diff --git a/README.md b/README.md
index a22ec57e9..f603f3b11 100644
--- a/README.md
+++ b/README.md
@@ -175,6 +175,21 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* [Container Apps Has Tags](en/azure/containerapps/container-apps-has-tags.md)
* Container Registry
* [ACR Admin User](en/azure/containerregistry/acr-admin-user.md)
+ * Defender
+ * [Auto Provisioning Enabled](en/azure/defender/auto-provisioning-enabled.md)
+ * [High Severity Alerts Enabled](en/azure/defender/high-severity-alerts-enabled.md)
+ * [Monitor Endpoint Protection](en/azure/defender/monitor-endpoint-protection.md)
+ * [Monitor External Accounts with Write Permissions](en/azure/defender/monitor-external-accounts-with-write-permissions.md)
+ * [Monitor IP Forwarding](en/azure/defender/monitor-ip-forwarding.md)
+ * [Monitor JIT Network Access](en/azure/defender/monitor-jit-network-access.md)
+ * [Monitor Next Generation Firewall](en/azure/defender/monitor-next-generation-firewall.md)
+ * [Monitor System Updates](en/azure/defender/monitor-system-updates.md)
+ * [Monitor Total Number of Subscription Owners](en/azure/defender/monitor-total-number-of-subscription-owners.md)
+ * [Security Configuration Monitoring](en/azure/defender/security-configuration-monitoring.md)
+ * [Security Contact Additional Email](en/azure/defender/security-contact-additional-email.md)
+ * [Security Contacts Enabled](en/azure/defender/security-contacts-enabled.md)
+ * [Security Contact Enabled for Subscription Owner](en/azure/defender/security-contacts-enabled-for-subscription-owner.md)
+ * [Standard Pricing Enabled](en/azure/defender/standard-pricing-enabled.md)
* File Service
* [File Service All Access ACL](en/azure/fileservice/file-service-all-access-acl.md)
* Key Vaults
@@ -256,23 +271,6 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
* [Send Alerts Enabled](en/azure/sqlserver/send-alerts-enabled.md)
* [Server Auditing Enabled](en/azure/sqlserver/server-auditing-enabled.md)
* [TDE Protector Encrypted](en/azure/sqlserver/tde-protector-encrypted.md)
- * Security Center
- * [Admin Security Alerts Enabled](en/azure/securitycenter/admin-security-alerts-enabled.md)
- * [Application Whitelisting Enabled](en/azure/securitycenter/application-whitelisting-enabled.md)
- * [Auto Provisioning Enabled](en/azure/securitycenter/auto-provisioning-enabled.md)
- * [High Severity Alerts Enabled](en/azure/securitycenter/high-severity-alerts-enabled.md)
- * [Monitor Blob Encryption](en/azure/securitycenter/monitor-blob-encryption.md)
- * [Monitor Disk Encryption](en/azure/securitycenter/monitor-disk-encryption.md)
- * [Monitor Endpoint Protection](en/azure/securitycenter/monitor-endpoint-protection.md)
- * [Monitor JIT Network Access](en/azure/securitycenter/monitor-jit-network-access.md)
- * [Monitor NSG Enabled](en/azure/securitycenter/monitor-nsg-enabled.md)
- * [Monitor SQL Auditing](en/azure/securitycenter/monitor-sql-auditing.md)
- * [Monitor SQL Encryption](en/azure/securitycenter/monitor-sql-encryption.md)
- * [Monitor System Updates](en/azure/securitycenter/monitor-system-updates.md)
- * [Monitor VM Vulnerability](en/azure/securitycenter/monitor-vm-vulnerability.md)
- * [Security Configuration Monitoring](en/azure/securitycenter/security-configuration-monitoring.md)
- * [Security Contacts Enabled](en/azure/securitycenter/security-contacts-enabled.md)
- * [Standard Pricing Enabled](en/azure/securitycenter/standard-pricing-enabled.md)
* Storage Accounts
* [Blob Service Encryption](en/azure/storageaccounts/blob-service-encryption.md)
* [File Service Encryption](en/azure/storageaccounts/file-service-encryption.md)
diff --git a/en/azure/defender/auto-provisioning-enabled.md b/en/azure/defender/auto-provisioning-enabled.md
new file mode 100644
index 000000000..2259cd8ee
--- /dev/null
+++ b/en/azure/defender/auto-provisioning-enabled.md
@@ -0,0 +1,28 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Auto Provisioning Enabled
+
+## Quick Info
+
+| | |
+|-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Auto Provisioning Enabled |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that automatic provisioning of the monitoring agent is enabled.|
+| **More Info** | The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts.|
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components|
+| **Recommended Action** | Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.|
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. On the "Microsoft Defender for Cloud" page scroll down the left navigation panel and choose "Environment Settings". 
+4. On the "Environment Settings" page, select the "Subscription" by clicking on its "Name". 
+5. Under the "Settings" page, click on "Defender Plans". 
+6. On the "Settings | Defender" page, select the "Settings and Monitoring Tab". 
+7. On the settings and Monitoring Page. If the "Log Analytics agent" shows status as turned off, then the "Automatic provisioning" of the monitoring agent is not enabled. 
+8. On the "Settings | Auto provisioning" page, turn the status "ON" for "Log Analytics agent for Azure VMs" by toggling it. 
+9. This will open the "Auto Provisioning configuration". Under Workplace Selection, select the "Default Workspace(s)" and select "Apply" to save changes. 
+10. Repeat step number 3 - 9 to ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.
diff --git a/en/azure/defender/high-severity-alerts-enabled.md b/en/azure/defender/high-severity-alerts-enabled.md
new file mode 100644
index 000000000..122e21449
--- /dev/null
+++ b/en/azure/defender/high-severity-alerts-enabled.md
@@ -0,0 +1,27 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / High Severity Alerts Enabled
+
+## Quick Info
+
+| | |
+|-|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | High Severity Alerts Enabled|
+| **Cloud** | AZURE|
+| **Category** | Defender|
+| **Description** | Ensures that high severity alerts are enabled and properly configured.|
+| **More Info** | Enabling high severity alerts ensures that microsoft alerts for potential security issues are sent and allows for quick mitigation of the associated risks. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications|
+| **Recommended Action** | Enable email alert notification and configure its severity level.|
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". 
+4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
+5. Under the "Settings | Defender plans " page, click on the "Email Notifications". 
+6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then high severity alerts are not configured to be sent to the admins. 
+7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and "ServiceAdmin" along with owner and enter one or more than one "Email addresses" separated by "comma in section "Additional email addresses (separated by commas)". 
+8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
+9. Repeat step number 3 - 8 to ensure that high severity alerts are configured to be sent to subscription owners.
diff --git a/en/azure/defender/monitor-endpoint-protection.md b/en/azure/defender/monitor-endpoint-protection.md
new file mode 100644
index 000000000..70c9023c7
--- /dev/null
+++ b/en/azure/defender/monitor-endpoint-protection.md
@@ -0,0 +1,27 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor Endpoint Protection
+
+## Quick Info
+
+| ||
+|-|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor Endpoint Protection|
+| **Cloud** | AZURE|
+| **Category** | Defender|
+| **Description** | Ensures Endpoint Protection monitoring is enabled in Microsoft Defender.|
+| **More Info** | When this setting is enabled, Microsoft Defender for Cloud audits the Endpoint Protection setting for all virtual machines for malware protection.|
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference|
+| **Recommended Action** | Enable Adaptive Application Controls for Endpoint Protection from the Microsoft Defender by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection. |
+
+## Detailed Remediation Steps
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. Scroll down the left navigation panel and select "Environment Settings" under "Management". 
+4. On the "Microsoft Defender for Cloud | Environment settings" page, under the "Name" column, select the "Subscription Name" that needs to be verified by clicking on its Name. 
+5. On the "Settings" page, Defender Plans. Select the "Settings & Monitoring" Tab on the top. 
+6. On the "Settings | Defender plans" page, Navigate to the "Guest Configuration agent" plan. 
+7. Enable the "Guest Configuration agent" by toggling its Status to "On". 
+8. On the "Settings & Monitoring" Page, click on the "Continue" Button at the top. 
+9. On the "Settings | Defender plans" Page, click on the "Save" Button at the top. 
+10. Repeat steps 3 - 9 to ensure "Endpoint Protection Monitoring" is configured from Microsoft Defender for Cloud.
diff --git a/en/azure/defender/monitor-external-accounts-with-write-permissions.md b/en/azure/defender/monitor-external-accounts-with-write-permissions.md
new file mode 100644
index 000000000..9b70d3a99
--- /dev/null
+++ b/en/azure/defender/monitor-external-accounts-with-write-permissions.md
@@ -0,0 +1,29 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor External Accounts with Write Permissions
+
+## Quick Info
+
+| ||
+|-|----------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor External Accounts with Write Permissions|
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that External Accounts with Write Permissions are being Monitored in Microsoft Defender. |
+| **More Info** | External Accounts with Write Permissions should be monitored to meet you organization's security compliance requirements. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
+| **Recommended Action** | Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for 'External accounts with write permissions should be removed from your subscription' from the Microsoft Defender. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". 
+3. Scroll down the left navigation panel and select "Compliance". 
+4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. 
+5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. 
+6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. 
+7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
+8. In the list search for the setting "External accounts with write permissions should be removed from your subscription". If it's set to "Disabled" then "External accounts Monitoring" is not enabled on the selected "Subscription". 
+9. To enable "External accounts Monitoring" click to open the dropdown of "External accounts with write permissions should be removed from your subscription" and select the "AuditIfNotExists" option. 
+10. Click on the "Review + save" button to make the necessary changes. 
+11. Repeat steps number 3 - 10 to ensure ""External accounts Monitoring" is configured from the Azure Defender.
diff --git a/en/azure/defender/monitor-ip-forwarding.md b/en/azure/defender/monitor-ip-forwarding.md
new file mode 100644
index 000000000..6100ee3bc
--- /dev/null
+++ b/en/azure/defender/monitor-ip-forwarding.md
@@ -0,0 +1,29 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor IP Forwarding
+
+## Quick Info
+
+| | |
+|-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor IP Forwarding|
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that Virtual Machine IP Forwarding Monitoring is enabled in Microsoft Defender. |
+| **More Info** | IP Forwarding feature should be monitored to meet you organization's security compliance requirements. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
+| **Recommended Action** | Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for 'IP Forwarding on your virtual machine should be disabled' from the Microsoft Defender. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". 
+3. Scroll down the left navigation panel and select "Compliance". 
+4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. 
+5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. 
+6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. 
