate-access-for-a-global-administrator[Global Administrator] using Azure portal to enable Prisma Cloud access to Azure subscriptions or management groups. This is needed for ingesting resources associated with subscriptions and management groups only during the initial onboarding of your Azure accounts. You can disable this option after onboarding is complete.
+. Enable Prisma Cloud access to Azure users and groups by elevating access levels in accordance with your Azure environment as outlined below. This step is required only during initial Azure account onboarding, for ingesting resources associated with subscriptions and management groups. You can disable this option after onboarding is complete.
++
+* *Tenant Onboarding*
+** Active Directory role - Global Administrator
+** Tenant scope - User Access Administrator / Management Group Contributor
+* *Subscription Onboarding*
+** Active Directory role - Application Administrator
+** Subscription scope - Owner
+* *Active Directory Onboarding*
+** Active Directory role - Global Administrator
++
+tt:[NOTE:] Active Directory level permission (Application Administrator) is required to create application registration. This permission level is sufficient to run the Terraform script for Active Directory and Tenant accounts. However, to grant consent to Prisma to ingest users, groups, and policies Global Administrator permission is required.
 
 . Enable Prisma Cloud to ingest Azure Key Vault resources.  This step is required only if you are using the Azure Tenant or Subscription workflow.
 +
@@ -102,7 +113,7 @@ The following Azure resources need to have the *Get* and *List* permissions enab
 +
 Select *All services > Key vaults > (key vault name) > Access policies > + Add Access Policy*. For *Key permissions*, *Secret permissions*, and *Certificate permissions*, add the *Get* and *List* Key Management Operations.
 +
-tt:[NOTE] Get is required to support policies based on Azure Key Vault. Prisma Cloud requires this to ingest Key Vault Data. Keys or secrets are not ingested. Ingestion is limited to IDs and other metadata. Get is required to allow the creation of policies on RSA key strength, EC curve algorithm etc.
+tt:[NOTE:] Get is required to support policies based on Azure Key Vault. Prisma Cloud requires this to ingest Key Vault Data. Keys or secrets are not ingested. Ingestion is limited to IDs and other metadata. Get is required to allow the creation of policies on RSA key strength, EC curve algorithm etc.
 +
 image::connect/add-access-policy-azure.png[]
 

docs/en/enterprise-edition/content-collections/get-started/adoption-advisor.adoc

@@ -3,30 +3,36 @@
 
 // Review your adoption of Prisma Cloud, and identify the recommended tasks for your adoption journey.
 
-Adoption Advisor provides guidance through the three stages of the code to cloud application lifecycle: Code & Build, Deploy, and Run. It helps you navigate the Foundational, Intermediate, and Advanced tasks at each stage of the application lifecycle, and adopt the security capabilities at your own pace. You can also use the Adoption Advisor console to generate and manage PDF reports for adoption progress and widget data from the previous 30, 60, or 90 days.
+Adoption Advisor provides guidance through the three stages of the code to cloud application lifecycle: Code & Build, Deploy, and Run. It helps you navigate and adopt the Foundational, Intermediate, and Advanced security capabilities at each stage of the application lifecycle, at your own pace. Use the Adoption Advisor console to generate and manage PDF reports for adoption progress and widget data from the previous 30, 60, or 90 days.
 
-On your code to cloud journey the checks in the Code & Build, Deploy, and Run phases of the application, provide you with: 
+The checks in the Code & Build, Deploy, and Run phases of the application offer: 
 
 * Visibility and control within your Code & Build processes is critical to identify vulnerabilities and compliance violations before progressing to the next phase of the application’s lifecycle. 
 +
-In this phase, you are responsible for the secure operation of your cloud services. As an example, you use Infrastructure as code (IaC) templates to deploy, maintain, and remove cloud services such as VMs, storage buckets. Visibility and control at this stage enables your developers to proactively harden open source dependencies and IaC by identifying vulnerabilities, compliance violations, and secrets before they are compiled into applications or deployed as insecure cloud services.
-And you also may have Continuous Integration (CI) practices to rapidly and continuously develop, update, and maintain your cloud-based applications. The assembly and testing of your code into usable software packages are automated by CI systems such as Jenkins, CircleCI that integrate with the different code repositories and package management systems. These CI systems produce deployable artifacts, such as IaC, VM images, Docker images, Serverless Images, that are consumed by the release processes to drive frequent deployments and support agile development.
+In this phase, you are responsible for the secure operation of your cloud services. For example, you use Infrastructure as code (IaC) templates to deploy, maintain, and remove cloud services such as VMs, and storage buckets. Visibility and control at this stage enables your developers to proactively harden open source dependencies and IaC by identifying vulnerabilities, compliance violations, and secrets before they are compiled into applications or deployed as insecure cloud services.
 
