MicrosoftDocs
diff --git a/‎defender-endpoint/whats-new-in-microsoft-defender-endpoint.md‎
Lines changed: 7 additions & 1 deletion b/‎defender-endpoint/whats-new-in-microsoft-defender-endpoint.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎defender-vulnerability-management/defender-vulnerability-management-capabilities.md‎
Lines changed: 38 additions & 33 deletions b/‎defender-vulnerability-management/defender-vulnerability-management-capabilities.md‎
Lines changed: 38 additions & 33 deletions
diff --git a/‎defender-vulnerability-management/defender-vulnerability-management-faq.md‎
Lines changed: 8 additions & 3 deletions b/‎defender-vulnerability-management/defender-vulnerability-management-faq.md‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎defender-vulnerability-management/defender-vulnerability-management-trial.md‎
Lines changed: 8 additions & 3 deletions b/‎defender-vulnerability-management/defender-vulnerability-management-trial.md‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎defender-vulnerability-management/fixed-reported-inaccuracies.md‎
Lines changed: 8 additions & 3 deletions b/‎defender-vulnerability-management/fixed-reported-inaccuracies.md‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎defender-vulnerability-management/get-defender-vulnerability-management.md‎
Lines changed: 8 additions & 3 deletions b/‎defender-vulnerability-management/get-defender-vulnerability-management.md‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎defender-vulnerability-management/mdvm-onboard-devices.md‎
Lines changed: 8 additions & 9 deletions b/‎defender-vulnerability-management/mdvm-onboard-devices.md‎
Lines changed: 8 additions & 9 deletions
diff --git a/‎defender-vulnerability-management/retention-logic-mdvm.md‎
Lines changed: 8 additions & 3 deletions b/‎defender-vulnerability-management/retention-logic-mdvm.md‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md‎
Lines changed: 0 additions & 2 deletions b/‎defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md‎
Lines changed: 8 additions & 7 deletions b/‎defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md‎
Lines changed: 8 additions & 7 deletions
@@ -29,11 +29,17 @@ Learn more:
 - [What's new in Microsoft Defender for Endpoint on other operating systems and services](#whats-new-in-defender-for-endpoint-on-other-operating-systems-and-services)
 - [Preview features](/defender-xdr/preview)
 
+## December 2025
+
+|Feature  |Preview/GA  |Description  |
+|---------|------------|-------------|
+|[Triage collection](/azure/sentinel/datalake/sentinel-mcp-triage-tool) |Preview |Use triage collection to prioritize incidents and hunt threats with the Sentinel Model Context Protocol (MCP) server.|
+
 ## November 2025
 
 |Feature  |Preview/GA  |Description  |
 |---------|------------|-------------|
-|New predictive shielding response actions. |Preview |Defender for Endpoint now includes the [GPO hardening](respond-machine-alerts.md#gpo-hardening) and [Safeboot hardening](respond-machine-alerts.md#safeboot-hardening) response actions. These actions are part of the [predictive shielding](/defender-xdr/shield-predict-threats) feature, which anticipates and mitigates potential threats before they materialize.|
+|New predictive shielding response actions |Preview |Defender for Endpoint now includes the [GPO hardening](respond-machine-alerts.md#gpo-hardening) and [Safeboot hardening](respond-machine-alerts.md#safeboot-hardening) response actions. These actions are part of the [predictive shielding](/defender-xdr/shield-predict-threats) feature, which anticipates and mitigates potential threats before they materialize.|
 |[Custom data collection](custom-data-collection.md) |Preview |Custom data collection enables organizations to expand and customize telemetry collection beyond default configurations to support specialized threat hunting and security monitoring needs. |
 | Defender deployment tool<br/>- [for Windows devices](./defender-deployment-tool-windows.md)<br/>- [for Linux devices](./linux-install-with-defender-deployment-tool.md) | Preview | The new Defender deployment tool is a lightweight, self-updating application that streamlines onboarding devices to the Defender endpoint security solution. The tool takes care of prerequisites, automates migrations from older solutions, and removes the need for complex onboarding scripts, separate downloads, and manual installations. It currently supports Windows and Linux devices. |
 | [Defender endpoint security solution for Windows 7 SP1 and Windows Server 2008 R2 SP1](./onboard-downlevel.md#use-the-defender-deployment-tool-to-deploy-defender-endpoint-security) | Preview | A Defender for endpoint security solution is now available for legacy Windows 7 SP1 and Windows Server 2008 R2 SP1 devices. The solution provides advanced protection capabilities and improved functionality for these devices compared to other solutions. The new solution is available using the new [Defender deployment tool](./defender-deployment-tool-windows.md). |
 