+7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
+8. In the list search for the setting "IP Forwarding on your virtual machine should be disabled". If it's set to "Disabled" then "IP Forwarding Monitoring" is not enabled on the selected "Subscription". 
+9. To enable "IP Forwarding Monitoring" click to open the dropdown of "IP Forwarding on your virtual machine should be disabled" and select the "AuditIfNotExists" option. 
+10. Click on the "Review + save" button to make the necessary changes. 
+11. Repeat steps number 3 - 10 to ensure "IP Forwarding Monitoring" is configured from the Azure Defender.
diff --git a/en/azure/defender/monitor-jit-network-access.md b/en/azure/defender/monitor-jit-network-access.md
new file mode 100644
index 000000000..cac34d6e8
--- /dev/null
+++ b/en/azure/defender/monitor-jit-network-access.md
@@ -0,0 +1,29 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor JIT Network Access
+
+## Quick Info
+
+| | |
+|-|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor JIT Network Access |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures Just In Time Network Access monitoring is enabled in Defender |
+| **More Info** | When this setting is enabled, Defender audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
+| **Recommended Action** | Ensure JIT Network Access monitoring is configured for compute and apps from the Azure Defender. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". 
+3. Scroll down the left navigation panel and select "Compliance". 
+4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. 
+5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. 
+6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. 
+7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
+8. In the list search for the setting "Management ports of virtual machines should be protected with just-in-time network access control". If it's set to "Disabled" then "JIT Network Access monitoring" is not enabled on the selected "Subscription". 
+9. To enable "JIT Network Access monitoring" click to open the dropdown of "Management ports of virtual machines should be protected with just-in-time network access control" and select the "AuditIfNotExists" option. 
+10. Click on the "Review + save" button to make the necessary changes. 
+11. Repeat steps number 3 - 10 to ensure "Monitor JIT Network Access" is configured from the Azure Defender.
diff --git a/en/azure/defender/monitor-next-generation-firewall.md b/en/azure/defender/monitor-next-generation-firewall.md
new file mode 100644
index 000000000..b5de99483
--- /dev/null
+++ b/en/azure/defender/monitor-next-generation-firewall.md
@@ -0,0 +1,29 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor Next Generation Firewall
+
+## Quick Info
+
+| | |
+|-|------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor Next Generation Firewall |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that Next Generation Firewall (NGFW) Monitoring is enabled in Microsoft Defender. |
+| **More Info** | When this setting is enabled, Microsoft Defender for Cloud will search for deployments where a NGFW is recommended. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
+| **Recommended Action** | Enable Next Generation Firewall Monitoring by ensuring AuditIfNotExists setting is used for 'All network ports should be restricted on network security groups associated to your virtual machine' from the Microsoft Defender. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". 
+3. Scroll down the left navigation panel and select "Compliance". 
+4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. 
+5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. 
+6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. 
+7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
+8. In the list search for the setting "All Internet traffic should be routed via your deployed Azure Firewall". If it's set to "Disabled" then "Next Generation Firewall Monitoring" is not enabled on the selected "Subscription". 
+9. To enable "Next Generation Firewall Monitoring" click to open the dropdown of "All Internet traffic should be routed via your deployed Azure Firewall" and select the "AuditIfNotExists" option. 
+10. Click on the "Review + save" button to make the necessary changes. 
+11. Repeat steps number 3 - 10 to ensure "Next Generation Firewall Monitoring" is configured from the Azure Defender.
diff --git a/en/azure/defender/monitor-system-updates.md b/en/azure/defender/monitor-system-updates.md
new file mode 100644
index 000000000..487ee476f
--- /dev/null
+++ b/en/azure/defender/monitor-system-updates.md
@@ -0,0 +1,29 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor System Updates
+
+## Quick Info
+
+| | |
+|-|------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor System Updates |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that Monitor System Updates is enabled in Defender |
+| **More Info** | When this setting is enabled, Defender will audit virtual machines for pending OS or system updates. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
+| **Recommended Action** | Ensure System Update monitoring is configured for virtual machines from the Microsoft Defender. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". 
+3. Scroll down the left navigation panel and select "Compliance". 
+4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. 
+5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. 
+6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. 
+7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
+8. In the list search for the setting "System updates should be installed on your machines". If it's set to "Disabled" then "System Update monitoring" is not enabled on the selected "Subscription". 
+9. To enable "System Update monitoring" click to open the dropdown of "System updates should be installed on your machines" and select the "AuditIfNotExists" option. 
+10. Click on the "Review + save" button to make the necessary changes. 
+11. Repeat steps number 3 - 10 to ensure "System Update monitoring" is configured from the Azure Defender.
diff --git a/en/azure/defender/monitor-total-number-of-subscription-owners.md b/en/azure/defender/monitor-total-number-of-subscription-owners.md
new file mode 100644
index 000000000..c942881f3
--- /dev/null
+++ b/en/azure/defender/monitor-total-number-of-subscription-owners.md
@@ -0,0 +1,29 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Monitor Total Number of Subscription Owners
+
+## Quick Info
+
+| | |
+|-|---------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Monitor Total Number of Subscription Owners |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that Total Number of Subscription Owners is being Monitored in Microsoft Defender. |
+| **More Info** | Total Number of Subscription Owners should be monitored to meet you organization's security compliance requirements. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
+| **Recommended Action** | Enable Monitor for Total Number of Subscription Owners by ensuring AuditIfNotExists setting is used for 'A maximum of 3 owners should be designated for your subscription' from the Microsoft Defender. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy". 
+3. Scroll down the left navigation panel and select "Compliance". 
+4. On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription. 
+5. On the "Policy| Compliance" page select the "View Assignment" Tab on the top. 
+6. On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top. 
+7. On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
+8. In the list search for the setting "A maximum of 3 owners should be designated for your subscription". If it's set to "Disabled" then "Subscription Owner Monitoring" is not enabled on the selected "Subscription". 
+9. To enable "Subscription Owner Monitoring" click to open the dropdown of "A maximum of 3 owners should be designated for your subscription" and select the "AuditIfNotExists" option. 
+10. Click on the "Review + save" button to make the necessary changes. 
+11. Repeat steps number 3 - 10 to ensure "Subscription Owner Monitoring" is configured from the Azure Defender.
diff --git a/en/azure/defender/security-configuration-monitoring.md b/en/azure/defender/security-configuration-monitoring.md
new file mode 100644
index 000000000..b95b4e6b4
--- /dev/null
+++ b/en/azure/defender/security-configuration-monitoring.md
@@ -0,0 +1,27 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Security Configuration Monitoring
+
+## Quick Info
+
+| | |
+|-|-----------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Security Configuration Monitoring |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that Security Configuration Monitoring is enabled in Microsoft Defender. |
+| **More Info** | When this setting is enabled, Microsoft Defender for Cloud will monitor virtual machines for security configurations. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/governance/policy/overview |
+| **Recommended Action** | Ensure Security Configuration Monitoring is configured for virtual machines from Microsoft Defender. |
+
+## Detailed Remediation Steps
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. Scroll down the left navigation panel and select "Environment Settings" under "Management". 
+4. On the "Microsoft Defender for Cloud | Environment settings" page, under the "Name" column, select the "Subscription Name" that needs to be verified by clicking on its Name. 
+5. On the "Settings" page, Defender Plans. Select the "Settings & Monitoring" Tab on the top. 
+6. On the "Settings | Defender plans" page, Navigate to the "Guest Configuration agent" plan. 
+7. Enable the "Guest Configuration agent" by toggling its Status to "On". 
+8. On the "Settings & Monitoring" Page, click on the "Continue" Button at the top. 
+9. On the "Settings | Defender plans" Page, click on the "Save" Button at the top. 
+10. Repeat steps 3 - 9 to ensure Security Configuration Monitoring is configured from Microsoft Defender for Cloud.
diff --git a/en/azure/defender/security-contact-additional-email.md b/en/azure/defender/security-contact-additional-email.md
new file mode 100644
index 000000000..b4357aae0
--- /dev/null
+++ b/en/azure/defender/security-contact-additional-email.md
@@ -0,0 +1,28 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Security Contact Additional Email
+
+## Quick Info
+
+| | |
+|-|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Security Contact Additional Email |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensure Additional email addresses are configured with security contact email. |
+| **More Info** | 'Microsoft Defender for Cloud emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the Additional email addresses field ensures that your organization's Security Team is included in these alerts. This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications |
+| **Recommended Action** | Modify security contact information and add additional emails. |
+
+## Detailed Remediation Steps
+
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". 
+4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
+5. Under the "Settings | Defender plans " page, click on the "Email Notifications". 
+6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty then the security contacts additional are not configured to be sent to the admins. 
+7. On the "Additional email addresses (separated by commas) section add the additional email addresses. 
+8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
+9. Repeat step number 3 - 8 to ensure to ensure that email notifications are configured to be sent to subscription owners.
diff --git a/en/azure/defender/security-contacts-enabled-for-subscription-owner.md b/en/azure/defender/security-contacts-enabled-for-subscription-owner.md
new file mode 100644
index 000000000..03b42084f
--- /dev/null
+++ b/en/azure/defender/security-contacts-enabled-for-subscription-owner.md
@@ -0,0 +1,27 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Security Contact Enabled for Subscription Owner
+
+## Quick Info
+
+| | |
+|-|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Security Contact Enabled for Subscription Owner |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensure that security alert emails are enabled to subscription owners. |
+| **More Info** | Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications |
+| **Recommended Action** | Modify security contact information and enable emails for subscription owners' |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". 
+4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
+5. Under the "Settings | Defender plans " page, click on the "Email Notifications". 
+6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then the defender alerts are not configured to be sent to the admins. 
+7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and "ServiceAdmin" along with owner and enter one or more than one "Email addresses" separated by "comma in section "Additional email addresses (separated by commas)". 
+8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
+9. Repeat step number 3 - 8 to ensure to ensure that email notifications are configured to be sent to subscription owners.
diff --git a/en/azure/defender/security-contacts-enabled.md b/en/azure/defender/security-contacts-enabled.md
new file mode 100644
index 000000000..67e64375b
--- /dev/null
+++ b/en/azure/defender/security-contacts-enabled.md
@@ -0,0 +1,27 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Security Contacts Enabled
+
+## Quick Info
+
+| | |
+|-|----------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Security Contacts Enabled |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that defender contact phone number and email address are set |
+| **More Info** | Setting defender contacts ensures that any defender incidents detected by Azure are sent to a defender team equipped to handle the incident. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications |
+| **Recommended Action** | Ensure that email notifications are configured for the subscription from the Microsoft Defender for Cloud. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". 