+You may also have Continuous Integration (CI) practices to rapidly and continuously develop, update, and maintain your cloud-based applications. The assembly and testing of your code into usable software packages are automated by CI systems such as Jenkins and CircleCI, which integrate with various code repositories and package management systems. These CI systems generate deployable artifacts such as Infrastructure as Code (IaC), VM images, Docker images, and Serverless images. These artifacts are essential for release processes, enabling frequent deployments and supporting agile development practices.
 
 * Ability to identify vulnerability and compliance issues within the Deploy phase when applications that are staged for deployment in your continuous cycle of development, testing, and release, or Continous Development pipelines. At this stage, you can enforce policies to ensure only trusted applications are allowed to launch within the cloud runtime environment. 
 
 * Predictive and threat-based protections to secure your Runtime environments. In this stage, you can detect and remediate overly permissive cloud access roles that present opportunities for attackers, identify expected patterns/behavior in runtime actions of applications and resources and prevents anomalous activity. 
 
 The *Adoption Advisor* includes all the security capabilties available from the different subscriptions that include Visibility, Compliance, Governance for Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), and Cloud Application Security (CAS), Cloud Identity and Access Management (CIEM), and Data Security capabilities on Prisma Cloud. For completing some of these checks, the subscription must be activated first. 
 
-And to help you set your pace, the tasks in the Adoption Advisor are grouped as:
+Adoption Advisor tasks are grouped into the following:
 
 * Foundational – Your organization has started its cloud adoption journey. You are presented with the challenge of effectively managing assets within the cloud and on-premises. Prisma Cloud Enterprise Edition provides your organization with the visibility, tools, and knowledge to develop a strong and secure cloud adoption foundation. 
 
 * Intermediate – As you progress with understanding and adopting cloud-based technologies beyond the traditional infrastructure as a service (IaaS) architecture, Prisma Cloud enables you to effectively manage the vulnerabilities and compliance of your cloud resources. 
 
 * Advanced – In this phase, your organization is innovating its business with the cloud, and this is supported by the industry-leading capabilities of Prisma Cloud Enterprise Edition. Use Prisma Cloud to proactively control your cloud operations, and identify and remediate issues before they manifest within your runtime environments.
 
+[NOTE]
+====
+Adoption Advisor access is limited to customers with an Enterprise edition license. Business license holders do not have access to Adoption Advisor functionality.
+====
+
+
 For more information about Adoption Advisor, see the following sections.
 
 * xref:#use-adoption-advisor[How do I Use the Adoption Advisor]

docs/en/enterprise-edition/content-collections/governance/manage-prisma-cloud-policies.adoc

@@ -86,34 +86,22 @@ Use the following workflows to manage your Prisma Cloud policies. You can downlo
 . Select *Settings* from the top right corner and then select *Enterprise Settings*.
 +
 While some high severity policies are enabled to provide the best security outcomes, by default, policies of medium or low severity are in a disabled state
-+++<draft-comment>if your Prisma Cloud instance was provisioned before March 2019 and automatically enabled for instances provisioned after that date</draft-comment>+++
 +
-. To enable policies based on severity, select *Auto-Enable Default Policies* of the type — Critical, High, Medium, Low or Informational. Based on what you enable, Prisma Cloud will scan your resources in the onboarded cloud accounts against policies that match the severity and generate alerts.
-+
-[NOTE]
-====
-For Anomaly policies, you have more customizable settings, see xref:../administration/define-prisma-cloud-enterprise-settings.adoc#id6f5bd95c-b5b5-48bf-b397-312f4de3e08c[Define Prisma Cloud Enterprise and Anomaly Settings] .
-====
+. To enable policies based on severity, select *Auto-Enable Default Policies* of the type — Critical, High, Medium, Low or Informational. Based on what you enable, Prisma Cloud will scan your resources in the onboarded cloud accounts against policies that match the severity and generate alerts. Anomaly policies offer more customizable settings, see xref:../administration/define-prisma-cloud-enterprise-settings.adoc#id6f5bd95c-b5b5-48bf-b397-312f4de3e08c[Define Prisma Cloud Enterprise and Anomaly Settings] .
 +
 image::governance/prisma-cloud-policies-global-enable.png[]
-+
-When you *Save* your changes, you can choose one of the following options:
+
+. When you *Save* your changes, you can choose one of the following options:
 +
 * *Enable and Save*—With Enable and Save, you are enabling all existing policies that match your selection criteria and new Prisma Cloud default policies that are periodically added to the service. This option allows you to enable and scan your resources against all existing and new policies to help you stay ahead of threats and misconfigurations.
 +
-image::governance/enterprise-settings-policies.png[]
+//image::governance/enterprise-settings-policies.png[] 
 
