added release note and new note

Author: ElazarK

articles/defender-for-cloud/release-notes.md

@@ -24,11 +24,18 @@ If you're looking for items older than six months, you can find them in the [Arc
 
 |Date | Update |
 |--|--|
+| April 3 | [Risk prioritization is now the default experience in Defender for Cloud](#risk-prioritization-is-now-the-default-experience-in-defender-for-cloud) |
 | April 3 | [Defender for open-source relational databases updates](#defender-for-open-source-relational-databases-updates) |
 | April 2 | [Update to recommendations to align with Azure AI Services resources](#update-to-recommendations-to-align-with-azure-ai-services-resources) |
 | April 2 | [Deprecation of Cognitive Services recommendation](#deprecation-of-cognitive-services-recommendation) |
 | April 2 | [Containers multicloud recommendations (GA)](#containers-multicloud-recommendations-ga) |
 
+### Risk prioritization is now the default experience in Defender for Cloud
+
+Risk prioritization is now the default experience in Defender for Cloud. This feature helps you to focus on the most critical security issues in your environment by prioritizing recommendations based on the risk factors of each resource. The risk factors include the potential impact of the security issue being breached, the categories of risk, and the attack path that the security issue is part of.
+
+Learn more about [risk prioritization](risk-prioritization.md).
+
 ### Defender for open-source relational databases updates
 
 April 3, 2024

articles/defender-for-cloud/risk-prioritization.md

@@ -21,6 +21,11 @@ Defender for Cloud then analyzes which security issues are part of potential att
 
 Microsoft Defender for Cloud's resources and workloads are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture.
 
+> [!NOTE]
+> Recommendations are included with the [Foundational CSPM plan](concept-cloud-security-posture-management.md#plan-availability) which is included with Defender for Cloud. However, risk prioritization and governance is supported only with the [Defender CSPM plan](concept-cloud-security-posture-management.md#plan-availability).
+>
+> If you environment is not protected by the Defender CSPM plan the columns with the risk prioritization features will appear blurred out.
+
 Different resources can have the same recommendation with different risk levels. For example, a recommendation to enable MFA on a user account can have a different risk level for different users. The risk level is determined by the risk factors of each resource, such as its configuration, network connections, and security posture. The risk level is calculated based on the potential impact of the security issue being breached, the categories of risk, and the attack path that the security issue is part of.
 
 In Defender for Cloud, navigate to the **Recommendations** dashboard to view an overview of the recommendations that exist for your environments prioritized by risk look at your environments.