updates after review

Author: David Curwin

articles/defender-for-cloud/agentless-container-registry-vulnerability-assessment.md

@@ -34,7 +34,7 @@ Container vulnerability assessment powered by MDVM (Microsoft Defender Vulnerabi
 - **Support for exemptions** - Learn how to  [create exemption rules for a management group, resource group, or subscription](disable-vulnerability-findings-containers.md).
 - **Support for disabling vulnerabilities** - Learn how to [disable vulnerabilities on images](disable-vulnerability-findings-containers.md).
 
-## Scan Triggers
+## Scan triggers
 
 The triggers for an image scan are:
 
@@ -52,15 +52,15 @@ The triggers for an image scan are:
 
 A detailed description of the scan process is described as follows:
 
-1. When you enable the [container vulnerability assessment for Azure powered by MDVM](enable-vulnerability-assessment.md), you authorize Defender for Cloud to scan container images in your Azure Container registries.
-1. Defender for Cloud automatically discovers all containers registries, repositories and images (created before or after enabling this capability).
-1. Defender for Cloud receives notifications whenever a new image is pushed to an Azure Container Registry. The new image is then immediately added to the catalog of images Defender for Cloud maintains, and queues an action to scan the image immediately.
-1. Once a day, or when an image is pushed to a registry:
+- When you enable the [container vulnerability assessment for Azure powered by MDVM](enable-vulnerability-assessment.md), you authorize Defender for Cloud to scan container images in your Azure Container registries.
+- Defender for Cloud automatically discovers all containers registries, repositories and images (created before or after enabling this capability).
+- Defender for Cloud receives notifications whenever a new image is pushed to an Azure Container Registry. The new image is then immediately added to the catalog of images Defender for Cloud maintains, and queues an action to scan the image immediately.
+- Once a day, or when an image is pushed to a registry:
 
-   1. All newly discovered images are pulled, and an inventory is created for each image. Image inventory is kept to avoid further image pulls, unless required by new scanner capabilities.​
-   1. Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [agentless discovery and visibility within Kubernetes components](/azure/defender-for-cloud/concept-agentless-containers) and [inventory collected via the Defender agents running on AKS nodes](defender-for-containers-enable.md#deploy-the-defender-profile)
-   1. Vulnerability reports for container images are provided as a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/PhoenixContainerRegistryRecommendationDetailsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5).
-1. For customers using either [agentless discovery and visibility within Kubernetes components](concept-agentless-containers.md) or [inventory collected via the Defender agents running on AKS nodes](defender-for-containers-enable.md#deploy-the-defender-profile), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an AKS cluster.
+  - All newly discovered images are pulled, and an inventory is created for each image. Image inventory is kept to avoid further image pulls, unless required by new scanner capabilities.​
+  - Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [agentless discovery and visibility within Kubernetes components](/azure/defender-for-cloud/concept-agentless-containers) and [inventory collected via the Defender agents running on AKS nodes](defender-for-containers-enable.md#deploy-the-defender-profile)
+  - Vulnerability reports for container images are provided as a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/PhoenixContainerRegistryRecommendationDetailsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5).
+- For customers using either [agentless discovery and visibility within Kubernetes components](concept-agentless-containers.md) or [inventory collected via the Defender agents running on AKS nodes](defender-for-containers-enable.md#deploy-the-defender-profile), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an AKS cluster.
 
 > [!NOTE]
 > For Defender for Container Registries (deprecated), images are scanned once on push, and rescanned only once a week.

articles/defender-for-cloud/enable-vulnerability-assessment.md

@@ -1,13 +1,17 @@
 ---
 title: Enable vulnerability assessment in Azure powered by MDVM
-description: Learn how to enable vulnerability assessment in Azure powered by MDVM
+description: Learn how to enable vulnerability assessment in Azure powered by Microsoft Defender Vulnerability Management (MDVM)
 ms.service: defender-for-cloud
 ms.topic: how-to
 ms.date: 07/20/2023
 ---
 
 # Enable vulnerability assessment in Azure powered by MDVM
 
+Vulnerability assessment for Azure, powered by Microsoft Defender Vulnerability Management (MDVM), is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
+
+## How to enable vulnerability assessment in Azure powered by MDVM
+
 1. Before starting, verify that the subscription is [onboarded to Defender CSPM](tutorial-enable-cspm-plan.md), [Defender for Containers](tutorial-enable-containers-azure.md) or [Defender for Container Registries](defender-for-container-registries-introduction.md).
 1. In the Azure portal, navigate to the Defender for Cloud's **Environment Settings** page.
 
@@ -17,7 +21,7 @@ ms.date: 07/20/2023
 
 1. Select **Continue**.
 
-    :::image type="content" source="media/concept-agentless-containers/select-container-registries-vunlerability-assessments.png" alt-text="Screenshot of selecting agentless discovery for Kubernetes and Container registries vulnerability assessments." lightbox="media/concept-agentless-containers/select-container-registries-vunlerability-assessments.png":::
+    :::image type="content" source="media/concept-agentless-containers/select-container-registries-vulnerability-assessments.png" alt-text="Screenshot of selecting agentless discovery for Kubernetes and Container registries vulnerability assessments." lightbox="media/concept-agentless-containers/select-container-registries-vulnerability-assessments.png":::
 
 1. Select **Save**.
 
@@ -29,7 +33,7 @@ A notification message pops up in the top right corner that will verify that the
 - For Defender for Containers, use the Defender for Containers agent. For more information, see [Deploy the Defender profile in Azure](tutorial-enable-containers-azure.md#deploy-the-defender-profile-in-azure).
 - For Defender for Container Registries, there is no runtime coverage.
 
-## Next Steps
+## Next steps
 
 - Learn more about [Trusted Access](/azure/aks/trusted-access-feature).
 - Learn how to [view and remediate vulnerability assessment findings for registry images and running images](view-and-remediate-vulnerability-assessment-findings.md).

articles/defender-for-cloud/media/concept-agentless-containers/select-container-registries-vunlerability-assessments.png renamed to articles/defender-for-cloud/media/concept-agentless-containers/select-container-registries-vulnerability-assessments.png

@@ -40,9 +40,9 @@ July 31, 2023
 
 We're announcing the release of Vulnerability Assessment (VA) for Linux container images in Azure container registries powered by Microsoft Defender Vulnerability Management (MDVM) in Defender for Containers and Defender for Container Registries. The new container VA offering will be provided alongside our existing Container VA offering powered by Qualys in both Defender for Containers and Defender for Container Registries, and include daily rescans of container images, exploitability information, support for OS and programming languages (SCA) and more.
 
-This new offering will start rolling out today, and will be available to all customers By August 7.
+This new offering will start rolling out today, and is expected to be available to all customers By August 7.
 
-For more information, see [Container Vulnerability Assesment powered by MDVM](agentless-container-registry-vulnerability-assessment.md) and [Microsoft Defender Vulnerability Management (MDVM)](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management).
+For more information, see [Container Vulnerability Assessment powered by MDVM](agentless-container-registry-vulnerability-assessment.md) and [Microsoft Defender Vulnerability Management (MDVM)](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management).
 
 ### Agentless container posture in Defender CSPM is now Generally Available