Merge pull request #259354 from dcurwin/wi-181050-mdvm-migrate-nov22-2023

MDVM migration

Author: PMEds28

articles/defender-for-cloud/TOC.yml

@@ -367,7 +367,7 @@
           displayName: map, network map
           href: protect-network-resources.md
         - name: Lock down logins with multifactor authentication
-          displayName: identity, access, AAD, active directory, multi-factor,
+          displayName: identity, access, AAD, active directory, multifactor,
             authentication, multifactor, users, passwords
           href: multi-factor-authentication-enforcement.md
         - name: Other threat protections
@@ -615,6 +615,10 @@
             href: disable-vulnerability-findings-containers.md
           - name: REST API
             href: subassessment-rest-api.md
+          - name: Transition to Defender Vulnerability Management
+            href: transition-to-defender-vulnerability-management.md
+          - name: Common questions 
+            href: common-questions-microsoft-defender-vulnerability-management.md
       - name: Vulnerability assessment for AWS powered by Trivy (deprecated)
         displayName: AWS, ECR, registry, images, qualys
         href: defender-for-containers-vulnerability-assessment-elastic.md

articles/defender-for-cloud/common-questions-microsoft-defender-vulnerability-management.md

@@ -0,0 +1,68 @@
+---
+title: Common questions about the Microsoft Defender Vulnerability Management solution
+description: Answers to common questions on the new Container VA offering powered by Microsoft Defender Vulnerability Management
+ms.topic: faq
+ms.date: 11/30/2023
+---
+
+# Common questions about the Microsoft Defender Vulnerability Management solution
+
+Get answers to common questions on the new Container VA offering powered by Microsoft Defender Vulnerability Management solution.
+
+## How do I transition to the container vulnerability assessment powered by Microsoft Defender Vulnerability Management?
+
+See the [Transition Guide for Containers](transition-to-defender-vulnerability-management.md) for recommended guidance on transitioning to Microsoft Defender Vulnerability Management for container image vulnerability assessment scanning.
+
+## Is there any change to pricing when transitioning to container vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management?
+
+No. The cost of the vulnerability assessment scanning is included in Defender for Containers, Defender CSPM and Defender for Container Registries (deprecated) and doesn't differ in regard to the scanner being used.
+
+## Am I being billed twice when scanning with both offerings?
+
+No. Each unique image is billed once according to the pricing of the Defender plan enabled, regardless of scanner.
+
+## Does container vulnerability assessment powered by Microsoft Defender Vulnerability Management require an agent?
+
+Vulnerability assessment for container images in the registry is agentless.
+Vulnerability assessment for runtime supports both agentless and agent-based deployment. This approach allows us to provide maximum visibility when vulnerability assessment is enabled, while providing improved refresh rate for image inventory on clusters running our agent.
+
+## Is there any difference in supported environments between the Qualys and Microsoft Defender Vulnerability Management powered offerings?
+
+Both offerings support registry scan for ACR and ECR as well as runtime vulnerability assessment for AKS and EKS.
+
+## How complicated is it to enable container vulnerability assessment powered by Microsoft Defender Vulnerability Management?
+
+The Microsoft Defender Vulnerability Management powered offering is already enabled by default in all supported plans. For instructions on how to re-enable Microsoft Defender Vulnerability Management with a single click if you previously disabled this offering, see [Enabling vulnerability assessments powered by Microsoft Defender Vulnerability Management](enable-vulnerability-assessment.md).
+
+## How long does it take for a new image to be scanned with the Microsoft Defender Vulnerability Management powered offering?
+
+In Azure, new images are typically scanned in a few minutes, and it might take up to an hour in rare cases. In AWS, new images are typically scanned within a few hours, and might take up to a day in rare cases.
+
+## Is there any difference between scanning criteria for the Qualys and Microsoft Defender Vulnerability Management offerings?
+
+Container vulnerability assessment powered by Microsoft Defender Vulnerability Management for Azure supports all scan triggers supported by Qualys, and in addition also supports scanning of all images pushed in the last 90 days to a registry. For more information, see [scanning triggers for Microsoft Defender Vulnerability Management for Azure](agentless-vulnerability-assessment-azure.md#scan-triggers). Container vulnerability assessment powered by Microsoft Defender Vulnerability Management for AWS supports a subset of the scanning criteria. For more information, see [scanning triggers for Microsoft Defender Vulnerability Management for AWS](agentless-vulnerability-assessment-aws.md#scan-triggers).
+
+## Is there a difference in rescan period between the Qualys and Microsoft Defender Vulnerability Management offerings?
+
+Vulnerability assessments performed using the Qualys scanner are refreshed weekly.
+Vulnerability assessments performed using the Microsoft Defender Vulnerability Management scanner are refreshed daily. For Defender for Container Registries (deprecated), rescan period is once every 7 days for vulnerability assessments performed by both the Qualys and Microsoft Defender Vulnerability Management scanner.
+
+## Is there any difference between the OS and language packages covered by the Qualys and Microsoft Defender Vulnerability Management offerings?
+
+Container vulnerability assessment powered by Microsoft Defender Vulnerability Management supports all OS packages and language packages supported by Qualys except FreeBSD. In addition, the offering powered by Microsoft Defender Vulnerability Management also provides support for Red Hat Enterprise version 8 and 9, CentOS versions 8 and 9, Oracle Linux 9, openSUSE Tumbleweed, Debian 12, Fedora 36 and 37, and CBL-Mariner 1 and 2.
+There's no difference for coverage of language specific packages between the Qualys and Microsoft Defender Vulnerability Management powered offerings.
+
+- [Full list of supported packages and their versions for Microsoft Defender Vulnerability Management](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management)
+
+- [Full list of supported packages and their versions for Qualys](support-matrix-defender-for-containers.md#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys)
+
+## Are there any other capabilities that are unique to the Microsoft Defender Vulnerability Management powered offering?
+
+- Each reported vulnerability is enriched with real-world exploit exploitability insights, helping customers prioritize remediation of vulnerabilities with known exploit methods and exploitability tools. Exploit sources include CISA key, exploit DB, Microsoft Security Response Center, and more.
+- Vulnerability reports for OS packages are enriched with evidence on commands that can be used to find the vulnerable package.
+
+## Next steps
+  
+- Learn about [Defender for Containers](defender-for-containers-introduction.md)
+- Learn more about [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-azure.md)
+- Learn more about [Vulnerability assessments for AWS with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-aws.md)