 * *Save*—With Save, you are saving your selection criteria and enabling new Prisma Cloud default policies only as they are periodically added to the service. New policies that match your selection, are automatically enabled and your resources are scanned against them after you made the change.
-
-* Note the following behavior:
 +
-[NOTE]
-====
 If you enable policies of a specific severity, when you then clear the checkbox, the policies that were enabled previously are not disabled; going forward, policies that match the severity you cleared are no longer enabled to scan your cloud resources and generate alerts.
 
-image::governance/enterprise-settings-policies-disable.png[]
-====
-* The audit logs include a record of all activities performed or initiated on Prisma Cloud. To view the audit logs select *Settings > Audit Logs*.
+. The audit logs include a record of all activities performed or initiated on Prisma Cloud. To view the audit logs select *Settings > Audit Logs*.
 
 . To view policies, go to *Governance* and select or *Manage Views*.
 //+
@@ -125,29 +113,21 @@ Filters enable you to narrow the search results on the page. The values you sele
 +
 image::governance/add-filters.png[]
 +
-[NOTE]
-====
-To find all Prisma Cloud policies of a specific *Policy Subtype*, when you select the values *Build* and *Run*, you can view all policies that are classified as Build policies OR Run policies. To find all policies that are classified as Build and Run, you must select the filter value *Build, Run*.
-====
+tt:[NOTE:] To find all Prisma Cloud policies of a specific *Policy Subtype*, when you select the values *Build* and *Run*, you can view all policies that are classified as Build policies OR Run policies. To find all policies that are classified as Build and Run, you must select the filter value *Build, Run*.
 +
 Filter combinations can also be saved as customizable xref:../administration/saved-views.adoc[Saved View]. Learn more about how you can add new views and modify the existing views available to you.
 
 . Select *Download* at the top right corner of the table to download the details of your policies (or a filtered set of policies) in a CSV format.
 
-.. You can enable or disable any policy by a toggle in the *Status* column.
+. Enable or disable any policy using the toggle in the *Status* column.
 +
-[NOTE]
-====
-When you disable a policy, a confirmation message displays to inform you that *Disabling this policy will automatically mark any open alerts as resolved. You won't be able to enable the policy back for 4 hours. Are you sure you want to continue?*.
-
-After you confirm, the policy is disabled. This marks the start of a 4-hour window during which you cannot re-enable the policy. During this period, the toggle to enable the policy will be greyed out and if you use the API to change the policy status the HTTP response will display an error. 
-
-This applies to all policy types and policy severities.
-====
+tt:[NOTE:] Keep the following caveats in my mind when you enable/disable policies:
++
+* When you disable a policy, a confirmation message displays to inform you that *Disabling this policy will automatically mark any open alerts as resolved. You won't be able to enable the policy back for 4 hours. Are you sure you want to continue?*. After you confirm, the policy is disabled. During this period, the toggle to enable the policy will be greyed out and if you use the API to change the policy status the HTTP response will display an error. This applies to all policy types and policy severities.
 +
-image::governance/policy-status.png[]
+* The enable/disable toggle is not available when using the *Group By* function to bulk enable/disable policies. Deselect fields in the *Group By* column to enable/disable policies individually.
 
-.. Each custom policy allows 3 *Actions* - **Edit** a custom policy (you cannot edit a Prisma Cloud default policy), **Clone** an existing policy, and view *Alerts* associated with a policy.
+. Each custom policy allows three *Actions* - **Edit** a custom policy (you cannot edit a Prisma Cloud default policy), **Clone** an existing policy, and view *Alerts* associated with a policy.
 +
 image::governance/policy-actions.png[]
 +