+4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
+5. Under the "Settings | Defender plans " page, click on the "Email Notifications". 
+6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then the defender alerts are not configured to be sent to the admins. 
+7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and "ServiceAdmin" along with owner and enter one or more than one "Email addresses" separated by "comma in section "Additional email addresses (separated by commas)". 
+8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
+9. Repeat step number 3 - 8 to ensure to ensure that email notifications are configured to be sent.
\ No newline at end of file
diff --git a/en/azure/defender/standard-pricing-enabled.md b/en/azure/defender/standard-pricing-enabled.md
new file mode 100644
index 000000000..5d3907ddb
--- /dev/null
+++ b/en/azure/defender/standard-pricing-enabled.md
@@ -0,0 +1,28 @@
+[](https://cloudsploit.com)
+
+# AZURE / Defender / Standard Pricing Enabled
+
+## Quick Info
+
+| | |
+|-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Plugin Title** | Standard Pricing Enabled |
+| **Cloud** | AZURE |
+| **Category** | Defender |
+| **Description** | Ensures that standard pricing is enabled in Microsoft Defender for Cloud |
+| **More Info** | Enabling standard pricing increases the security posture of the subscription. This enables advanced security monitoring for the services covered under Microsoft Defender for Cloud. |
+| **AZURE Link** | https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/ |
+| **Recommended Action** | Ensure that standard pricing is enabled in Microsoft Defender for Cloud. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
+3. On the "Microsoft Defender for Cloud" page, scroll down and select the "Environment Settings" option under "Management" in the left navigation panel. 
+4. On the "Environment Settings" page, click on the name of the Azure subscription that needs to be examined. 
+5. In the navigation panel, choose **Defender plans**. 
+6. Check the pricing tier enabled for the selected plans, ensuring that the Standard pricing tier is enabled. 
+7. If the **Standard Pricing** is not enabled, enable the **Standard** pricing tier for the chosen plans by selecting it. 
+8. Save the changes made to the selected plans at the top of the **Defender plans** page. 
+9. Repeat steps 1-8 to verify that **Standard Pricing** is enabled across all required subscriptions.
+10. Ensure that **Standard Pricing** is consistently enabled for Microsoft Defender for Cloud across all your Azure subscriptions.
diff --git a/en/azure/securitycenter/admin-security-alerts-enabled.md b/en/azure/securitycenter/admin-security-alerts-enabled.md
deleted file mode 100644
index a1abe1d2b..000000000
--- a/en/azure/securitycenter/admin-security-alerts-enabled.md
+++ /dev/null
@@ -1,27 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Admin Security Alerts Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Admin Security Alerts Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that security alerts are configured to be sent to admins |
-| **More Info** | Enabling security alerts to be sent to admins ensures that detected vulnerabilities and security issues are sent to the subscription admins for quick remediation. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details |
-| **Recommended Action** | Ensure that security alerts are configured to be sent to subscription owners. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. On the "Microsoft Defender for Cloud" page scroll down the left navigation panel and choose "Environment Settings". 
-4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
-5. Under the "Settings | Defender plans " page, click on the "Email Notifications" 
-6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then the security alerts are not configured to be sent to admins. 
-7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and Service"Admin" along with owner and enter one or more than one "Email addressess" separated by "comma in section "Additional email addresses (separated by commas)". 
-8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
-9. Repeat step number 3 - 8 to ensure that security alerts are configured to be sent to subscription owners.
diff --git a/en/azure/securitycenter/application-whitelisting-enabled.md b/en/azure/securitycenter/application-whitelisting-enabled.md
deleted file mode 100644
index 8ab4c895a..000000000
--- a/en/azure/securitycenter/application-whitelisting-enabled.md
+++ /dev/null
@@ -1,29 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Application Whitelisting Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Application Whitelisting Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Security Center Monitor Adaptive Application Whitelisting is enabled |
-| **More Info** | Adaptive application controls work in conjunction with machine learning to analyze processes running in a VM and help control which applications can run, hardening the VM against malware. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptiveapplication |
-| **Recommended Action** | Enable Adaptive Application Controls for Virtual Machines from the Azure Security Center by ensuring AuditIfNotExists setting is used. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. Scroll down the left navigation panel and select the "Environment Settings" under "Management". 
-4. On the "Microsoft Defender for Cloud | Environment settings" page under "Name" column, select the "Subscription Name" that needs to be verified by clicking on its Name. 
-5. On the "Settings" page scroll down the "Policy settings" section and select "Security Policy". 
-6. On the "Settings | Security policy" page, Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-7. On the Settings page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
-8. In the list search for the setting "Adaptive Application Controls for defining safe applications should be enabled on your machines". If it's set to "Disabled" then "Adaptive Application Whitelisting" is not enabled on the selected "Subscription". 
-9. To enable ""Adaptive Application Whitelisting" click to open the dropdown of "Adaptive Application Controls should be enabled on virtual machines" and select the "AuditIfNotExists" option. Click on the "Review + save" button at the bottom. 
-10. On the "Review + save" page, click on "Save" button to make the necessary changes. 
-11. Repeat step number 3 - 10 to ensures "Adaptive Application Whitelisting" is enabled for Subscriptions.
diff --git a/en/azure/securitycenter/auto-provisioning-enabled.md b/en/azure/securitycenter/auto-provisioning-enabled.md
deleted file mode 100644
index 9eb54f524..000000000
--- a/en/azure/securitycenter/auto-provisioning-enabled.md
+++ /dev/null
@@ -1,28 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Auto Provisioning Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Auto Provisioning Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that automatic provisioning of the monitoring agent is enabled |
-| **More Info** | The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection |
-| **Recommended Action** | Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. On the "Microsoft Defender for Cloud" page scroll down the left navigation panel and choose "Environment Settings". 
-4. On the "Environment Settings" page, select the "Subscription" by clicking on its "Name". 
-5. Under the "Settings" page, click on "Auto Provisioning" 
-6. On the "Settings | Auto provisioning" page, if the "Log Analytics agent for Azure VMs" shows status as turned off, then the "Automatic provisioning" of the monitoring agent is not enabled. 
-7. On the "Settings | Auto provisioning" page, turn the status "ON" for "Log Analytics agent for Azure VMs" by toggling it. 
-8. To the right under "Configuration" click on "Edit configuration". 
-9. On the "Extension deployment configuration" page, select the "Workspace configuration" and click on the "All Events" under the "Windows security events". Click on the "Apply" button to make the changes. 
-10. Repeat step number 3 - 9 to ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.
diff --git a/en/azure/securitycenter/high-severity-alerts-enabled.md b/en/azure/securitycenter/high-severity-alerts-enabled.md
deleted file mode 100644
index 435ba483c..000000000
--- a/en/azure/securitycenter/high-severity-alerts-enabled.md
+++ /dev/null
@@ -1,27 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / High Severity Alerts Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | High Severity Alerts Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that high severity alerts are properly configured. |
-| **More Info** | Enabling high severity alerts ensures that microsoft alerts for potential security issues are sent and allows for quick mitigation of the associated risks. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details |
-| **Recommended Action** | Ensure that high severity alerts are configured to be sent. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". 
-4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
-5. Under the "Settings | Defender plans " page, click on the "Email Notifications. " 
-6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then high severity alerts are not configured to be sent to the admins. 
-7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and "ServiceAdmin" along with owner and enter one or more than one "Email addresses" separated by "comma in section "Additional email addresses (separated by commas)". 
-8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
-9. Repeat step number 3 - 8 to ensure that high severity alerts are configured to be sent to subscription owners.
diff --git a/en/azure/securitycenter/monitor-blob-encryption.md b/en/azure/securitycenter/monitor-blob-encryption.md
deleted file mode 100644
index db007e01f..000000000
--- a/en/azure/securitycenter/monitor-blob-encryption.md
+++ /dev/null
@@ -1,30 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor Blob Encryption
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor Blob Encryption |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Blob Storage Encryption monitoring is enabled |
-| **More Info** | When this setting is enabled, Security Center audits blob encryption in all storage accounts to enhance data at rest protection. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policies |
-| **Recommended Action** | Enable Adaptive Application Controls for Storage Accounts from the Azure Security Center by ensuring AuditIfNotExists setting is used for blob encryption. |
-
-## Detailed Remediation Steps
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under the "Management" on left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Adaptive Application Controls for defining safe applications should be enabled on your machines" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" select the "Subscription" that needs to enable the "Adaptive Application Controls for defining safe applications should be enabled on your machines." 
-10. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark" and click on the "Next" button. 
-11. Scroll down the page and under "Parameter" choose the "Adaptive Application for defining safe applications should be enabled on your machines" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 7 - 11 to enable Adaptive Application Controls for Storage Accounts from the Azure Security Center by ensuring AuditIfNotExists setting is used for blob encryption.
diff --git a/en/azure/securitycenter/monitor-disk-encryption.md b/en/azure/securitycenter/monitor-disk-encryption.md
deleted file mode 100644
index 39d98c482..000000000
--- a/en/azure/securitycenter/monitor-disk-encryption.md
+++ /dev/null
@@ -1,31 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor Disk Encryption
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor Disk Encryption |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures Disk Encryption monitoring is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center audits disk encryption in all virtual machines to enhance data at rest protection. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Enable Adaptive Application Controls for Disk Encryption from the Azure Security Center by ensuring AuditIfNotExists setting is used for virtual machines. |
-
-## Detailed Remediation Steps
-
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under the "Management" on left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Disk encryption should be applied on virtual machines" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" select the "Subscription" that needs to enable the "Disk Encryption monitoring." 
-10. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark" and click on the "Next" button. 
-11. Scroll down the page and under "Parameter" choose the "Disk encryption should be applied on virtual machines" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 9 - 11 to ensures "Disk Encryption monitoring" is enabled in Security Center.
diff --git a/en/azure/securitycenter/monitor-endpoint-protection.md b/en/azure/securitycenter/monitor-endpoint-protection.md
deleted file mode 100644
index 663c27b04..000000000
--- a/en/azure/securitycenter/monitor-endpoint-protection.md
+++ /dev/null
@@ -1,30 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor Endpoint Protection
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor Endpoint Protection |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures Endpoint Protection monitoring is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center audits the Endpoint Protection setting for all virtual machines for malware protection. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Enable Adaptive Application Controls for Endpoint Protection from the Azure Security Center by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection. |
-
-## Detailed Remediation Steps
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under "Management" on the left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Endpoint protection solution should be installed on virtual machine scale sets" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" select the "Subscription" that needs to enable the "Monitor Endpoint Protection." 
