MicrosoftDocs
diff --git a/‎defender-vulnerability-management/get-defender-vulnerability-management.md‎
Lines changed: 5 additions & 5 deletions b/‎defender-vulnerability-management/get-defender-vulnerability-management.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎defender-vulnerability-management/tvm-block-vuln-apps.md‎
Lines changed: 17 additions & 13 deletions b/‎defender-vulnerability-management/tvm-block-vuln-apps.md‎
Lines changed: 17 additions & 13 deletions
diff --git a/‎defender-vulnerability-management/tvm-browser-extensions.md‎
Lines changed: 3 additions & 0 deletions b/‎defender-vulnerability-management/tvm-browser-extensions.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎defender-vulnerability-management/tvm-software-inventory.md‎
Lines changed: 26 additions & 21 deletions b/‎defender-vulnerability-management/tvm-software-inventory.md‎
Lines changed: 26 additions & 21 deletions
@@ -14,7 +14,7 @@ ms.collection:
 - m365-security
 - tier1
 - essentials-get-started
-ms.date: 02/28/2025
+ms.date: 03/06/2025
 ---
 
 # Sign up for Microsoft Defender Vulnerability Management
@@ -38,13 +38,13 @@ You can [request one extension](https://productledgrowth.powerappsportals.com/Ad
 
 You must be a Global Administrator to start a trial. Or, you can allow users to start a trial on behalf of your organization by enabling this option:
 
-1. In the [Microsoft 365 admin center](https://admin.microsoft.com), go to **Settings** > **Org settings** > **Services** > **User owned apps and services**
+1. In the [Microsoft 365 admin center](https://admin.microsoft.com), go to **Settings** > **Org settings**. In the **Services** page, navigate to **User owned apps and services**.
 
-2. Check **Let users start trials on behalf of your organization**
+2. Check **Let users start trials on behalf of your organization**.
 
-3. Select **Save**
+3. Select **Save**.
 
-:::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-user-starttrial.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management user trial setting.":::
+:::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-trial-admin-center.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management user trial setting.":::
 
 > [!NOTE]
 > If you don't want users in your organization to be able to start trials, as a Global Administrator, you must disable this option once you've activated the trial.
 
@@ -11,9 +11,10 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 12/05/2024
+ms.date: 3/05/2024
+#customer intent: To learn how to block vulnerable applications with Microsoft Defender Vulnerability Management.
 ---
 
 # Block vulnerable applications with Microsoft Defender Vulnerability Management
@@ -24,6 +25,9 @@ ms.date: 12/05/2024
 - [Microsoft Defender XDR](/defender-xdr)
 - [Microsoft Defender for Servers Plan 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
 
+> [!NOTE]
+> To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.
+
 Remediating vulnerabilities takes time and can be dependent on the responsibilities and resources of the IT team. Security administrators can temporarily reduce the risk of a vulnerability by taking immediate action to block all currently known vulnerable versions of an application until the remediation request is completed. The block option gives your IT teams time to patch an application without worrying your security administrators about the vulnerabilities.
 
 While taking the remediation steps suggested by a security recommendation, security administrators can perform a mitigation action and block vulnerable versions of an application. File indicators of compromise (IOC)s are created for each of the executable files that belong to vulnerable versions of that application. Microsoft Defender Antivirus then enforces blocks on the devices that are in the specified scope.
@@ -54,23 +58,23 @@ For both actions, you can customize the message the users see. For example, you
 
 ## How to block vulnerable applications
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Vulnerability management** > **Recommendations** .
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com), then navigate to **Endpoints** > **Vulnerability management** > **Recommendations** .
 
 2. Select a security recommendation to see a flyout with more information.
 
 3. Select **Request remediation**.
 
-4. Select whether you want to apply the remediation and mitigation to all device groups or only a few.
+4. Fill out the form. In the **Remediation options** dropdown, select which of the options you want to request. The options are software update, software uninstall, and attention required.
 
