update dec 18 b

David Curwin · David Curwin · commit c1609a94831e · 2023-12-18T15:01:13.000+02:00
diff --git a/articles/defender-for-cloud/TOC.yml b/articles/defender-for-cloud/TOC.yml
@@ -596,7 +596,7 @@
       - name: How does Defender for Containers work?
         displayName: containers
         href: defender-for-containers-architecture.md
-      - name: Vulnerability assessment for Azure powered by Qualys
+      - name: Vulnerability assessment for Azure powered by Qualys (Deprecated)
         displayName: ACR, registry, images, qualys
         href: defender-for-containers-vulnerability-assessment-azure.md
       - name: Vulnerability assessments powered by Microsoft Defender Vulnerability Management
diff --git a/articles/defender-for-cloud/common-questions-microsoft-defender-vulnerability-management.md b/articles/defender-for-cloud/common-questions-microsoft-defender-vulnerability-management.md
@@ -28,19 +28,19 @@ Vulnerability assessment for runtime supports both agentless and agent-based dep
 
 ## Is there any difference in supported environments between the Qualys and Microsoft Defender Vulnerability Management powered offerings?
 
-Both offerings support registry scan for Azure Container Registry and runtime vulnerability assessment for Azure Kubernetes Services.
+Both offerings support registry scan for ACR and ECR as well as runtime vulnerability assessment for AKS and EKS.
 
 ## How complicated is it to enable container vulnerability assessment powered by Microsoft Defender Vulnerability Management?
 
-The Microsoft Defender Vulnerability Management powered offering is already enabled by default in all supported plans. For instructions on how to re-enable Microsoft Defender Vulnerability Management with a single click if you previously disabled this offering, see [Enabling vulnerability assessments in Azure powered by Microsoft Defender Vulnerability Management](enable-vulnerability-assessment.md).
+The Microsoft Defender Vulnerability Management powered offering is already enabled by default in all supported plans. For instructions on how to re-enable Microsoft Defender Vulnerability Management with a single click if you previously disabled this offering, see [Enabling vulnerability assessments powered by Microsoft Defender Vulnerability Management](enable-vulnerability-assessment.md).
 
 ## How long does it take for a new image to be scanned with the Microsoft Defender Vulnerability Management powered offering?
 
-In Azure, new images are typically scanned in a few minutes, and it might take up to an hour in rare cases.
+In Azure, new images are typically scanned in a few minutes, and it might take up to an hour in rare cases. In AWS, new images are typically scanned within a few hours, and might take up to a day in rare cases.
 
 ## Is there any difference between scanning criteria for the Qualys and Microsoft Defender Vulnerability Management offerings?
 
-Container vulnerability assessment powered by Microsoft Defender Vulnerability Management supports all scan triggers supported by Qualys, and in addition also supports scanning of all images pushed in the last 90 days to a registry. For more information, see [scanning triggers for Microsoft Defender Vulnerability Management](agentless-container-registry-vulnerability-assessment.md#scan-triggers).
+Container vulnerability assessment powered by Microsoft Defender Vulnerability Management for Azure supports all scan triggers supported by Qualys, and in addition also supports scanning of all images pushed in the last 90 days to a registry. For more information, see [scanning triggers for Microsoft Defender Vulnerability Management for Azure](agentless-vulnerability-assessment-azure.md#scan-triggers). Container vulnerability assessment powered by Microsoft Defender Vulnerability Management for AWS supports a subset of the scanning criteria. For more information, see [scanning triggers for Microsoft Defender Vulnerability Management for AWS](agentless-vulnerability-assessment-aws.md#scan-triggers).
 
