MicrosoftDocs
diff --git a/‎articles/security-center/built-in-vulnerability-assessment.md
Lines changed: 35 additions & 14 deletions b/‎articles/security-center/built-in-vulnerability-assessment.md
Lines changed: 35 additions & 14 deletions
diff --git a/‎articles/security-center/media/built-in-vulnerability-assessment/va-vm-flow-diagram.png
74.8 KB b/‎articles/security-center/media/built-in-vulnerability-assessment/va-vm-flow-diagram.png
74.8 KB
@@ -1,6 +1,6 @@
 ---
 title: Built-in vulnerability scanner in Azure Security Center
-description: Azure Security Center includes a fully integrated vulnerability assessment solution from Qualys. This article describes how to deploy and use the tool.
+description: Azure Security Center includes a fully integrated vulnerability assessment solution from Qualys. Learn more about this Security Center extension on this page.
 services: security-center
 documentationcenter: na
 author: memildin
@@ -10,7 +10,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 03/22/2020
+ms.date: 03/30/2020
 ms.author: memildin
 
 ---
@@ -24,23 +24,44 @@ This feature is currently in preview.
 > [!NOTE]
 > Security Center supports the integration of tools from other vendors, but you'll need to handle the licensing costs, deployment, and configuration. For more information, see [Deploying a partner vulnerability scanning solution](partner-vulnerability-assessment.md). You can also use those instructions to integrate your organization's own Qualys license, if you choose not to use the built-in vulnerability scanner included with Azure Security Center.
 
-## Deploying the Qualys built-in vulnerability scanner (Standard tier only)
+
+## Overview of the integrated vulnerability scanner
+
+The vulnerability scanner extension works as follows:
+
+1. **Deploy** - Azure Security Center deploys the Qualys extension to the selected virtual machine/s.
+
+1. **Gather information** - The extension collects artifacts and sends them for analysis in the Qualys cloud service in the defined region.
+
+1. **Analyze** - Qualys's cloud service conducts the vulnerability assessment and sends its findings to Security Center. 
+
+    > [!IMPORTANT]
+    > To ensure the privacy, confidentiality, and security of our customers, Microsoft doesn't share customer details with Qualys. [Learn more about the privacy standards built into Azure](https://www.microsoft.com/trust-center/privacy).
+
+
+1. **Report** - The findings are available to you in Security Center.
+
+[![Process flow diagram for Azure Security Center's built-in vulnerability scanner](media/built-in-vulnerability-assessment/va-vm-flow-diagram.png)](media/built-in-vulnerability-assessment/va-vm-flow-diagram.png#lightbox)
+
+
+
+## Deploying the Qualys built-in vulnerability scanner
 
 The simplest way to scan your Azure-based virtual machines for vulnerabilities is to use the built-in vulnerability scanner. 
 
 To deploy the vulnerability scanner extension:
 
-1. Open Azure Security Center and go to the **Recommendations** page. 
+1. Open Azure Security Center and go to the **Recommendations** page for a subscription on the standard pricing tier.
 
-1. Select the recommendation named "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)".
+1. Select the recommendation named **"Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)"**.
 
     [![Recommendations page in Azure Security Center filtered to Qualys recommendations](media/built-in-vulnerability-assessment/va-recommendations-enable-selected.png)](media/built-in-vulnerability-assessment/va-recommendations-enable-selected.png#lightbox)
 
     Your VMs will appear in one or more of the following groups:
 
     * **Healthy resources** – the vulnerability scanner extension has been deployed to these VMs.
     * **Unhealthy resources** – the vulnerability scanner extension can be deployed to these VMs. 
-    * **Not applicable resources** – these VMs can't have the vulnerability scanner extension deployed. Your VM might be in this tab because it's on the free pricing tier, it's missing the ImageReference class (relevant to custom images and VMs restored from backup, as explained in the Azure for .NET documentation](https://docs.microsoft.com/dotnet/api/microsoft.azure.batch.imagereference?view=azure-dotnet), or it's not running one of the supported OSes:
+    * **Not applicable resources** – these VMs can't have the vulnerability scanner extension deployed. Your VM might be in this tab because it's on the free pricing tier, it's missing the ImageReference class (relevant to custom images and VMs restored from backup, as explained in [this Azure for .NET page](https://docs.microsoft.com/dotnet/api/microsoft.azure.batch.imagereference?view=azure-dotnet)), or it's not running one of the supported OSes:
 
         - All versions of Windows    
         - Red Hat Enterprise Linux 6.7, 7.6
@@ -60,7 +81,7 @@ To deploy the vulnerability scanner extension:
 
 ## Viewing and remediating discovered vulnerabilities
 
-When Security Center identifies vulnerabilities, it presents findings and related information as recommendations. The related information includes remediation steps, related CVEs, CVSS scores, and more. You can view the identified vulnerabilities for one or more subscriptions, or for a specific virtual machine.
+When Security Center identifies vulnerabilities, it presents findings and related information as recommendations. The related information includes remediation steps, related CVEs, CVSS scores, and more. You can view the identified vulnerabilities for one or more subscriptions, or for a specific VM.
 