-5. Select the remediation options on the **Remediation request** page. The remediation options are software update, software uninstall, and attention required.
+5. Under Task management tools, tick the box for **Open a ticket in Intune (for AAD joined devices)** if you want to create a ticket in Microsoft Intune for the remediation request.
 
-6. Pick a **Remediation due date** and select **Next**.
+6. Pick a **Remediation due date**.
 
-7. Under **Mitigation action**, select **Block** or **Warn**. Once you submit a mitigation action, it's immediately applied.
+7. Under **Priority**, select High, Medium, or Low.
 
-   :::image type="content" alt-text="Mitigation action" source="/defender/media/defender-vulnerability-management/mitigation-action.png" lightbox="/defender/media/defender-vulnerability-management/mitigation-action.png":::
+8. Under **Add notes**, you can add any additional information. Select **Next**.
 
-8. Review the selections you made and **Submit request**. On the final page, you can choose to go directly to the remediation page to view the progress of remediation activities and see the list of blocked applications.
+9. Review the selections you made and then select **Submit**. On the final page, you can choose to edit the selections and export all remediation request to a .CSV file.
 
 > [!NOTE]
 > Beginning December 3, 2024, expect to see a reduction in the number of file indicators that are created by new application block policies. To reduce your current indicator usage, unblock any blocked applications, and create new block policies. 
@@ -95,19 +99,19 @@ If you try to block an application and it doesn't work, you might have reached t
 
 After you've submitted a request to block vulnerable applications, you can view remediation activities by following these steps:
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Vulnerability management** > **Remediation** > **Activities**.
+1. Navigate to **Endpoints** > **Vulnerability management** > **Remediation**.
 
-2. Filter the results by this mitigation type: `Block and/or Warn to view all activities pertaining to block or warn actions`.
+2. In the **Activities** tab, you can choose to filter the results by mitigation type. The options are **Block**, **Warn**, **None**, and **Workaround**. 
 
-3. An activity log displays. Keep in mind that it's an activity log, not the current block status of the application. Select the relevant activity to see a flyout panel with details including the remediation description, mitigation description, and the device remediation status:
+3. Select the relevant activity to see a flyout pane with details including the remediation description, mitigation description, and the device remediation status:
 
    :::image type="content" alt-text="Remediation and mitigation details" source="/defender/media/defender-vulnerability-management/remediation-mitigation-details.png" lightbox="/defender/media/defender-vulnerability-management/remediation-mitigation-details.png":::
 
 ## View blocked applications
 
 To view a list of blocked applications, follow these steps:
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Remediation** > **Blocked applications** tab:
+1. Navigate to **Endpoints** > **Vulnerability management** > **Remediation**, then select the **Blocked applications** tab:
 
    :::image type="content" alt-text="Blocked application" source="/defender/media/defender-vulnerability-management/blocked-applications.png" lightbox="/defender/media/defender-vulnerability-management/blocked-applications.png":::
 
 
@@ -25,6 +25,9 @@ ms.date: 03/04/2025
 - [Microsoft Defender XDR](/defender-xdr)
 - [Microsoft Defender for Servers Plan 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
 
+> [!NOTE]
+> To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.
+
 This browser extension is a small software application that adds functionality to a web browser for use with Microsoft Defender Vulnerability Management. This extension provides your security team with visibility into installed browser extensions to help ensure the safe usage of extensions in your organization.
 
 The **Browser extensions** page displays a list of the browser extensions installed across different browsers in your organization. Browser extension details are collected across all the users that exist on a specific browser. For each installed extension, per browser, you can see the devices it's installed on, the users who installed it, and whether it's turned on or off on a device.
 