 ## Is there a difference in rescan period between the Qualys and Microsoft Defender Vulnerability Management offerings?
 
@@ -64,4 +64,5 @@ There's no difference for coverage of language specific packages between the Qua
 ## Next steps
   
 - Learn about [Defender for Containers](defender-for-containers-introduction.md)
-- Learn more about [container image vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management](agentless-container-registry-vulnerability-assessment.md)
+- Learn more about [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-azure.md)
+- Learn more about [Vulnerability assessments for AWS with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-aws.md)
diff --git a/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md b/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md
@@ -1,5 +1,5 @@
 ---
-title: Vulnerability assessment for Azure powered by Qualys
+title: Vulnerability assessment for Azure powered by Qualys (Deprecated)
 description: Learn how to use Defender for Containers to scan images in your Azure Container Registry to find vulnerabilities.
 author: dcurwin
 ms.author: dacurwin
@@ -8,7 +8,17 @@ ms.topic: how-to
 ms.custom: ignite-2022, build-2023
 ---
 
-# Vulnerability assessment for Azure powered by Qualys
+# Vulnerability assessment for Azure powered by Qualys (Deprecated)
+
+> [!IMPORTANT]
+>
+> The Defender for Cloud Containers Vulnerability Assessment powered by Qualys is now on a retirement path completing on **March 1st, 2024**. If you are currently using container vulnerability assessment powered by Qualys, start planning your transition to [Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-azure.md) or [Vulnerability assessments for AWS with Microsoft Defender Vulnerability Management](agentless-vulnerability-assessment-aws.md).
+>
+> - For more information about our decision to unify our vulnerability assessment offering with Microsoft Defender Vulnerability Management, see [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
+>
+> - For more information about migrating to our new container vulnerability assessment offering powered by Microsoft Defender Vulnerability Management, see [Transition from Qualys to Microsoft Defender Vulnerability Management](transition-to-defender-vulnerability-management.md).
+>
+> - For common questions about the transition to Microsoft Defender Vulnerability Management, see [Common questions about the Microsoft Defender Vulnerability Management solution](common-questions-microsoft-defender-vulnerability-management.md).
 
 Vulnerability assessment for Azure, powered by Qualys, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
 
diff --git a/articles/defender-for-cloud/release-notes.md b/articles/defender-for-cloud/release-notes.md
@@ -24,13 +24,46 @@ If you're looking for items older than six months, you can find them in the [Arc
 
 | Date | Update |
 |--|--|
+| December 14 | [General availability of Containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management in Azure Government and Azure operated by 21Vianet](#general-availability-of-containers-vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management-in-azure-government-and-azure-operated-by-21vianet) |
+| December 14 | [Public preview of Windows support for Containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management](#public-preview-of-windows-support-for-containers-vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management) |
 | December 13 | [Retirement of AWS container vulnerability assessment powered by Trivy](#retirement-of-aws-container-vulnerability-assessment-powered-by-trivy) |
 | December 13 | [Agentless container posture for AWS in Defender for Containers and Defender CSPM (Preview)](#agentless-container-posture-for-aws-in-defender-for-containers-and-defender-cspm-preview) |
 | December 13 | [Deny effect - replacing deprecated policies](#deny-effect---replacing-deprecated-policies) |
 | December 13 | [General availability (GA) support for PostgreSQL Flexible Server in Defender for open-source relational databases plan](#general-availability-support-for-postgresql-flexible-server-in-defender-for-open-source-relational-databases-plan) |
 | December 12 | [Container vulnerability assessment powered by Microsoft Defender Vulnerability Management now supports Google Distroless](#container-vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management-now-supports-google-distroless) |
 | December 4 | [Defender for Storage alert released for preview: malicious blob was downloaded from a storage account](#defender-for-storage-alert-released-for-preview-malicious-blob-was-downloaded-from-a-storage-account) |
 
