Merge pull request #102780 from memildin/asc-melvyn-20200129

Added important note to qualys page and fixed network recs

Author: PRMerger6

articles/security-center/built-in-vulnerability-assessment.md

@@ -32,6 +32,10 @@ To deploy the vulnerability scanner extension:
 
 1. Select the recommendation named "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)".
 
+    > [!IMPORTANT]
+    > This preview recommendation is being rolled-out slowly across all regions. If you don't see it and want to use this feature, contact support.
+
+
     [![Recommendations page in Azure Security Center filtered to Qualys recommendations](media/built-in-vulnerability-assessment/va-recommendations-enable-selected.png)](media/built-in-vulnerability-assessment/va-recommendations-enable-selected.png#lightbox)
 
 1. From the Unhealthy resources tab, select the VMs on which you want to deploy the Qualys scanner and click **Remediate**. 

articles/security-center/recommendations-reference.md

@@ -30,7 +30,8 @@ Your secure score is based on how many Security Center recommendations you have
 |**Just-in-time network access control should be applied on virtual machines**|Apply just-in-time (JIT) virtual machine (VM) access control to permanently lock down access to selected ports, and enable authorized users to open them, via JIT, for a limited amount of time only.<br>(Related policy: Just-In-Time network access control should be applied on virtual machines)|High|N|Virtual machine|
 |**Network security groups on the subnet level should be enabled**|Enable network security groups to control network access of resources deployed in your subnets.<br>(Related policy: Subnets should be associated with a Network Security Group.<br>This policy is disabled by default)|High/ Medium|N|Subnet|
 |**Internet-facing virtual machines should be protected with Network Security Groups**|Enable Network Security Groups to control network access of your virtual machines.<br>(Related policy: Internet-facing virtual machines should be protected with Network Security Groups)|High/ Medium|N|Virtual machine|
-|**Access should be restricted for permissive network security groups with Internet-facing VMs**|Harden the network security groups of your Internet-facing VMs by restricting the access of your existing allow rules.<br>(Related policy: Network Security Group Rules for Internet facing virtual machines should be hardened)|High|N|Virtual machine|
+|**All network ports should be restricted on NSG associated to your VM**|Harden the network security groups of your Internet-facing VMs by restricting the access of your existing allow rules.<br>This recommendation is triggered when any port is opened to *all* sources (except for ports 22, 3389, 5985, 5986, 80, and 1443).<br>(Related policy: Access through internet facing endpoint should be restricted)|High|N|Virtual machine|
+|**Adaptive Network Hardening recommendations should be applied on internet facing virtual machines**|Customers on the standard pricing tier will see this recommendation when the Adaptive Network Hardening feature finds an overly-permissive NSG rule.<br>(Related policy: Adaptive Network Hardening recommendations should be applied on internet facing virtual machines)|High|N|Virtual machine|
 |**The rules for web applications on IaaS NSGs should be hardened**|Harden the network security group (NSG) of your virtual machines that are running web applications, with NSG rules that are overly permissive with regards to web application ports.<br>(Related policy: The NSGs rules for web applications on IaaS should be hardened)|High|N|Virtual machine|
 |**Access to App Services should be restricted**|Restrict access to your App Services by changing the networking configuration, to deny inbound traffic from ranges that are too broad.<br>(Related policy: [Preview]: Access to App Services should be restricted)|High|N|App service|
 |**Management ports should be closed on your virtual machines**|Harden the network security group of your virtual machines to restrict access to management ports.<br>(Related policy: Management ports should be closed on your virtual machines)|High|N|Virtual machine|