@@ -1,6 +1,6 @@
 ---
 title: Software inventory
-description: The software inventory page for Microsoft Defender for Endpoint's Vulnerability Management shows how many weaknesses and vulnerabilities were detected in software.
+description: The software inventory page for Microsoft Defender Vulnerability Management shows how many weaknesses and vulnerabilities were detected in software.
 ms.service: defender-vuln-mgmt
 ms.author: deniseb
 author: denisebmsft
@@ -10,9 +10,10 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 02/23/2025
+ms.date: 03/05/2025
+#customer intent: To learn about the software inventory page in Microsoft Defender for Endpoint's Vulnerability Management.
 ---
 
 # Software inventory
@@ -24,7 +25,7 @@ ms.date: 02/23/2025
 - [Microsoft Defender XDR](/defender-xdr)
 - [Microsoft Defender for Servers Plan 1 & 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan) 
 
-The software inventory in Defender Vulnerability Management is a list of known software in your organization. The default filter on the software inventory page displays all software with official [Common Platform Enumerations (CPE)](https://nvd.nist.gov/products/cpe). The view includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
+The software inventory in Microsoft Defender Vulnerability Management is a list of known software in your organization. The default filter on the software inventory page displays all software with official [Common Platform Enumerations (CPE)](https://nvd.nist.gov/products/cpe). The view includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
 
 You can remove the **CPE Available** filter to gain further visibility and increase your search scope across all installed software in your organization. When you clear this filter, all software, including software without a CPE, displays in the software inventory list.
 
@@ -39,28 +40,30 @@ Since it's real time, in a matter of minutes, you see vulnerability information
 
 ## Navigate to the Software inventory page
 
-Access the software inventory page by selecting **Software inventory** from the Vulnerability management navigation menu in the [Microsoft Defender portal](/defender-xdr/microsoft-365-security-center-mde).
+Access the software inventory page by signing in to the [Microsoft Defender portal](https://security.microsoft.com) and navigating to **Endpoints** > **Vulnerability management** > **Inventories**, which opens to the **Software** tab.
 
 > [!NOTE]
-> If you search for software using the Microsoft Defender for Endpoint global search, make sure to put an underscore instead of a space. For example, for the best search results you'd write `windows_10` or `windows_11` instead of `Windows 10` or `Windows 11`.
+> If you search for software using the the Microsoft Defender portal global search, make sure to put an underscore instead of a space. For example, for the best search results you'd write `windows_10` or `windows_11` instead of `Windows 10` or `Windows 11`.
 
 ## Software inventory overview
 
 The **Software inventory** page opens with a list of software installed in your network, including the vendor name, weaknesses found, threats associated with them, exposed devices, impact to exposure score, and tags.
 
 The data is updated every three to four hours. There's currently no way to force a sync.
 
-By default, the view is filtered by **Product Code (CPE): Available**. You can also filter the list view based on weaknesses found in the software, threats associated with them, and tags like whether the software has reached end-of-support.
+:::image type="content" alt-text="Example of the landing page for software inventory." source="/defender/media/defender-vulnerability-management/tvm-sw-inventory-main-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sw-inventory-main.png":::
 
-:::image type="content" alt-text="Example of the landing page for software inventory." source="/defender/media/defender-vulnerability-management/software-inventory-page.png" lightbox="/defender/media/defender-vulnerability-management/software-inventory-page.png":::
+You can filter the list view based on product code (CPE), OS platform, weaknesses found in the software, threats associated with them, and tags like whether the software has reached end-of-support.
 
-Select the software that you want to investigate. A flyout panel opens with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
+:::image type="content" alt-text="Screenshot of available filters in the software inventory page." source="/defender/media/defender-vulnerability-management/tvm-sw-inventory-filters-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sw-inventory-filters.png":::
+
+Select the software that you want to investigate. A flyout pane opens with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
 
 ### Software that isn't supported
 
-Software that isn't currently supported by vulnerability management might be present in the software inventory page. Because it isn't supported, only limited data are available. Filter by unsupported software with the "Not available" option in the "Weakness" section.
+Software that isn't currently supported by vulnerability management might be present in the software inventory page. Because it isn't supported, only limited data are available. Filter by unsupported software with the *Not available* option in the **Weakness** section.
 