+## General availability of Containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management in Azure Government and Azure operated by 21Vianet
+
+December 14, 2023
+
+Vulnerability assessment (VA) for Linux container images in Azure container registries powered by Microsoft Defender Vulnerability Management is released for General Availability (GA) in Azure Government and Azure operated by 21Vianet. This new release is available under the Defender for Containers and Defender for Container Registries plans.
+
+As part of this change, the following recommendations are released for GA, and are included in secure score calculation:
+
+| Recommendation name                                          | Description                                                  | Assessment key                       |
+| ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------ |
+| Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) | Container image vulnerability assessments scan your registry for commonly known vulnerabilities (CVEs) and provide a detailed vulnerability report for each image. Resolving vulnerabilities can greatly improve your security posture, ensuring images are safe to use prior to deployment. | c0b7cfc6-3172-465a-b378-53c7ff2cc0d5 |
+| Running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) | Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management). <br /><br />Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. This recommendation provides visibility to vulnerable images currently running in your Kubernetes clusters. Remediating vulnerabilities in container images that are currently running is key to improving your security posture, significantly reducing the attack surface for your containerized workloads. | c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5 |
+
+Container image scan powered by Microsoft Defender Vulnerability Management now also incurs charges according to [plan pricing](https://azure.microsoft.com/pricing/details/defender-for-cloud/?v=17.23h#pricing).
+
+> [!NOTE]
+> Images scanned both by our container VA offering powered by Qualys and Container VA offering powered by Microsoft Defender Vulnerability Management will only be billed once.
+
+The following Qualys recommendations for Containers Vulnerability Assessment are renamed and continue to be available for customers who enabled Defender for Containers on any of their subscriptions prior to this release. New customers onboarding Defender for Containers after this release will only see the new Container vulnerability assessment recommendations powered by Microsoft Defender Vulnerability Management.
+
+| Current recommendation name                                  | New recommendation name                                      | Description                                                  | Assessment key                       |
+| ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------ |
+| Container registry images should have vulnerability findings resolved (powered by Qualys) | Azure registry container images should have vulnerabilities resolved (powered by Qualys) | Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | dbd0cb49-b563-45e7-9724-889e799fa648 |
+| Running container images should have vulnerability findings resolved (powered by Qualys) | Azure running container images should have vulnerabilities resolved - (powered by Qualys) | Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | 41503391-efa5-47ee-9282-4eff6131462  |
+
+## Public preview of Windows support for Containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management
+
+December 14, 2023
+
+Support for Windows images was released in public preview as part of Vulnerability assessment (VA) powered by Microsoft Defender Vulnerability Management for Azure container registries and Azure Kubernetes Services.
+
 ### Retirement of AWS container vulnerability assessment powered by Trivy
 
 December 13, 2023
diff --git a/articles/defender-for-cloud/transition-to-defender-vulnerability-management.md b/articles/defender-for-cloud/transition-to-defender-vulnerability-management.md
@@ -9,28 +9,37 @@ ms.date: 11/23/2023
 
 Microsoft Defender for Cloud is unifying all vulnerability assessment solutions to utilize the Microsoft Defender Vulnerability Management vulnerability scanner.
 
-Microsoft Defender Vulnerability Management integrates across many cloud native use cases, such as containers build/runtime scenarios, agentless scanning for Virtual Machines (VM) and more.
+Microsoft Defender Vulnerability Management integrates across many cloud native use cases, such as containers ship and runtime scenarios. As part of this change, we're retiring our built-in vulnerability assessments offering powered by Qualys.
 
-## Step 1: Enable Microsoft Defender Vulnerability Management scanning for container images
+> [!IMPORTANT]
+> The Defender for Cloud Containers Vulnerability Assessment powered by Qualys is now on a retirement path completing on **March 1st, 2024**.
+>
+> Customers that onboarded at least one subscription to Defender for Containers prior to **November 15th, 2023** can to continue to use Container Vulnerability Assessment powered by Qualys until **March 1st, 2024**.
+>
+> For more information about the change, see see [Defender for Cloud unifies Vulnerability Assessment solution powered by Microsoft Defender Vulnerability Management](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-cloud-unified-vulnerability-assessment-powered-by/ba-p/3990112).
+
+If you're currently using the built vulnerability assessment solution powered by Qualys, start planning for the upcoming deprecations by following the steps on this page.
+
+## Step 1: Verify that scanning is enabled
 
 Container vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management is enabled by default for Defender for Containers, Defender for Container Registries (deprecated) and Defender Cloud Security Posture Management. Organizations that disabled it need to re-enable the **Agentless container vulnerability assessment** toggle in one of the plans. It reflects automatically to any of the mentioned plans enabled.
 
