Update upcoming-changes.md

added links, more info from Tomer

Author: AlizaBernstein

articles/defender-for-cloud/upcoming-changes.md

@@ -159,6 +159,12 @@ The recommendation `Running container images should have vulnerability findings
 |--|--|--| 
 | Running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) | Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. This recommendation provides visibility to vulnerable images currently running in your Kubernetes clusters. Remediating vulnerabilities in container images that are currently running is key to improving your security posture, significantly reducing the attack surface for your containerized workloads. | c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5
 
+ Customers with both Defender for the Containers plan and Defender CSPM plan should [disable the Qualys running containers recommendation](https://learn.microsoft.com/azure/defender-for-cloud/tutorial-security-policy#disable-a-security-recommendation), to avoid multiple reports for the same images with potential impact on the secure score.
+
+If you're currently using the sub-assesment API or Azure Resource Graph or continuous export, you should also update your requests to the new schema used by the MDVM recommendation prior to disabling the Qualys recommendation and use MDVM results instead.
+
+If you are also using our public preview offering for Windows containers vulnerability assessment powered by Qualys, and you would like to continue using it, you need to [disable Linux findings](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure#disable-specific-findings) using disable rules rather than disable the runtime recommendation.
+
 Learn more about [Agentless Containers Posture in Defender CSPM](concept-agentless-containers.md).
 
 ### Change to the Log Analytics daily cap