-10. Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-11. Scroll down the page and under "Parameter" choose the "Endpoint protection solution should be installed on virtual machine scale sets" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 9 - 11 to enable Adaptive Application Controls for Endpoint Protection from the Azure Security Center by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection.
diff --git a/en/azure/securitycenter/monitor-jit-network-access.md b/en/azure/securitycenter/monitor-jit-network-access.md
deleted file mode 100644
index 5cb585518..000000000
--- a/en/azure/securitycenter/monitor-jit-network-access.md
+++ /dev/null
@@ -1,30 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor JIT Network Access
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor JIT Network Access |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures Just In Time Network Access monitoring is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Ensure JIT Network Access monitoring is configured for compute and apps from the Azure Security Center. |
-
-## Detailed Remediation Steps
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under "Management" in the left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Management ports of virtual machines should be protected with Just-In-Time network access control" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" select the "Subscription" that needs to enable the "Monitor JIT Network Access." 
-10. Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-11. Scroll down the page and under "Parameter" choose the "Management ports of virtual machines should be protected with Just-In-Time network access control" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 9 - 11 to ensure JIT Network Access monitoring is configured for compute and apps from the Azure Security Center.
diff --git a/en/azure/securitycenter/monitor-nsg-enabled.md b/en/azure/securitycenter/monitor-nsg-enabled.md
deleted file mode 100644
index c154003d3..000000000
--- a/en/azure/securitycenter/monitor-nsg-enabled.md
+++ /dev/null
@@ -1,30 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor NSG Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor NSG Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures Network Security Groups monitoring is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center will audit the Network Security Groups that are enabled on the VM for permissive rules. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Ensure Network Security Group monitoring is configured from the Azure Security Center. |
-
-## Detailed Remediation Steps
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under the "Management" on left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Internet-facing virtual machines should be protected with network security groups" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" seelct the "Subscription" that needs to enable the "Monitor network security groups setting." 
-10. Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-11. Scroll down the page and under "Parameter" choose the "Internet-facing virtual machines should be protected with network security groups" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 9 - 11 to ensure Network Security Group monitoring is configured from the Azure Security Center.
diff --git a/en/azure/securitycenter/monitor-sql-auditing.md b/en/azure/securitycenter/monitor-sql-auditing.md
deleted file mode 100644
index c472908eb..000000000
--- a/en/azure/securitycenter/monitor-sql-auditing.md
+++ /dev/null
@@ -1,31 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor SQL Auditing
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor SQL Auditing |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Monitor SQL Auditing is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center will monitor SQL databases. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Ensure SQL auditing monitoring is configured for SQL databases from the Azure Security Center. |
-
-## Detailed Remediation Steps
-
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under the "Management" on left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Azure defender for SQL servers on machine should be enabled" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" seelct the "Subscription" that needs to enable the "SQL Auditing." 
-10. Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-11. Scroll down the page and under "Parameter" choose the "Azure defender for SQL servers on machine should be enabled" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 9 - 11 to ensure "Monitor SQL Auditing" is enabled in Security Center.
diff --git a/en/azure/securitycenter/monitor-sql-encryption.md b/en/azure/securitycenter/monitor-sql-encryption.md
deleted file mode 100644
index d3793e1ac..000000000
--- a/en/azure/securitycenter/monitor-sql-encryption.md
+++ /dev/null
@@ -1,31 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor SQL Encryption
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor SQL Encryption |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Monitor SQL Encryption is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center will monitor for unencrypted SQL databases, associated backups, and transaction log files. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Ensure SQL encryption monitoring is configured for SQL databases from the Azure Security Center. |
-
-## Detailed Remediation Steps
-
-
-1. Log into the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center. 
-3. Scroll down the "Security Center" and select the "Security policy" option under "Management" in the left navigation panel.
-4. On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified. 
-5. In the "Security Policy" page scroll down and click on the "Azure Security Benchmark". 
-6. In the "Azure Security Benchmark" click on the Next button. 
-7. In the "Azure Security Benchmark", check for the "Transparent data encryption on SQL Databases should be enabled" Parameter and if it's set to "Disable" then the encryption is not enabled. 
-8. Repeat steps number 2 - 7 to check other "Subscriptions" under the "Security Center."
-9. Navigate to the "Security Center", select the "Security policy" and under "Policy Management" select the "Subscription" that needs to enable the "SQL Encryption." 
-10. Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-11. Scroll down the page and under "Parameter" choose the "Transparent data encryption on SQL Databases should be enabled" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes. 
-12. Repeat steps number 9 - 11 to ensures "Monitor SQL Encryption" is enabled in Security Center.
diff --git a/en/azure/securitycenter/monitor-system-updates.md b/en/azure/securitycenter/monitor-system-updates.md
deleted file mode 100644
index e9f5d0fb8..000000000
--- a/en/azure/securitycenter/monitor-system-updates.md
+++ /dev/null
@@ -1,29 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor System Updates
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor System Updates |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Monitor System Updates is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center will audit virtual machines for pending OS or system updates. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Ensure System Update monitoring is configured for virtual machines from the Azure Security Center. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. Scroll down the left navigation panel and select the "Environment Settings" under "Management". 
-4. On the "Microsoft Defender for Cloud | Environment settings" page, under "Name" column select the "Subscription Name" that needs to be verified by clicking on its Name. 
-5. On the "Settings" page scroll down the "Policy settings" section and select "Security Policy". 
-6. On the "Settings | Security policy" page, Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-7. On the Settings page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
-8. In the list search for the setting "System updates should be installed on your machines". If it's set to "Disabled" then "System Update monitoring" is not enabled on the selected "Subscription". 
-9. To enable "System Update monitoring" click to open the dropdown of "System updates should be installed on your machines" and select the "AuditIfNotExists" option. Click on the "Review + save" button at the bottom. 
-10. On the "Review + save" page, click on "Save" button to make the necessary changes. 
-11. Repeat steps number 3 - 10 to ensure "System Update monitoring" is configured from the Azure Security Center.
diff --git a/en/azure/securitycenter/monitor-vm-vulnerability.md b/en/azure/securitycenter/monitor-vm-vulnerability.md
deleted file mode 100644
index d46142179..000000000
--- a/en/azure/securitycenter/monitor-vm-vulnerability.md
+++ /dev/null
@@ -1,29 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Monitor VM Vulnerability
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Monitor VM Vulnerability |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Monitor Vulnerability Assessment is enabled in Security Center. |
-| **More Info** | When this setting is enabled, Security Center will monitor virtual machines for detected vulnerabilities. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
-| **Recommended Action** | Ensure VM Vulnerability monitoring is configured for virtual machines from the Azure Security Center. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. Scroll down the left navigation panel and select the "Environment Settings" under "Management". 
-4. On the "Microsoft Defender for Cloud | Environment settings" page, under "Name" column select the "Subscription Name" that needs to be verified by clicking on its Name. 
-5. On the "Settings" page scroll down the "Policy settings" section and select "Security Policy". 
-6. On the "Settings | Security policy" page, Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-7. On the Settings page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
-8. In the list search for the setting "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated". If it's set to "Disabled" then "Vulnerability Assessment" is not enabled on the selected "Subscription". 
-9. To enable "Vulnerability Assessment" click to open the dropdown of "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated" and select the "AuditIfNotExists" option. Click on the "Review + save" button at the bottom. 
-10. On the "Review + save" page, click on "Save" button to make the necessary changes. 
-11. Repeat step number 3 - 10 to ensure Vulnerability Assessment is configured from the Azure Security Center.
diff --git a/en/azure/securitycenter/security-configuration-monitoring.md b/en/azure/securitycenter/security-configuration-monitoring.md
deleted file mode 100644
index 2cf94f75c..000000000
--- a/en/azure/securitycenter/security-configuration-monitoring.md
+++ /dev/null
@@ -1,28 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Security Configuration Monitoring
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Security Configuration Monitoring |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that Security Configuration Monitoring is enabled in Security Center |
-| **More Info** | When this setting is enabled, Security Center will monitor virtual machines for security configurations. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/governance/policy/overview |
-| **Recommended Action** | Ensure Security Configuration Monitoring is configured for virtual machines from the Azure Security Center. |
-
-## Detailed Remediation Steps
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. Scroll down the left navigation panel and select the "Environment Settings" under "Management". 
-4. On the "Microsoft Defender for Cloud | Environment settings" page under "Name" column select the "Subscription Name" that needs to be verified by clicking on its Name. 
-5. On the "Settings" page scroll down the "Policy settings" section and select "Security Policy". 
-6. On the "Settings | Security policy" page, Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings. 
-7. On the Settings page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters. 
-8. In the list search for the setting "Vulnerabilities in security configuration on your machines should be remediated". If it's set to "Disabled" then "Security Configuration Monitoring" is not enabled on the selected "Subscription". 
-9. To enable "Security Configuration Monitoring" click to open the dropdown of "Vulnerabilities in security configuration on your machines should be remediated" and select the "AuditIfNotExists" option. Click on the "Review + save" button at the bottom. 
-10. On the "Review + save" page, click on "Save" button to make the necessary changes. 
-11. Repeat step number 3 - 10 to ensure Security Configuration Monitoring is configured from the Azure Security Center.
diff --git a/en/azure/securitycenter/security-contacts-enabled.md b/en/azure/securitycenter/security-contacts-enabled.md
deleted file mode 100644
index af19f4dd7..000000000
--- a/en/azure/securitycenter/security-contacts-enabled.md
+++ /dev/null
@@ -1,27 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Security Contacts Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Security Contacts Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that security contact phone number and email address are set |
-| **More Info** | Setting security contacts ensures that any security incidents detected by Azure are sent to a security team equipped to handle the incident. |
-| **AZURE Link** | https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details |
-| **Recommended Action** | Ensure that email notifications are configured for the subscription from the Security Center. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud". 
-3. On the "Microsoft Defender for Cloud" page, scroll down the left navigation panel and choose "Environment Settings". 
-4. On the "Environment Settings" page, select the "Subscription" by clicking on the "Name". 
-5. Under the "Settings | Defender plans " page, click on the "Email Notifications" 
-6. On the "Settings | Email notifications" page under "Email recipients" if the "Additional email addresses (separated by commas)" is empty and only "owner" is selected in "All users with the following roles" then the security alerts are not configured to be sent to the admins. 
-7. Under "Email recipients", click the dropdown for "All users with the following roles" and check mark "AccountAdmin and "ServiceAdmin" along with owner and enter one or more than one "Email addresses" separated by "comma in section "Additional email addresses (separated by commas)". 
-8. Under "Notification types" select "High" from the dropdown next to "Notify about alerts with the following severity (or higher). Click on the "Save" button to make the changes. 