@@ -2,9 +2,9 @@
 title: Compare Microsoft Defender Vulnerability Management plans and capabilities
 description: Compare Defender Vulnerability Management Offerings. Learn about the differences between the plans and select the plan that suits your organization's needs.
 search.appverid: MET150  
-author: denisebmsft
-ms.author: deniseb
-manager: deniseb 
+author: limwainstein
+ms.author: lwainstein
+manager: bagol 
 audience: ITPro
 ms.topic: overview
 ms.service: defender-vuln-mgmt
@@ -14,6 +14,11 @@ ms.collection:
 - m365-security
 - Tier1
 ms.date: 02/28/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Compare Microsoft Defender Vulnerability Management plans and capabilities
@@ -50,22 +55,22 @@ The following table summarizes the availability of Defender Vulnerability Manage
 
 |Capability| Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities| Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2 | Defender Vulnerability Management Standalone provides full Defender Vulnerability Management capabilities for any EDR solution |
 |:----|:----:|:----:|:----:|
-|[Device discovery](/defender-endpoint/device-discovery)|âœ”|-|âœ”|
-|[Device inventory](/defender-endpoint/machines-view-overview)|âœ”|-|âœ”|
-|[Vulnerability assessment](tvm-weaknesses.md)|âœ”|-|âœ”|
-|[Configuration assessment](tvm-microsoft-secure-score-devices.md)|âœ”|-|âœ”|
-|[Risk based prioritization](tvm-security-recommendation.md)|âœ”|-|âœ”|
-|[Remediation tracking](tvm-remediation.md)|âœ”|-|âœ”|
-|[Continuous monitoring](/defender-endpoint/configure-vulnerability-email-notifications)|âœ”|-|âœ”|
-|[Software inventory](tvm-software-inventory.md)|âœ”|-|âœ”|
-|[Software usages insights](tvm-usage-insights.md)|âœ”|-|âœ”|
-|[Security baselines assessment](tvm-security-baselines.md)|-|âœ”|âœ”|
-|[Block vulnerable applications](tvm-block-vuln-apps.md)|-|âœ”|âœ” **see note**|
-|[Browser extensions assessment](tvm-browser-extensions.md)|-|âœ”|âœ”|
-|[Digital certificate assessment](tvm-certificate-inventory.md)|-|âœ”|âœ”|
-|[Network share analysis](tvm-network-share-assessment.md)|-|âœ”|âœ”|
-|[Hardware and firmware assessment](tvm-hardware-and-firmware.md)|-|âœ”|âœ”|
-|[Authenticated scan for Windows](windows-authenticated-scan.md)|-|âœ”|âœ”|
+|[Device discovery](/defender-endpoint/device-discovery)|Supported|-|Supported|
+|[Device inventory](/defender-endpoint/machines-view-overview)|Supported|-|Supported|
+|[Vulnerability assessment](tvm-weaknesses.md)|Supported|-|Supported|
+|[Configuration assessment](tvm-microsoft-secure-score-devices.md)|Supported|-|Supported|
+|[Risk based prioritization](tvm-security-recommendation.md)|Supported|-|Supported|
+|[Remediation tracking](tvm-remediation.md)|Supported|-|Supported|
+|[Continuous monitoring](/defender-endpoint/configure-vulnerability-email-notifications)|Supported|-|Supported|
+|[Software inventory](tvm-software-inventory.md)|Supported|-|Supported|
+|[Software usages insights](tvm-usage-insights.md)|Supported|-|Supported|
+|[Security baselines assessment](tvm-security-baselines.md)|-|Supported|Supported|
+|[Block vulnerable applications](tvm-block-vuln-apps.md)|-|Supported|Supported **see note**|
+|[Browser extensions assessment](tvm-browser-extensions.md)|-|Supported|Supported|
+|[Digital certificate assessment](tvm-certificate-inventory.md)|-|Supported|Supported|
+|[Network share analysis](tvm-network-share-assessment.md)|-|Supported|Supported|
+|[Hardware and firmware assessment](tvm-hardware-and-firmware.md)|-|Supported|Supported|
+|[Authenticated scan for Windows](windows-authenticated-scan.md)|-|Supported|Supported|
 
