Merge pull request #3002 from MicrosoftDocs/diannegali-tvmreco

updated security recommendations

Author: diannegali

defender-vulnerability-management/tvm-security-recommendation.md

@@ -10,9 +10,10 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 02/19/2025
+ms.date: 03/04/2025
+#customer intent: Get information on how to view and act on security recommendations in Microsoft Defender Vulnerability Management.
 ---
 
 # Security recommendations
@@ -32,7 +33,7 @@ Cybersecurity weaknesses identified in your organization are mapped to actionabl
 Each security recommendation includes actionable remediation steps. To help with task management, the recommendation can also be sent using Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
 
 > [!TIP]
-> To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](/defender-endpoint/configure-vulnerability-email-notifications)
+> To get email notifications about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](/defender-endpoint/configure-vulnerability-email-notifications).
 
 ## How it works
 
@@ -51,15 +52,15 @@ Access the Security recommendations page a few different ways:
 
 ### Navigation menu
 
-In the [Microsoft Defender portal](https://security.microsoft.com), go to the **Vulnerability management** navigation menu and select **Recommendations**. 
+In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Vulnerability management** navigation menu and select **Recommendations**.
 
 The page contains a list of security recommendations for the threats and vulnerabilities found in your organization.
 
 ### Top security recommendations in the vulnerability management dashboard
 
-As a Security Administrator, you can take a look at the [vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side by side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
+As a Security Administrator, you can take a look at the [vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side by side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
 
-:::image type="content" alt-text="Screenshot of the vulnerability management dashboard with security recommendations highlighted." source="/defender/media/defender-vulnerability-management/top-security-recommendations.png" lightbox="/defender/media/defender-vulnerability-management/top-security-recommendations.png":::
+:::image type="content" alt-text="Screenshot of the vulnerability management dashboard with security recommendations highlighted." source="/defender/media/defender-vulnerability-management/tvm-sec-recommendations-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sec-recommendations.png":::
 
 The top security recommendations list the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation takes you to the security recommendations page with more details.
 
@@ -72,7 +73,7 @@ The color of the **Exposed devices** graph changes as the trend changes. If the
 > [!NOTE]
 > Vulnerability management shows devices that were in use within the last 30 days. This is different from device status in Defender for Endpoint, where if a device has `Inactive` status if it doesn't communicate with the service for more than seven days.
 
-:::image type="content" alt-text="Screenshot of the security recommendations landing page." source="/defender/media/defender-vulnerability-management/tvm-security-recommendations.png" lightbox="/defender/media/defender-vulnerability-management/tvm-security-recommendations.png":::
+:::image type="content" alt-text="Screenshot of the security recommendations landing page." source="/defender/media/defender-vulnerability-management/tvm-sec-reco-expanded-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sec-reco-expanded.png":::
 
 ### Icons
 
@@ -92,9 +93,9 @@ The impact column shows the potential impact on your exposure score and Secure S
 
 ### Explore security recommendation options
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), select the security recommendation that you want to investigate or process.
+1. Select the security recommendation that you want to investigate or process from the list.
 
-   :::image type="content" alt-text="Example of a security recommendation flyout page." source="/defender/media/defender-vulnerability-management/secrec-flyouteolsw.png" lightbox="/defender/media/defender-vulnerability-management/secrec-flyouteolsw.png":::
+   :::image type="content" alt-text="Example of a security recommendation flyout page." source="/defender/media/defender-vulnerability-management/tvm-sec-reco-flyout-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sec-reco-flyout.png":::
 
 2. In the flyout, you can choose any of the following options:
 
@@ -111,21 +112,21 @@ The impact column shows the potential impact on your exposure score and Secure S
 
 If there's a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Secure Score for Devices, then that security recommendation is worth investigating.
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), select a recommendation, and then select **Open software page**
+1. Select a recommendation, and then select **Open software page**.
 
-2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)
+2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md).
 
-3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request
+3. Decide how to address the increase or your organization's exposure, like submitting a remediation request.
 
 ### Recommendations on devices
 
 To see the list of security recommendations that apply to a device, follow these steps:
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), in the **Device inventory** page, select a device. 
+1. Navigate to the **Device inventory** through **Assets** > **Devices** navigation menu, then select a device.
 
 2. Select the **Security recommendations** tab to see a list of security recommendations for the device.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/security-recommendation-devicepage.png" alt-text="Screenshot of the certificate inventory page" lightbox="/defender/media/defender-vulnerability-management/security-recommendation-devicepage.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-device-secreco-small.png" alt-text="Screenshot of the certificate inventory page" lightbox="/defender/media/defender-vulnerability-management/tvm-device-secreco.png":::
 
 > [!NOTE]
 > If you have the [Microsoft Defender for IoT](/azure/defender-for-iot/organizations/concept-enterprise/) integration enabled in Defender for Endpoint, recommendations for Enterprise IoT devices that appear on IoT devices tab appears on the security recommendations page. For more information, see [Enable Enterprise IoT security with Defender for Endpoint](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint/).
@@ -136,7 +137,7 @@ The vulnerability management remediation capability bridges the gap between Secu
 
 ### How to request remediation
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), select a security recommendation you would like to request remediation for, and then select **Remediation options**. 
+1. Select a security recommendation you would like to request remediation for and then select **Remediation options**. 
 
 2. Fill out the form and select **Submit request**. 
 
@@ -154,13 +155,13 @@ When an exception is created for a recommendation, the recommendation is no long
 
 ### How to create an exception
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), select the security recommendation you want to create an exception for, and then select **Exception options**.
+1. Select the security recommendation you want to create an exception for, and then select **Exception options**.
 
-   ![Showing where the button for "exception options" is located in a security recommendation flyout.](/defender/media/defender-vulnerability-management/tvm-exception-options.png)
+   :::image type="content" alt-text="Showing where the exception options is located in a security recommendation flyout." source="/defender/media/defender-vulnerability-management/tvm-reco-exception-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-reco-exception.png":::
 
 2. Fill out the form and submit. 
 
-3. To view your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu, and select the **Exceptions** tab. 
+3. To view your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Endpoints** > **Vulnerability management** navigation menu and select **Remediation**, and then select the **Exceptions** tab. 
 
 For more information, see [Learn more about how to create an exception](tvm-exception.md#create-an-exception).