-9. Repeat step number 3 - 8 to ensure to ensure that email notifications are configured to be sent to subscription owners.
diff --git a/en/azure/securitycenter/standard-pricing-enabled.md b/en/azure/securitycenter/standard-pricing-enabled.md
deleted file mode 100644
index 4cadf5f96..000000000
--- a/en/azure/securitycenter/standard-pricing-enabled.md
+++ /dev/null
@@ -1,30 +0,0 @@
-[](https://cloudsploit.com)
-
-# AZURE / Security Center / Standard Pricing Enabled
-
-## Quick Info
-
-| | |
-|-|-|
-| **Plugin Title** | Standard Pricing Enabled |
-| **Cloud** | AZURE |
-| **Category** | Security Center |
-| **Description** | Ensures that standard pricing is enabled in the security center |
-| **More Info** | Enabling standard pricing increases the security posture of the subscription. This enables advanced security monitoring for the services covered under the security center. |
-| **AZURE Link** | https://azure.microsoft.com/en-us/pricing/details/security-center/ |
-| **Recommended Action** | Ensure that standard pricing is enabled in the security center. |
-
-## Detailed Remediation Steps
-
-1. Log in to the Microsoft Azure Management Console.
-2. Select the "Search resources, services, and docs" option at the top and search for Security Center.
-3. On the "Security Center page, scroll down and select the "Pricing & Settings" option under "Management" in the left navigation panel.
-4. On Pricing & Settings page, click on the name of the Azure subscription that needs to examine.
-5. In the blade navigation panel, choose Pricing tier and check the pricing tier enabled for the selected subscription and check if the Standard pricing tier is enabled or not.
-6. Repeat steps number 2 - to check other Azure accounts.
-7. Navigate to Azure Security Center and choose Pricing & settings to access your Azure account subscriptions in the navigation panel.
-8. Click on the name of the Azure subscription that needs to be examine on the Pricing page.
-9. In the navigation panel, select Pricing tier, then click on the Standard tier box to choose the required tier and click on the Save button to make the changes.
-10. Repeat steps number 7 - 9 to ensure that standard pricing is enabled in the security center.
-
-
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/README.md b/resources/azure/defender/auto-provisioning-enabled/README.md
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/README.md
rename to resources/azure/defender/auto-provisioning-enabled/README.md
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step2.png b/resources/azure/defender/auto-provisioning-enabled/step2.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step2.png
rename to resources/azure/defender/auto-provisioning-enabled/step2.png
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step3.png b/resources/azure/defender/auto-provisioning-enabled/step3.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step3.png
rename to resources/azure/defender/auto-provisioning-enabled/step3.png
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step4.png b/resources/azure/defender/auto-provisioning-enabled/step4.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step4.png
rename to resources/azure/defender/auto-provisioning-enabled/step4.png
diff --git a/resources/azure/defender/auto-provisioning-enabled/step5.png b/resources/azure/defender/auto-provisioning-enabled/step5.png
new file mode 100644
index 000000000..eaae1d5c9
Binary files /dev/null and b/resources/azure/defender/auto-provisioning-enabled/step5.png differ
diff --git a/resources/azure/defender/auto-provisioning-enabled/step6.png b/resources/azure/defender/auto-provisioning-enabled/step6.png
new file mode 100644
index 000000000..f0e9e3ab8
Binary files /dev/null and b/resources/azure/defender/auto-provisioning-enabled/step6.png differ
diff --git a/resources/azure/defender/auto-provisioning-enabled/step7.png b/resources/azure/defender/auto-provisioning-enabled/step7.png
new file mode 100644
index 000000000..dbf801d7f
Binary files /dev/null and b/resources/azure/defender/auto-provisioning-enabled/step7.png differ
diff --git a/resources/azure/defender/auto-provisioning-enabled/step8.png b/resources/azure/defender/auto-provisioning-enabled/step8.png
new file mode 100644
index 000000000..4a74e2b45
Binary files /dev/null and b/resources/azure/defender/auto-provisioning-enabled/step8.png differ
diff --git a/resources/azure/defender/auto-provisioning-enabled/step9.png b/resources/azure/defender/auto-provisioning-enabled/step9.png
new file mode 100644
index 000000000..ee12015d4
Binary files /dev/null and b/resources/azure/defender/auto-provisioning-enabled/step9.png differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/README.md b/resources/azure/defender/high-severity-alerts-enabled/README.md
similarity index 100%
rename from resources/azure/securitycenter/application-whitelisting-enabled/README.md
rename to resources/azure/defender/high-severity-alerts-enabled/README.md
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step2.png b/resources/azure/defender/high-severity-alerts-enabled/step2.png
similarity index 100%
rename from resources/azure/securitycenter/application-whitelisting-enabled/step2.png
rename to resources/azure/defender/high-severity-alerts-enabled/step2.png
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step3.png b/resources/azure/defender/high-severity-alerts-enabled/step3.png
similarity index 100%
rename from resources/azure/securitycenter/application-whitelisting-enabled/step3.png
rename to resources/azure/defender/high-severity-alerts-enabled/step3.png
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step4.png b/resources/azure/defender/high-severity-alerts-enabled/step4.png
similarity index 100%
rename from resources/azure/securitycenter/application-whitelisting-enabled/step4.png
rename to resources/azure/defender/high-severity-alerts-enabled/step4.png
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step5.png b/resources/azure/defender/high-severity-alerts-enabled/step5.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step5.png
rename to resources/azure/defender/high-severity-alerts-enabled/step5.png
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step6.png b/resources/azure/defender/high-severity-alerts-enabled/step6.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step6.png
rename to resources/azure/defender/high-severity-alerts-enabled/step6.png
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step7.png b/resources/azure/defender/high-severity-alerts-enabled/step7.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step7.png
rename to resources/azure/defender/high-severity-alerts-enabled/step7.png
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step8.png b/resources/azure/defender/high-severity-alerts-enabled/step8.png
similarity index 100%
rename from resources/azure/securitycenter/admin-security-alerts-enabled/step8.png
rename to resources/azure/defender/high-severity-alerts-enabled/step8.png
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/README.md b/resources/azure/defender/monitor-endpoint-protection/README.md
similarity index 100%
rename from resources/azure/securitycenter/auto-provisioning-enabled/README.md
rename to resources/azure/defender/monitor-endpoint-protection/README.md
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step2.png b/resources/azure/defender/monitor-endpoint-protection/step2.png
similarity index 100%
rename from resources/azure/securitycenter/auto-provisioning-enabled/step2.png
rename to resources/azure/defender/monitor-endpoint-protection/step2.png
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step3.png b/resources/azure/defender/monitor-endpoint-protection/step3.png
similarity index 100%
rename from resources/azure/securitycenter/auto-provisioning-enabled/step3.png
rename to resources/azure/defender/monitor-endpoint-protection/step3.png
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step4.png b/resources/azure/defender/monitor-endpoint-protection/step4.png
similarity index 100%
rename from resources/azure/securitycenter/auto-provisioning-enabled/step4.png
rename to resources/azure/defender/monitor-endpoint-protection/step4.png
diff --git a/resources/azure/defender/monitor-endpoint-protection/step5.png b/resources/azure/defender/monitor-endpoint-protection/step5.png
new file mode 100644
index 000000000..78e5bdd5b
Binary files /dev/null and b/resources/azure/defender/monitor-endpoint-protection/step5.png differ
diff --git a/resources/azure/defender/monitor-endpoint-protection/step6.png b/resources/azure/defender/monitor-endpoint-protection/step6.png
new file mode 100644
index 000000000..cbe3c4404
Binary files /dev/null and b/resources/azure/defender/monitor-endpoint-protection/step6.png differ
diff --git a/resources/azure/defender/monitor-endpoint-protection/step7.png b/resources/azure/defender/monitor-endpoint-protection/step7.png
new file mode 100644
index 000000000..8fd8daf80
Binary files /dev/null and b/resources/azure/defender/monitor-endpoint-protection/step7.png differ
diff --git a/resources/azure/defender/monitor-endpoint-protection/step8.png b/resources/azure/defender/monitor-endpoint-protection/step8.png
new file mode 100644
index 000000000..1ae017780
Binary files /dev/null and b/resources/azure/defender/monitor-endpoint-protection/step8.png differ
diff --git a/resources/azure/defender/monitor-endpoint-protection/step9.png b/resources/azure/defender/monitor-endpoint-protection/step9.png
new file mode 100644
index 000000000..be7e67db3
Binary files /dev/null and b/resources/azure/defender/monitor-endpoint-protection/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/README.md b/resources/azure/defender/monitor-external-accounts-with-write-permissions/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-blob-encryption/README.md
rename to resources/azure/defender/monitor-external-accounts-with-write-permissions/README.md
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step10.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step10.png
new file mode 100644
index 000000000..025c9ba62
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step10.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step2.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step2.png
new file mode 100644
index 000000000..0a8d6d309
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step2.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step3.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step3.png
new file mode 100644
index 000000000..f9e7f6a14
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step3.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step4.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step4.png
new file mode 100644
index 000000000..ae43219ff
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step4.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step5.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step5.png
new file mode 100644
index 000000000..c9873a86e
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step5.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step6.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step6.png
new file mode 100644
index 000000000..49b42d951
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step6.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step7.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step7.png
new file mode 100644
index 000000000..dcdd4373b
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step7.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step8.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step8.png
new file mode 100644
index 000000000..913fb1a1d
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step8.png differ
diff --git a/resources/azure/defender/monitor-external-accounts-with-write-permissions/step9.png b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step9.png
new file mode 100644
index 000000000..323266be7
Binary files /dev/null and b/resources/azure/defender/monitor-external-accounts-with-write-permissions/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/README.md b/resources/azure/defender/monitor-ip-forwarding/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-disk-encryption/README.md
rename to resources/azure/defender/monitor-ip-forwarding/README.md
diff --git a/resources/azure/defender/monitor-ip-forwarding/step10.png b/resources/azure/defender/monitor-ip-forwarding/step10.png
new file mode 100644
index 000000000..025c9ba62
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step10.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step2.png b/resources/azure/defender/monitor-ip-forwarding/step2.png
new file mode 100644
index 000000000..0a8d6d309
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step2.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step3.png b/resources/azure/defender/monitor-ip-forwarding/step3.png
new file mode 100644
index 000000000..f9e7f6a14
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step3.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step4.png b/resources/azure/defender/monitor-ip-forwarding/step4.png
new file mode 100644
index 000000000..ae43219ff
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step4.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step5.png b/resources/azure/defender/monitor-ip-forwarding/step5.png
new file mode 100644
index 000000000..c9873a86e
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step5.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step6.png b/resources/azure/defender/monitor-ip-forwarding/step6.png
new file mode 100644
index 000000000..49b42d951
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step6.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step7.png b/resources/azure/defender/monitor-ip-forwarding/step7.png
new file mode 100644
index 000000000..dcdd4373b
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step7.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step8.png b/resources/azure/defender/monitor-ip-forwarding/step8.png
new file mode 100644
index 000000000..4d6750f07
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step8.png differ
diff --git a/resources/azure/defender/monitor-ip-forwarding/step9.png b/resources/azure/defender/monitor-ip-forwarding/step9.png
new file mode 100644
index 000000000..c14abc3c4
Binary files /dev/null and b/resources/azure/defender/monitor-ip-forwarding/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/README.md b/resources/azure/defender/monitor-jit-network-access/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-endpoint-protection/README.md
rename to resources/azure/defender/monitor-jit-network-access/README.md
diff --git a/resources/azure/defender/monitor-jit-network-access/step10.png b/resources/azure/defender/monitor-jit-network-access/step10.png
new file mode 100644
index 000000000..025c9ba62
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step10.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step2.png b/resources/azure/defender/monitor-jit-network-access/step2.png
new file mode 100644
index 000000000..0a8d6d309
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step2.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step3.png b/resources/azure/defender/monitor-jit-network-access/step3.png
new file mode 100644
index 000000000..f9e7f6a14
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step3.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step4.png b/resources/azure/defender/monitor-jit-network-access/step4.png
new file mode 100644
index 000000000..ae43219ff
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step4.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step5.png b/resources/azure/defender/monitor-jit-network-access/step5.png
new file mode 100644
index 000000000..c9873a86e
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step5.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step6.png b/resources/azure/defender/monitor-jit-network-access/step6.png
new file mode 100644
index 000000000..49b42d951
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step6.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step7.png b/resources/azure/defender/monitor-jit-network-access/step7.png
new file mode 100644
index 000000000..dcdd4373b
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step7.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step8.png b/resources/azure/defender/monitor-jit-network-access/step8.png
new file mode 100644
index 000000000..d42124c07
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step8.png differ
diff --git a/resources/azure/defender/monitor-jit-network-access/step9.png b/resources/azure/defender/monitor-jit-network-access/step9.png
new file mode 100644
index 000000000..cd8b6ba7e
Binary files /dev/null and b/resources/azure/defender/monitor-jit-network-access/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/README.md b/resources/azure/defender/monitor-next-generation-firewall/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-jit-network-access/README.md
rename to resources/azure/defender/monitor-next-generation-firewall/README.md
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step10.png b/resources/azure/defender/monitor-next-generation-firewall/step10.png
new file mode 100644
index 000000000..025c9ba62
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step10.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step2.png b/resources/azure/defender/monitor-next-generation-firewall/step2.png
new file mode 100644
index 000000000..0a8d6d309
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step2.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step3.png b/resources/azure/defender/monitor-next-generation-firewall/step3.png
new file mode 100644
index 000000000..f9e7f6a14
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step3.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step4.png b/resources/azure/defender/monitor-next-generation-firewall/step4.png
new file mode 100644
index 000000000..ae43219ff
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step4.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step5.png b/resources/azure/defender/monitor-next-generation-firewall/step5.png
new file mode 100644
index 000000000..c9873a86e
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step5.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step6.png b/resources/azure/defender/monitor-next-generation-firewall/step6.png
new file mode 100644
index 000000000..49b42d951
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step6.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step7.png b/resources/azure/defender/monitor-next-generation-firewall/step7.png
new file mode 100644
index 000000000..dcdd4373b
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step7.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step8.png b/resources/azure/defender/monitor-next-generation-firewall/step8.png
new file mode 100644
index 000000000..9a6d9445c
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step8.png differ
diff --git a/resources/azure/defender/monitor-next-generation-firewall/step9.png b/resources/azure/defender/monitor-next-generation-firewall/step9.png
new file mode 100644
index 000000000..1aabecfcd
Binary files /dev/null and b/resources/azure/defender/monitor-next-generation-firewall/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/README.md b/resources/azure/defender/monitor-system-updates/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-nsg-enabled/README.md
rename to resources/azure/defender/monitor-system-updates/README.md
diff --git a/resources/azure/defender/monitor-system-updates/step10.png b/resources/azure/defender/monitor-system-updates/step10.png
new file mode 100644
index 000000000..025c9ba62
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step10.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step2.png b/resources/azure/defender/monitor-system-updates/step2.png
new file mode 100644
index 000000000..0a8d6d309
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step2.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step3.png b/resources/azure/defender/monitor-system-updates/step3.png
new file mode 100644
index 000000000..f9e7f6a14
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step3.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step4.png b/resources/azure/defender/monitor-system-updates/step4.png
new file mode 100644
index 000000000..ae43219ff
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step4.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step5.png b/resources/azure/defender/monitor-system-updates/step5.png
new file mode 100644
index 000000000..c9873a86e
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step5.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step6.png b/resources/azure/defender/monitor-system-updates/step6.png
new file mode 100644
index 000000000..49b42d951
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step6.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step7.png b/resources/azure/defender/monitor-system-updates/step7.png
new file mode 100644
index 000000000..dcdd4373b
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step7.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step8.png b/resources/azure/defender/monitor-system-updates/step8.png
new file mode 100644
index 000000000..e69738031
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step8.png differ
diff --git a/resources/azure/defender/monitor-system-updates/step9.png b/resources/azure/defender/monitor-system-updates/step9.png
new file mode 100644
index 000000000..261214fa9
Binary files /dev/null and b/resources/azure/defender/monitor-system-updates/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/README.md b/resources/azure/defender/monitor-total-number-of-subscription-owners/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-sql-auditing/README.md
rename to resources/azure/defender/monitor-total-number-of-subscription-owners/README.md
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step10.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step10.png
new file mode 100644
index 000000000..025c9ba62
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step10.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step2.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step2.png
new file mode 100644
index 000000000..0a8d6d309
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step2.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step3.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step3.png
new file mode 100644
index 000000000..f9e7f6a14
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step3.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step4.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step4.png
new file mode 100644
index 000000000..ae43219ff
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step4.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step5.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step5.png
new file mode 100644
index 000000000..c9873a86e
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step5.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step6.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step6.png
new file mode 100644
index 000000000..49b42d951
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step6.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step7.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step7.png
new file mode 100644
index 000000000..dcdd4373b
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step7.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step8.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step8.png
new file mode 100644
index 000000000..afb67868e
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step8.png differ
diff --git a/resources/azure/defender/monitor-total-number-of-subscription-owners/step9.png b/resources/azure/defender/monitor-total-number-of-subscription-owners/step9.png
new file mode 100644
index 000000000..2872639c2
Binary files /dev/null and b/resources/azure/defender/monitor-total-number-of-subscription-owners/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/README.md b/resources/azure/defender/security-configuration-monitoring/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-sql-encryption/README.md
rename to resources/azure/defender/security-configuration-monitoring/README.md
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step2.png b/resources/azure/defender/security-configuration-monitoring/step2.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step2.png
rename to resources/azure/defender/security-configuration-monitoring/step2.png
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step3.png b/resources/azure/defender/security-configuration-monitoring/step3.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step3.png
rename to resources/azure/defender/security-configuration-monitoring/step3.png
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step4.png b/resources/azure/defender/security-configuration-monitoring/step4.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step4.png
rename to resources/azure/defender/security-configuration-monitoring/step4.png
diff --git a/resources/azure/defender/security-configuration-monitoring/step5.png b/resources/azure/defender/security-configuration-monitoring/step5.png
new file mode 100644
index 000000000..78e5bdd5b
Binary files /dev/null and b/resources/azure/defender/security-configuration-monitoring/step5.png differ
diff --git a/resources/azure/defender/security-configuration-monitoring/step6.png b/resources/azure/defender/security-configuration-monitoring/step6.png
new file mode 100644
index 000000000..bd9aa4992
Binary files /dev/null and b/resources/azure/defender/security-configuration-monitoring/step6.png differ
diff --git a/resources/azure/defender/security-configuration-monitoring/step7.png b/resources/azure/defender/security-configuration-monitoring/step7.png
new file mode 100644
index 000000000..b5c5995e5
Binary files /dev/null and b/resources/azure/defender/security-configuration-monitoring/step7.png differ
diff --git a/resources/azure/defender/security-configuration-monitoring/step8.png b/resources/azure/defender/security-configuration-monitoring/step8.png
new file mode 100644
index 000000000..1ae017780
Binary files /dev/null and b/resources/azure/defender/security-configuration-monitoring/step8.png differ
diff --git a/resources/azure/defender/security-configuration-monitoring/step9.png b/resources/azure/defender/security-configuration-monitoring/step9.png
new file mode 100644
index 000000000..be7e67db3
Binary files /dev/null and b/resources/azure/defender/security-configuration-monitoring/step9.png differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/README.md b/resources/azure/defender/security-contacts-additional-email/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-system-updates/README.md
rename to resources/azure/defender/security-contacts-additional-email/README.md
diff --git a/resources/azure/securitycenter/monitor-system-updates/step2.png b/resources/azure/defender/security-contacts-additional-email/step2.png
similarity index 100%
rename from resources/azure/securitycenter/monitor-system-updates/step2.png
rename to resources/azure/defender/security-contacts-additional-email/step2.png
diff --git a/resources/azure/securitycenter/monitor-system-updates/step3.png b/resources/azure/defender/security-contacts-additional-email/step3.png
similarity index 100%
rename from resources/azure/securitycenter/monitor-system-updates/step3.png
rename to resources/azure/defender/security-contacts-additional-email/step3.png
diff --git a/resources/azure/securitycenter/monitor-system-updates/step4.png b/resources/azure/defender/security-contacts-additional-email/step4.png
similarity index 100%
rename from resources/azure/securitycenter/monitor-system-updates/step4.png
rename to resources/azure/defender/security-contacts-additional-email/step4.png
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step5.png b/resources/azure/defender/security-contacts-additional-email/step5.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step5.png