 > [!NOTE]
 > If you're using the standalone version of Defender Vulnerability Management, to use the "block vulnerable applications" feature, Microsoft Defender Antivirus must be configured in active mode. For more information, see [Microsoft Defender Antivirus Windows](/defender-endpoint/microsoft-defender-antivirus-windows#comparing-active-mode-passive-mode-and-disabled-mode).
@@ -87,20 +92,20 @@ The following table lists the availability of Defender Vulnerability Management
 
 |Capability|Defender For Servers Plan 1|Defender For Servers Plan 2|
 |:----|:----:|:----:|
-|[Vulnerability assessment](tvm-weaknesses.md)|âœ”|âœ”|
-|[Configuration assessment](tvm-microsoft-secure-score-devices.md)|âœ”|âœ”|
-|[Risk based prioritization](tvm-security-recommendation.md)|âœ”|âœ”|
-|[Remediation tracking](tvm-remediation.md)|âœ”|âœ”|
-|[Continuous monitoring](/defender-endpoint/configure-vulnerability-email-notifications)|âœ”|âœ”|
-|[Software inventory](tvm-software-inventory.md)|âœ”|âœ”|
-|[Software usages insights](tvm-usage-insights.md)|âœ”|âœ”|
-|[Security baselines assessment](tvm-security-baselines.md)|-|âœ”|
-|[Block vulnerable applications](tvm-block-vuln-apps.md)|-|âœ”|
-|[Browser extensions assessment](tvm-browser-extensions.md)|-|âœ”|
-|[Digital certificate assessment](tvm-certificate-inventory.md)|-|âœ”|
-|[Network share analysis](tvm-network-share-assessment.md)|-|âœ”|
-|[Hardware and firmware assessment](tvm-hardware-and-firmware.md)|-|âœ”|
-|[Authenticated scan for Windows](windows-authenticated-scan.md)|-|âœ”**see note**|
+|[Vulnerability assessment](tvm-weaknesses.md)|Supported|Supported|
+|[Configuration assessment](tvm-microsoft-secure-score-devices.md)|Supported|Supported|
+|[Risk based prioritization](tvm-security-recommendation.md)|Supported|Supported|
+|[Remediation tracking](tvm-remediation.md)|Supported|Supported|
+|[Continuous monitoring](/defender-endpoint/configure-vulnerability-email-notifications)|Supported|Supported|
+|[Software inventory](tvm-software-inventory.md)|Supported|Supported|
+|[Software usages insights](tvm-usage-insights.md)|Supported|Supported|
+|[Security baselines assessment](tvm-security-baselines.md)|-|Supported|
+|[Block vulnerable applications](tvm-block-vuln-apps.md)|-|Supported|
+|[Browser extensions assessment](tvm-browser-extensions.md)|-|Supported|
+|[Digital certificate assessment](tvm-certificate-inventory.md)|-|Supported|
+|[Network share analysis](tvm-network-share-assessment.md)|-|Supported|
+|[Hardware and firmware assessment](tvm-hardware-and-firmware.md)|-|Supported|
+|[Authenticated scan for Windows](windows-authenticated-scan.md)|-|Supported**see note**|
 
 > [!NOTE]
 > The Windows authenticated scan feature will be deprecated by the end of November 2025 and won't be supported beyond that date. For more information about this change, see the [Windows authenticated scan deprecation FAQs](defender-vulnerability-management-faq.md#windows-authenticated-scan-deprecation-faqs).
 
@@ -4,17 +4,22 @@ description: Find answers to frequently asked questions (FAQs) about Microsoft D
 ms.service: defender-vuln-mgmt
 f1.keywords:
 - NOCSH
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
-manager: deniseb
+manager: bagol
 audience: ITPro
 ms.collection: 
 - m365-security
 - Tier1
 ms.topic: faq
 search.appverid: met150
 ms.date: 05/02/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Microsoft Defender Vulnerability Management frequently asked questions
 
@@ -4,17 +4,22 @@ description: Learn about the Microsoft Defender Vulnerability Management trial
 ms.service: defender-vuln-mgmt
 f1.keywords:
 - NOCSH
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
-manager: deniseb
+manager: bagol
 audience: ITPro
 ms.collection: 
 - m365-security
 - Tier1
 ms.topic: how-to
 search.appverid: met150
 ms.date: 02/28/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # About the Microsoft Defender Vulnerability Management trial
 