 :::image type="content" source="media/transition-to-defender-vulnerability-management/enable-agentless-container-vulnerability-assessment.png" alt-text="Screenshot of enabling “Agentless container vulnerability assessment” in settings." lightbox="media/transition-to-defender-vulnerability-management/enable-agentless-container-vulnerability-assessment.png":::
 
-For more information on enabling Microsoft Defender Vulnerability Management scanning, see [Enable vulnerability assessment in Azure powered by Microsoft Defender Vulnerability Management](enable-vulnerability-assessment.md).
+For more information on enabling Microsoft Defender Vulnerability Management scanning, see [Enable vulnerability assessment powered by Microsoft Defender Vulnerability Management](enable-vulnerability-assessment.md).
 
-## Step 2: Transition to only view Microsoft Defender Vulnerability Management recommendations
+## Step 2: Disable Qualys recommendations
 
-If your organization is ready to transition to container vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management and no longer receive results from the Qualys recommendations, you can go ahead and disable the recommendations reporting on Qualys scanning results. Following are recommendation names and assessment keys to be referenced throughout this guide.
+If your organization is ready to transition to container vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management and no longer receive results from the Qualys recommendations, you can go ahead and disable the recommendations reporting on Qualys scanning results. Following are the recommendation names and assessment keys referenced throughout this guide.
 
-### Qualys recommendations and Assessment Keys
+### Qualys recommendations and assessment Keys
 
 | Recommendation | Description | Assessment Key
 |--|--|--|
 | [Azure registry container images should have vulnerability findings resolved (powered by Qualys)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainerRegistryRecommendationDetailsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648)| Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | dbd0cb49-b563-45e7-9724-889e799fa648 |
 | [Azure running container images should have vulnerability findings resolved (powered by Qualys)](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/KubernetesRuntimeVisibilityRecommendationDetailsBlade/assessmentKey/41503391-efa5-47ee-9282-4eff6131462c) | Container image vulnerability assessment scans container images running on your Kubernetes clusters for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks. | 41503391-efa5-47ee-9282-4eff6131462c |
 
-### Microsoft Defender Vulnerability Management recommendations and Assessment Keys
+### Microsoft Defender Vulnerability Management recommendations and assessment keys
 
 | Recommendation | Description | Assessment Key
 |--|--|--|
@@ -268,7 +277,7 @@ The workbook provides results from both Qualys and Microsoft Defender Vulnerabil
 
     :::image type="content" source="media/transition-to-defender-vulnerability-management/exploitable-vulnerabilities-dashboard.png" alt-text="Screenshot of exploitable vulnerabilities dashboard." lightbox="media/transition-to-defender-vulnerability-management/exploitable-vulnerabilities-dashboard.png":::
 
-- **Additional ARG queries**: You can use this workbook to view additional examples of how to query ARG data between Qualys and Microsoft Defender Vulnerability Management. For more information on how to edit workbooks, see [Workbooks gallery in Microsoft Defender for Cloud]( custom-dashboards-azure-workbooks.md#workbooks-gallery-in-microsoft-defender-for-cloud).
+- **Additional ARG queries**: You can use this workbook to view more examples of how to query ARG data between Qualys and Microsoft Defender Vulnerability Management. For more information on how to edit workbooks, see [Workbooks gallery in Microsoft Defender for Cloud]( custom-dashboards-azure-workbooks.md#workbooks-gallery-in-microsoft-defender-for-cloud).
 
 ## Next steps
 
diff --git a/articles/defender-for-cloud/upcoming-changes.md b/articles/defender-for-cloud/upcoming-changes.md