rename to resources/azure/defender/security-contacts-additional-email/step5.png
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step6.png b/resources/azure/defender/security-contacts-additional-email/step6.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step6.png
rename to resources/azure/defender/security-contacts-additional-email/step6.png
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step7.png b/resources/azure/defender/security-contacts-additional-email/step7.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step7.png
rename to resources/azure/defender/security-contacts-additional-email/step7.png
diff --git a/resources/azure/securitycenter/high-severity-alerts-enabled/step8.png b/resources/azure/defender/security-contacts-additional-email/step8.png
similarity index 100%
rename from resources/azure/securitycenter/high-severity-alerts-enabled/step8.png
rename to resources/azure/defender/security-contacts-additional-email/step8.png
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/README.md b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/README.md
similarity index 100%
rename from resources/azure/securitycenter/monitor-vm-vulnerability/README.md
rename to resources/azure/defender/security-contacts-enabled-for-subscription-owner/README.md
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step2.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step2.png
similarity index 100%
rename from resources/azure/securitycenter/monitor-vm-vulnerability/step2.png
rename to resources/azure/defender/security-contacts-enabled-for-subscription-owner/step2.png
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step3.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step3.png
similarity index 100%
rename from resources/azure/securitycenter/monitor-vm-vulnerability/step3.png
rename to resources/azure/defender/security-contacts-enabled-for-subscription-owner/step3.png
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step4.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step4.png
similarity index 100%
rename from resources/azure/securitycenter/monitor-vm-vulnerability/step4.png
rename to resources/azure/defender/security-contacts-enabled-for-subscription-owner/step4.png
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step5.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step5.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step5.png
rename to resources/azure/defender/security-contacts-enabled-for-subscription-owner/step5.png
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step6.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step6.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step6.png
rename to resources/azure/defender/security-contacts-enabled-for-subscription-owner/step6.png
diff --git a/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step7.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step7.png
new file mode 100644
index 000000000..090d4c4ec
Binary files /dev/null and b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step7.png differ
diff --git a/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step8.png b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step8.png
new file mode 100644
index 000000000..e5f32532b
Binary files /dev/null and b/resources/azure/defender/security-contacts-enabled-for-subscription-owner/step8.png differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/README.md b/resources/azure/defender/security-contacts-enabled/README.md
similarity index 100%
rename from resources/azure/securitycenter/security-configuration-monitoring/README.md
rename to resources/azure/defender/security-contacts-enabled/README.md
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step2.png b/resources/azure/defender/security-contacts-enabled/step2.png
similarity index 100%
rename from resources/azure/securitycenter/security-configuration-monitoring/step2.png
rename to resources/azure/defender/security-contacts-enabled/step2.png
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step3.png b/resources/azure/defender/security-contacts-enabled/step3.png
similarity index 100%
rename from resources/azure/securitycenter/security-configuration-monitoring/step3.png
rename to resources/azure/defender/security-contacts-enabled/step3.png
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step4.png b/resources/azure/defender/security-contacts-enabled/step4.png
similarity index 100%
rename from resources/azure/securitycenter/security-configuration-monitoring/step4.png
rename to resources/azure/defender/security-contacts-enabled/step4.png
diff --git a/resources/azure/defender/security-contacts-enabled/step5.png b/resources/azure/defender/security-contacts-enabled/step5.png
new file mode 100644
index 000000000..86626a41c
Binary files /dev/null and b/resources/azure/defender/security-contacts-enabled/step5.png differ
diff --git a/resources/azure/defender/security-contacts-enabled/step6.png b/resources/azure/defender/security-contacts-enabled/step6.png
new file mode 100644
index 000000000..e03af6ad8
Binary files /dev/null and b/resources/azure/defender/security-contacts-enabled/step6.png differ
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step7.png b/resources/azure/defender/security-contacts-enabled/step7.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step7.png
rename to resources/azure/defender/security-contacts-enabled/step7.png
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step8.png b/resources/azure/defender/security-contacts-enabled/step8.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step8.png
rename to resources/azure/defender/security-contacts-enabled/step8.png
diff --git a/resources/azure/securitycenter/security-contacts-enabled/README.md b/resources/azure/defender/standard-pricing-enabled/README.md
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/README.md
rename to resources/azure/defender/standard-pricing-enabled/README.md
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step2.png b/resources/azure/defender/standard-pricing-enabled/step2.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step2.png
rename to resources/azure/defender/standard-pricing-enabled/step2.png
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step3.png b/resources/azure/defender/standard-pricing-enabled/step3.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step3.png
rename to resources/azure/defender/standard-pricing-enabled/step3.png
diff --git a/resources/azure/securitycenter/security-contacts-enabled/step4.png b/resources/azure/defender/standard-pricing-enabled/step4.png
similarity index 100%
rename from resources/azure/securitycenter/security-contacts-enabled/step4.png
rename to resources/azure/defender/standard-pricing-enabled/step4.png
diff --git a/resources/azure/defender/standard-pricing-enabled/step5.png b/resources/azure/defender/standard-pricing-enabled/step5.png
new file mode 100644
index 000000000..25ccfd3d4
Binary files /dev/null and b/resources/azure/defender/standard-pricing-enabled/step5.png differ
diff --git a/resources/azure/defender/standard-pricing-enabled/step6.png b/resources/azure/defender/standard-pricing-enabled/step6.png
new file mode 100644
index 000000000..ed53b17ed
Binary files /dev/null and b/resources/azure/defender/standard-pricing-enabled/step6.png differ
diff --git a/resources/azure/defender/standard-pricing-enabled/step7.png b/resources/azure/defender/standard-pricing-enabled/step7.png
new file mode 100644
index 000000000..2db2e8131
Binary files /dev/null and b/resources/azure/defender/standard-pricing-enabled/step7.png differ
diff --git a/resources/azure/defender/standard-pricing-enabled/step8.png b/resources/azure/defender/standard-pricing-enabled/step8.png
new file mode 100644
index 000000000..fa3de9013
Binary files /dev/null and b/resources/azure/defender/standard-pricing-enabled/step8.png differ
diff --git a/resources/azure/securitycenter/admin-security-alerts-enabled/step9.png b/resources/azure/securitycenter/admin-security-alerts-enabled/step9.png
deleted file mode 100644
index dfd442e7f..000000000
Binary files a/resources/azure/securitycenter/admin-security-alerts-enabled/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step10.png b/resources/azure/securitycenter/application-whitelisting-enabled/step10.png
deleted file mode 100644
index 1ea766654..000000000
Binary files a/resources/azure/securitycenter/application-whitelisting-enabled/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step5.png b/resources/azure/securitycenter/application-whitelisting-enabled/step5.png
deleted file mode 100644
index a6ecf9a05..000000000
Binary files a/resources/azure/securitycenter/application-whitelisting-enabled/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step6.png b/resources/azure/securitycenter/application-whitelisting-enabled/step6.png
deleted file mode 100644
index 0b12ebd18..000000000
Binary files a/resources/azure/securitycenter/application-whitelisting-enabled/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step7.png b/resources/azure/securitycenter/application-whitelisting-enabled/step7.png
deleted file mode 100644
index 55ddf2b87..000000000
Binary files a/resources/azure/securitycenter/application-whitelisting-enabled/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step8.png b/resources/azure/securitycenter/application-whitelisting-enabled/step8.png
deleted file mode 100644
index 7d07732fe..000000000
Binary files a/resources/azure/securitycenter/application-whitelisting-enabled/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/application-whitelisting-enabled/step9.png b/resources/azure/securitycenter/application-whitelisting-enabled/step9.png
deleted file mode 100644
index 741b5cb46..000000000
Binary files a/resources/azure/securitycenter/application-whitelisting-enabled/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step5.png b/resources/azure/securitycenter/auto-provisioning-enabled/step5.png
deleted file mode 100644
index 46f104d5a..000000000
Binary files a/resources/azure/securitycenter/auto-provisioning-enabled/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step6.png b/resources/azure/securitycenter/auto-provisioning-enabled/step6.png
deleted file mode 100644
index 187679d76..000000000
Binary files a/resources/azure/securitycenter/auto-provisioning-enabled/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step7.png b/resources/azure/securitycenter/auto-provisioning-enabled/step7.png
deleted file mode 100644
index 7c4417a3a..000000000
Binary files a/resources/azure/securitycenter/auto-provisioning-enabled/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step8.png b/resources/azure/securitycenter/auto-provisioning-enabled/step8.png
deleted file mode 100644
index 89dec3c93..000000000
Binary files a/resources/azure/securitycenter/auto-provisioning-enabled/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/auto-provisioning-enabled/step9.png b/resources/azure/securitycenter/auto-provisioning-enabled/step9.png
deleted file mode 100644
index a7d8bc8c1..000000000
Binary files a/resources/azure/securitycenter/auto-provisioning-enabled/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step10.png b/resources/azure/securitycenter/monitor-blob-encryption/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step11.png b/resources/azure/securitycenter/monitor-blob-encryption/step11.png
deleted file mode 100644
index d41793e71..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step2.png b/resources/azure/securitycenter/monitor-blob-encryption/step2.png
deleted file mode 100644
index d7a339c0c..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step4.png b/resources/azure/securitycenter/monitor-blob-encryption/step4.png
deleted file mode 100644
index e0a559253..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step5.png b/resources/azure/securitycenter/monitor-blob-encryption/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step6.png b/resources/azure/securitycenter/monitor-blob-encryption/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step7.png b/resources/azure/securitycenter/monitor-blob-encryption/step7.png
deleted file mode 100644
index 2760f885d..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step8.png b/resources/azure/securitycenter/monitor-blob-encryption/step8.png
deleted file mode 100644
index 09f97e830..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-blob-encryption/step9.png b/resources/azure/securitycenter/monitor-blob-encryption/step9.png
deleted file mode 100644
index 30223c82f..000000000
Binary files a/resources/azure/securitycenter/monitor-blob-encryption/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step10.png b/resources/azure/securitycenter/monitor-disk-encryption/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step11.png b/resources/azure/securitycenter/monitor-disk-encryption/step11.png
deleted file mode 100644
index 2a4c32c7e..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step2.png b/resources/azure/securitycenter/monitor-disk-encryption/step2.png
deleted file mode 100644
index ff0ddecea..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step3.png b/resources/azure/securitycenter/monitor-disk-encryption/step3.png
deleted file mode 100644
index 01d1f124d..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step3.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step4.png b/resources/azure/securitycenter/monitor-disk-encryption/step4.png
deleted file mode 100644
index c23b63538..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step5.png b/resources/azure/securitycenter/monitor-disk-encryption/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step6.png b/resources/azure/securitycenter/monitor-disk-encryption/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step7.png b/resources/azure/securitycenter/monitor-disk-encryption/step7.png
deleted file mode 100644
index d6b14bace..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step8.png b/resources/azure/securitycenter/monitor-disk-encryption/step8.png
deleted file mode 100644