@@ -4,9 +4,9 @@ description: List the reported inaccuracies that were fixed
 search.appverid: MET150
 ms.service: defender-vuln-mgmt
 ms.pagetype: security
-ms.author: deniseb
-author: denisebmsft
-manager: deniseb
+ms.author: lwainstein
+author: limwainstein
+manager: bagol
 ms.reviewer: v-hbijlani; mobani
 audience: ITPro
 ms.collection: 
@@ -15,6 +15,11 @@ ms.collection:
 ms.localizationpriority: medium
 ms.topic: troubleshooting
 ms.date: 07/07/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Vulnerability support in Microsoft Defender Vulnerability Management
 
@@ -2,9 +2,9 @@
 title: Sign up for Microsoft Defender Vulnerability Management
 description: Get Microsoft Defender Vulnerability Management
 search.appverid: MET150
-author: denisebmsft
-ms.author: deniseb
-manager: deniseb
+author: limwainstein
+ms.author: lwainstein
+manager: bagol
 audience: Admin
 ms.topic: overview
 ms.service: defender-vuln-mgmt
@@ -15,6 +15,11 @@ ms.collection:
 - tier1
 - essentials-get-started
 ms.date: 03/06/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Sign up for Microsoft Defender Vulnerability Management
 
@@ -1,10 +1,10 @@
 ---
 title: Onboard to Microsoft Defender Vulnerability Management
 description: Learn how to onboard endpoints to Microsoft Defender Vulnerability Management service
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
-manager: deniseb
+manager: bagol
 audience: ITPro
 ms.collection:
 - m365-security
@@ -15,18 +15,17 @@ ms.topic: install-set-up-deploy
 ms.service: defender-vuln-mgmt
 search.appverid: met150
 ms.date: 08/01/2023
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Onboard to Microsoft Defender Vulnerability Management
 
 [!INCLUDE [mdvm-msem-note](../includes/mdvm-msem-note.md)]
 
-**Applies to:**
-
-- [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Servers Plan 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
-
 To onboard devices to Defender Vulnerability Management you follow the same steps as you would for onboarding devices to Microsoft Defender for Endpoint.
 
 Use this article for guidance on how to onboard devices to Defender Vulnerability Management.
 
@@ -1,9 +1,9 @@
 ---
 title: Understand retention logic in Microsoft Defender Vulnerability Management
 description: Get an overview of retention logic for inactive devices or uninstalled software in Microsoft Defender Vulnerability Management.
-author: denisebmsft
-ms.author: deniseb
-manager: deniseb
+author: limwainstein
+ms.author: lwainstein
+manager: bagol
 ms.reviewer: mobani
 ms.topic: concept-article
 ms.service: defender-vuln-mgmt
@@ -15,6 +15,11 @@ ms.collection:
 search.appverid: met150
 audience: ITPro
 ms.date: 05/08/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Understand retention logic in Microsoft Defender Vulnerability Management
 
@@ -69,8 +69,6 @@ To change the date range, select the **Date events occurred** filter above the t
 
 ![Event timeline selected custom date range.](/defender/media/defender-vulnerability-management/event-timeline-drilldown.png)
 
-In the Exposure management **Recommendations** page, hover over the **Score history** graph to view new security configuration assessments that affect your score.
-
 If there are no events that affect your devices or your score for devices, no events are displayed.
 
 # [Existing customers](#tab/existing-customers-secure-score)
 
@@ -2,10 +2,10 @@
 title: Trial user guide - Microsoft Defender Vulnerability Management 
 description: Learn how Microsoft Defender Vulnerability Management can help you protect all your users and data. 
 ms.service: defender-vuln-mgmt
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
-manager: deniseb
+manager: bagol
 audience: ITPro
 ms.collection: 
 - m365-security-compliance
@@ -15,6 +15,11 @@ ms.topic: overview
 ms.custom: trial-user guide
 search.appverid: met150
 ms.date: 02/28/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Trial user guide: Microsoft Defender Vulnerability Management
@@ -37,10 +42,6 @@ Microsoft Defender Vulnerability Management delivers asset visibility, continuou
 
 :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-asset.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management features and capabilities.":::
 
-Watch the following video to learn more about Defender Vulnerability Management:
-
-> [!VIDEO https://learn-video.azurefd.net/vod/player?id=4ee839c5-4ccb-4cc9-9945-ae8228e35121]
-
 ## Let's get started
 
 ### Step 1: Set up