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -1,21 +1,20 @@
 ---
-title: Vulnerability assessment for Azure powered by Qualys
+title: Vulnerability assessment for Azure powered by Qualys 
 description: Learn how to use Defender for Containers to scan images in your Azure Container Registry to find vulnerabilities.
 author: dcurwin
 ms.author: dacurwin
-ms.date: 09/06/2023
+ms.date: 12/19/2023
 ms.topic: how-to
 ms.custom: ignite-2022, build-2023
 ---
 
-# Vulnerability assessment for Azure powered by Qualys
+# Vulnerability assessment for Azure powered by Qualys 
 
 Vulnerability assessment for Azure, powered by Qualys, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
 
 > [!NOTE]
 >
-> - This offering is only available for customers using the Qualys offering prior to November 15, 2023. Customers that onboarded to Defender for Containers after this date should use [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-azure.md).
-> - This feature supports scanning of images in the Azure Container Registry (ACR) only. If you want to find vulnerabilities stored in other container registries, you can import the images into ACR, after which the imported images are scanned by the built-in vulnerability assessment solution. Learn how to [import container images to a container registry](/azure/container-registry/container-registry-import-images).
+> This feature supports scanning of images in the Azure Container Registry (ACR) only. If you want to find vulnerabilities stored in other container registries, you can import the images into ACR, after which the imported images are scanned by the built-in vulnerability assessment solution. Learn how to [import container images to a container registry](/azure/container-registry/container-registry-import-images).
 
 In every subscription where this capability is enabled, all images stored in ACR (existing and new) are automatically scanned for vulnerabilities without any extra configuration of users or registries. Recommendations with vulnerability reports are provided for all images in ACR as well as images that are currently running in AKS that were pulled from an ACR registry. Images are scanned shortly after being added to a registry, and rescanned for new vulnerabilities once every week.