index 70df91ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-disk-encryption/step9.png b/resources/azure/securitycenter/monitor-disk-encryption/step9.png
deleted file mode 100644
index 86f67d202..000000000
Binary files a/resources/azure/securitycenter/monitor-disk-encryption/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step10.png b/resources/azure/securitycenter/monitor-endpoint-protection/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step11.png b/resources/azure/securitycenter/monitor-endpoint-protection/step11.png
deleted file mode 100644
index f1ef7da17..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step2.png b/resources/azure/securitycenter/monitor-endpoint-protection/step2.png
deleted file mode 100644
index cfde9d1e4..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step3.png b/resources/azure/securitycenter/monitor-endpoint-protection/step3.png
deleted file mode 100644
index 4a8dc2082..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step3.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step4.png b/resources/azure/securitycenter/monitor-endpoint-protection/step4.png
deleted file mode 100644
index b8a515918..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step5.png b/resources/azure/securitycenter/monitor-endpoint-protection/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step6.png b/resources/azure/securitycenter/monitor-endpoint-protection/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step7.png b/resources/azure/securitycenter/monitor-endpoint-protection/step7.png
deleted file mode 100644
index c95c0c8d8..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step8.png b/resources/azure/securitycenter/monitor-endpoint-protection/step8.png
deleted file mode 100644
index 40aa71be2..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-endpoint-protection/step9.png b/resources/azure/securitycenter/monitor-endpoint-protection/step9.png
deleted file mode 100644
index 86f67d202..000000000
Binary files a/resources/azure/securitycenter/monitor-endpoint-protection/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step10.png b/resources/azure/securitycenter/monitor-jit-network-access/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step11.png b/resources/azure/securitycenter/monitor-jit-network-access/step11.png
deleted file mode 100644
index 101efa1de..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step2.png b/resources/azure/securitycenter/monitor-jit-network-access/step2.png
deleted file mode 100644
index cfde9d1e4..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step3.png b/resources/azure/securitycenter/monitor-jit-network-access/step3.png
deleted file mode 100644
index 4a8dc2082..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step3.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step4.png b/resources/azure/securitycenter/monitor-jit-network-access/step4.png
deleted file mode 100644
index b8a515918..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step5.png b/resources/azure/securitycenter/monitor-jit-network-access/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step6.png b/resources/azure/securitycenter/monitor-jit-network-access/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step7.png b/resources/azure/securitycenter/monitor-jit-network-access/step7.png
deleted file mode 100644
index 61544252c..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step8.png b/resources/azure/securitycenter/monitor-jit-network-access/step8.png
deleted file mode 100644
index 40aa71be2..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-jit-network-access/step9.png b/resources/azure/securitycenter/monitor-jit-network-access/step9.png
deleted file mode 100644
index 86f67d202..000000000
Binary files a/resources/azure/securitycenter/monitor-jit-network-access/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step10.png b/resources/azure/securitycenter/monitor-nsg-enabled/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step11.png b/resources/azure/securitycenter/monitor-nsg-enabled/step11.png
deleted file mode 100644
index 71e843e69..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step2.png b/resources/azure/securitycenter/monitor-nsg-enabled/step2.png
deleted file mode 100644
index d7a339c0c..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step3.png b/resources/azure/securitycenter/monitor-nsg-enabled/step3.png
deleted file mode 100644
index 49f319ef9..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step3.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step4.png b/resources/azure/securitycenter/monitor-nsg-enabled/step4.png
deleted file mode 100644
index e0a559253..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step5.png b/resources/azure/securitycenter/monitor-nsg-enabled/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step6.png b/resources/azure/securitycenter/monitor-nsg-enabled/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step7.png b/resources/azure/securitycenter/monitor-nsg-enabled/step7.png
deleted file mode 100644
index b7567f113..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step8.png b/resources/azure/securitycenter/monitor-nsg-enabled/step8.png
deleted file mode 100644
index 09f97e830..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-nsg-enabled/step9.png b/resources/azure/securitycenter/monitor-nsg-enabled/step9.png
deleted file mode 100644
index 86f67d202..000000000
Binary files a/resources/azure/securitycenter/monitor-nsg-enabled/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step10.png b/resources/azure/securitycenter/monitor-sql-auditing/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step11.png b/resources/azure/securitycenter/monitor-sql-auditing/step11.png
deleted file mode 100644
index 70cacc3a1..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step2.png b/resources/azure/securitycenter/monitor-sql-auditing/step2.png
deleted file mode 100644
index ff0ddecea..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step3.png b/resources/azure/securitycenter/monitor-sql-auditing/step3.png
deleted file mode 100644
index 01d1f124d..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step3.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step4.png b/resources/azure/securitycenter/monitor-sql-auditing/step4.png
deleted file mode 100644
index c23b63538..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step5.png b/resources/azure/securitycenter/monitor-sql-auditing/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step6.png b/resources/azure/securitycenter/monitor-sql-auditing/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step7.png b/resources/azure/securitycenter/monitor-sql-auditing/step7.png
deleted file mode 100644
index 49f953c49..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step8.png b/resources/azure/securitycenter/monitor-sql-auditing/step8.png
deleted file mode 100644
index 70df91ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-auditing/step9.png b/resources/azure/securitycenter/monitor-sql-auditing/step9.png
deleted file mode 100644
index 86f67d202..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-auditing/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step10.png b/resources/azure/securitycenter/monitor-sql-encryption/step10.png
deleted file mode 100644
index 9df01ccdb..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step11.png b/resources/azure/securitycenter/monitor-sql-encryption/step11.png
deleted file mode 100644
index 232797999..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step11.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step2.png b/resources/azure/securitycenter/monitor-sql-encryption/step2.png
deleted file mode 100644
index ff0ddecea..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step2.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step3.png b/resources/azure/securitycenter/monitor-sql-encryption/step3.png
deleted file mode 100644
index 01d1f124d..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step3.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step4.png b/resources/azure/securitycenter/monitor-sql-encryption/step4.png
deleted file mode 100644
index c23b63538..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step4.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step5.png b/resources/azure/securitycenter/monitor-sql-encryption/step5.png
deleted file mode 100644
index 13fbb99d1..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step6.png b/resources/azure/securitycenter/monitor-sql-encryption/step6.png
deleted file mode 100644
index ff30e7ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step7.png b/resources/azure/securitycenter/monitor-sql-encryption/step7.png
deleted file mode 100644
index 7ef6ca640..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step8.png b/resources/azure/securitycenter/monitor-sql-encryption/step8.png
deleted file mode 100644
index 70df91ae5..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-sql-encryption/step9.png b/resources/azure/securitycenter/monitor-sql-encryption/step9.png
deleted file mode 100644
index 86f67d202..000000000
Binary files a/resources/azure/securitycenter/monitor-sql-encryption/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/step10.png b/resources/azure/securitycenter/monitor-system-updates/step10.png
deleted file mode 100644
index dda4eb200..000000000
Binary files a/resources/azure/securitycenter/monitor-system-updates/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/step5.png b/resources/azure/securitycenter/monitor-system-updates/step5.png
deleted file mode 100644
index a6ecf9a05..000000000
Binary files a/resources/azure/securitycenter/monitor-system-updates/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/step6.png b/resources/azure/securitycenter/monitor-system-updates/step6.png
deleted file mode 100644
index 0b12ebd18..000000000
Binary files a/resources/azure/securitycenter/monitor-system-updates/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/step7.png b/resources/azure/securitycenter/monitor-system-updates/step7.png
deleted file mode 100644
index 55ddf2b87..000000000
Binary files a/resources/azure/securitycenter/monitor-system-updates/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/step8.png b/resources/azure/securitycenter/monitor-system-updates/step8.png
deleted file mode 100644
index 2dbb868db..000000000
Binary files a/resources/azure/securitycenter/monitor-system-updates/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-system-updates/step9.png b/resources/azure/securitycenter/monitor-system-updates/step9.png
deleted file mode 100644
index b36adcf72..000000000
Binary files a/resources/azure/securitycenter/monitor-system-updates/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step10.png b/resources/azure/securitycenter/monitor-vm-vulnerability/step10.png
deleted file mode 100644
index e915b7f83..000000000
Binary files a/resources/azure/securitycenter/monitor-vm-vulnerability/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step5.png b/resources/azure/securitycenter/monitor-vm-vulnerability/step5.png
deleted file mode 100644
index a6ecf9a05..000000000
Binary files a/resources/azure/securitycenter/monitor-vm-vulnerability/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step6.png b/resources/azure/securitycenter/monitor-vm-vulnerability/step6.png
deleted file mode 100644
index 0b12ebd18..000000000
Binary files a/resources/azure/securitycenter/monitor-vm-vulnerability/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step7.png b/resources/azure/securitycenter/monitor-vm-vulnerability/step7.png
deleted file mode 100644
index 55ddf2b87..000000000
Binary files a/resources/azure/securitycenter/monitor-vm-vulnerability/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step8.png b/resources/azure/securitycenter/monitor-vm-vulnerability/step8.png
deleted file mode 100644
index ff42900fe..000000000
Binary files a/resources/azure/securitycenter/monitor-vm-vulnerability/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/monitor-vm-vulnerability/step9.png b/resources/azure/securitycenter/monitor-vm-vulnerability/step9.png
deleted file mode 100644
index 150f393df..000000000
Binary files a/resources/azure/securitycenter/monitor-vm-vulnerability/step9.png and /dev/null differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step10.png b/resources/azure/securitycenter/security-configuration-monitoring/step10.png
deleted file mode 100644
index 6a6f87bb9..000000000
Binary files a/resources/azure/securitycenter/security-configuration-monitoring/step10.png and /dev/null differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step5.png b/resources/azure/securitycenter/security-configuration-monitoring/step5.png
deleted file mode 100644
index a6ecf9a05..000000000
Binary files a/resources/azure/securitycenter/security-configuration-monitoring/step5.png and /dev/null differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step6.png b/resources/azure/securitycenter/security-configuration-monitoring/step6.png
deleted file mode 100644
index 0b12ebd18..000000000
Binary files a/resources/azure/securitycenter/security-configuration-monitoring/step6.png and /dev/null differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step7.png b/resources/azure/securitycenter/security-configuration-monitoring/step7.png
deleted file mode 100644
index 55ddf2b87..000000000
Binary files a/resources/azure/securitycenter/security-configuration-monitoring/step7.png and /dev/null differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step8.png b/resources/azure/securitycenter/security-configuration-monitoring/step8.png
deleted file mode 100644
index eed1ef437..000000000
Binary files a/resources/azure/securitycenter/security-configuration-monitoring/step8.png and /dev/null differ
diff --git a/resources/azure/securitycenter/security-configuration-monitoring/step9.png b/resources/azure/securitycenter/security-configuration-monitoring/step9.png
deleted file mode 100644
index 38202f18b..000000000
Binary files a/resources/azure/securitycenter/security-configuration-monitoring/step9.png and /dev/null differ