 To see the findings and remediate the identified vulnerability:
 
@@ -72,7 +93,7 @@ To see the findings and remediate the identified vulnerability:
 
     [![List of findings from Qualys for all selected subscriptions](media/built-in-vulnerability-assessment/va-findings-all.png)](media/built-in-vulnerability-assessment/va-findings-all.png#lightbox)
 
-1. To filter the findings by a specific VM, open the "Affected resources" section and click the VM that interests you. Alternatively, select a VM from the resource health view, and view all relevant recommendations for that resource.
+1. To filter the findings by a specific VM, open the "Affected resources" section and click the VM that interests you. Or you can select a VM from the resource health view, and view all relevant recommendations for that resource.
 
     Security Center shows the findings for that VM, ordered by severity. 
 
@@ -104,7 +125,7 @@ For full instructions and a sample ARG query, see this Tech Community post: [Exp
 ## Built-in Qualys vulnerability scanner FAQ
 
 ### Are there any additional charges for the Qualys license?
-No. The built-in scanner is free to all standard tier users. The "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)" recommendation deploys a scanner that includes all the necessary licensing and configuration information. No additional licenses are required. 
+No. The built-in scanner is free to all standard tier users. The "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)" recommendation deploys the scanner with its licensing and configuration information. No additional licenses are required. 
 
 ### What permissions are required to install the Qualys extension?
 You'll need write permissions for any VM on which you want to deploy the extension.
@@ -136,18 +157,18 @@ Some updates to the vulnerability scanner extension may require manual deploymen
 
         ![Qualys agent extension version information](media/built-in-vulnerability-assessment/qualys-agent-extension-version.png)
 
-    1. If the version is 1.0.0.4, click **Uninstall** and wait until the extension is no longer listed in the Extensions page of the VM.
+    1. If the version is 1.0.0.4, click **Uninstall** and wait until the extension is no longer listed in the VM's extensions page.
 
     1. Restart the VM.
 
-    1. When the VM's status is "Running", deploy the extension as described above in [Deploying the Qualys built-in vulnerability scanner](#deploying-the-qualys-built-in-vulnerability-scanner-standard-tier-only).
+    1. When the VM's status is "Running", deploy the extension as described above in [Deploying the Qualys built-in vulnerability scanner](#deploying-the-qualys-built-in-vulnerability-scanner).
 
 ### Why does my VM show as "not applicable" in the recommendation?
 When you open the recommendation, you'll see your VMs in one or more of the following groups:
 
 - **Healthy resources** – the vulnerability scanner extension has been deployed to these VMs.
 - **Unhealthy resources** – the vulnerability scanner extension can be deployed to these VMs. 
-- **Not applicable resources** – These VMs can't have the vulnerability scanner extension deployed. Your VM might be in this tab because it's on the free pricing tier, it's missing the ImageReference class (relevant to custom images and VMs restored from backup, as explained in the Azure for .NET documentation](https://docs.microsoft.com/dotnet/api/microsoft.azure.batch.imagereference?view=azure-dotnet), or it's not running one of the supported OSes:
+- **Not applicable resources** – These VMs can't have the vulnerability scanner extension deployed. Your VM might be in this tab because it's on the free pricing tier, it's missing the ImageReference class (relevant to custom images and VMs restored from backup, as explained in [this Azure for .NET page](https://docs.microsoft.com/dotnet/api/microsoft.azure.batch.imagereference?view=azure-dotnet)), or it's not running one of the supported OSes:
 
     - All versions of Windows
     - Red Hat Enterprise Linux 6.7, 7.6
@@ -161,12 +182,12 @@ When you open the recommendation, you'll see your VMs in one or more of the foll
 The scanner is running on your virtual machine and looking for vulnerabilities of the VM itself. From the virtual machine, it can't scan your network.
 
 ### Does the scanner integrate with my existing Qualys console?
-The Security Center extension is a separate tool from your existing Qualys scanner and, because of licensing restrictions, must be used within Azure Security Center.
+The Security Center extension is a separate tool from your existing Qualys scanner. Licensing restrictions mean that it can only be used within Azure Security Center.
 
 ### Microsoft Defender Advanced Threat Protection also includes Threat & Vulnerability Management (TVM). How is the Security Center Vulnerability Assessment extension different?
 Microsoft is actively developing world-class vulnerability management with Microsoft Defender ATP's Threat & Vulnerability Management solution, built into Windows.
 
-Today, Azure Security Center's Vulnerability Assessment extension is powered by Qualys. This ensures support for both Windows and Linux virtual machines. The extension also benefits from Qualys's own knowledge of vulnerabilities that don't yet have CVEs.
+Today, Azure Security Center's Vulnerability Assessment extension is powered by Qualys. The Qualys extension ensures support for both Windows and Linux VMs. The extension also benefits from Qualys's own knowledge of vulnerabilities that don't yet have CVEs.
 
 ## Next steps
 This article described the Azure Security Center Vulnerability Assessment extension (powered by Qualys) for scanning your VMs. For related material, see the following articles: