adding details

Author: habibaum

articles/migrate/assessment-properties.md

@@ -27,4 +27,5 @@ This article explains the assessment properties on the **General** tab that you
 | |**Discount (%)** | Any subscription-specific discounts you receive on top of the Azure offer. The default setting is 0%. | 
 | | **VM uptime** | The duration in days per month and hours per day for Azure VMs that won't run continuously. Cost estimates are based on that duration. The default values are 31 days per month and 24 hours per day. | 
 | | **Azure Hybrid Benefit**| Specifies whether you have software assurance and are eligible for [Azure Hybrid Benefit](https://azure.microsoft.com/pricing/hybrid-benefit/) to use your existing OS licenses. For Azure VM assessments, you can bring in both Windows and Linux licenses. If the setting is enabled, Azure prices for selected operating systems aren't considered for VM costing.  |
-|**Security** | **Security** | Specifies whether you want to assess readiness and cost for security tooling on Azure. If the setting has the default value **Yes, with Microsoft Defender for Cloud**, it assesses security readiness and costs for your Azure VM with Microsoft Defender for Cloud. | 
+|**Security** | **Security** | Specifies whether you want to assess readiness and cost for security tooling on Azure. If the setting has the default value **Yes, with Microsoft Defender for Cloud**, it assesses security readiness and costs for your Azure VM with Microsoft Defender for Cloud. | 
+|**VM Security Type** | | Specifies is you want to verify readiness for Trusted Launch Virtual Machines (TVMs), Standard Virtual Machines, or both. By default, readiness is verified for both. We recommended to migrate eligible VMs to Trusted Launch, as TVMs provide enhanced security features, such as secure boot and virtual TPM at no extra cost.| 

articles/migrate/review-assessment.md

@@ -152,4 +152,11 @@ For servers recommended for Azure VM, if they're ready to run Defender for Serve
 
 Costs are displayed in the currency specified in the assessment settings. 
 
-For each on-premises server, you can review if there are any data collection issues that might result in a low confidence score of the overall assessment.  
+For each on-premises server, you can review if there are any data collection issues that might result in a low confidence score of the overall assessment.  
+
+## VM Security type
+
+
+Azure Migrate determines the recommended VM security type, Trusted Launch or Standard—based on an evaluation of each VM's compatibility with Trusted Launch Virtual Machine (TVM) requirements. It verifies the supported operating systems, generation type (Gen 2), boot and disk configuration, and other prerequisites defined by Azure for Trusted Launch. If a VM meets these requirements, Trusted Launch is recommended by default to provide enhanced security features, such as secure boot, vTPM, and integrity monitoring at no extra cost. If the VM doesn't meet the criteria, it is assigned a Standard security type, ensuring compatibility while maintaining migration readiness.
+
+For more information on requirements for Trusted Launch Virtual Machines. [Leaen more](/azure/virtual-machines/trusted-launch).

articles/migrate/tutorial-migrate-physical-virtual-machines.md

@@ -369,10 +369,14 @@ Now, select machines for migration.
     :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/source-settings.png" alt-text="Screenshot that shows source settings.":::
 
 1. In **Virtual machines**, in **Import migration settings from an assessment?**, leave the default setting **No, I'll specify the migration settings manually**.
-1. Check each VM you want to migrate. Then select **Next: Target settings**.
+1. By default, VMs that are eligible for Trusted Launch are migrated as TVMs. Trusted Launch VMs provide enhanced security features such as secure boot and virtual TPM at no additional cost, and we recommend using them whenever applicable.
+
+
 
     :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/select-vms-inline.png" alt-text="Screenshot that shows selecting VMs." lightbox="./media/tutorial-migrate-physical-virtual-machines/select-vms-expanded.png":::
 
+1. Check each VM you want to migrate. Then select **Next: Target settings**.
+
 1. In **Target settings**, select the subscription to which you'll migrate. (The region is set to your selection in the previous step and can't be modified.) Specify the resource group in which the Azure VMs will reside after migration.
 1. In **Virtual Network**, select the Azure virtual network/subnet to which the Azure VMs will be joined after migration.
 1. In **Cache storage account**, keep the default option to use the cache storage account that's automatically created for the project. Use the dropdown list if you want to specify a different storage account to use as the cache storage account for replication. <br/>
@@ -407,6 +411,8 @@ Now, select machines for migration.
     - **Availability Zone**: Specify the availability zone to use.
     - **Availability Set**: Specify the availability set to use.
 
+1. **VM Security Type**: Azure Migrate recommends migrating eligible VMs to Trusted Launch Virtual Machines (TVMs) for enhanced security. By default, the VM security type is set to Trusted Launch. VMs that are not eligible for Trusted Launch are automatically be configured as standard security VMs. 
+
 1. In **Disks**, specify whether the VM disks should be replicated to Azure. Select the disk type (standard SSD/HDD or premium managed disks) in Azure. Then select **Next**.
     - You can exclude disks from replication.
     - If you exclude disks, they won't be present on the Azure VM after migration.