-:::image type="content" alt-text="Unsupported software filter." source="/defender/media/defender-vulnerability-management/tvm-unsupported-software-filter.png" lightbox="/defender/media/defender-vulnerability-management/tvm-unsupported-software-filter.png":::
+:::image type="content" alt-text="Unsupported software filter" source="/defender/media/defender-vulnerability-management/tvm-sw-inventory-notavail.png":::
 
 Here's how to tell whether software isn't supported:
 
@@ -71,11 +74,11 @@ Here's how to tell whether software isn't supported:
 
 ## Software inventory on devices
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), in the navigation pane, select **Device inventory**. 
+1. Sign in to the Microsoft Defender portal. Navigate to **Assets** > **Devices** to open the **Device inventory** page.
 
 2. Select the name of a device to open its device page.
 
-3. Select the **Software inventory** tab to see a list of all the known software present on the device. 
+3. Select the **Inventories** tab. Under **Software**, you can see a list of all the known software present on the device.
 
 4. Select a specific software entry to open the flyout with more information.
 
@@ -85,29 +88,31 @@ Software might be visible at the device level, even if it's currently not suppor
 
 See evidence of where we detected a specific software on a device from the registry, disk, or both. You can find it on any device in the device software inventory.
 
-Select a software name to open the flyout, and look for the section called "Software Evidence."
+Select a software name to open the flyout, and look for the section called **Software Evidence**.
 
-:::image type="content" alt-text="Software evidence example of Windows 10 from the devices list, showing software evidence registry path." source="/defender/media/defender-vulnerability-management/tvm-software-evidence.png" lightbox="/defender/media/defender-vulnerability-management/tvm-software-evidence.png":::
+:::image type="content" alt-text="Software evidence example of Microsoft Edge showing evidence registry path as seen on a device page" source="/defender/media/defender-vulnerability-management/tvm-sw-inventory-evidence-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sw-inventory-evidence.png":::
 
 ## Software pages
 
 You can view software pages a few different ways:
 
-- Software inventory page > Select a software name > Select **Open software page** in the flyout
+- **Endpoints** > **Vulnerability management** > **Inventories** > Select a software name > Select **Open software page** in the flyout
 - [Security recommendations page](tvm-security-recommendation.md) > Select a recommendation > Select **Open software page** in the flyout
-- [Event timeline page](threat-and-vuln-mgt-event-timeline.md) > Select an event > Select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout
+- [Event timeline page](threat-and-vuln-mgt-event-timeline.md) > Select an event > Select the hyperlinked software name (like Visual Studio 2017) in the **Related component** section in the flyout
 
  A full page appears with all the details of a specific software and the following information:
 
-- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to exposure score.
-- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices.
+- Overview with vendor information, exploits available, and impact rating 
+- Data visualizations showing the number of and severity of discovered weaknesses, exposed devices, software's usage in the past 30 days, and the top events in the last seven days.
 - Tabs showing information such as:
   - Corresponding security recommendations for the weaknesses and vulnerabilities identified.
   - Named CVEs of discovered vulnerabilities.
   - Devices that have the software installed (along with device name, domain, OS, and more).
   - Software version list (including number of devices the version is installed on, the number of discovered vulnerabilities, and the names of the installed devices).
+  - Event timeline
+  - Browser extensions (if applicable)
 
-    :::image type="content" alt-text="Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more." source="/defender/media/defender-vulnerability-management/tvm-software-page-example.png" lightbox="/defender/media/defender-vulnerability-management/tvm-software-page-example.png":::
+    :::image type="content" alt-text="Software example page for Microsoft Edge with the software details, weaknesses, exposed devices, and more." source="/defender/media/defender-vulnerability-management/tvm-sw-inventory-softpage-small.png" lightbox="/defender/media/defender-vulnerability-management/tvm-sw-inventory-softpage.png":::
 
 ## Report inaccuracy
 
@@ -123,7 +128,7 @@ Report an inaccuracy when you see vulnerability information and assessment resul
 
 4. Fill in the requested details about the inaccuracy.
 
-   ![Report inaccuracy](/defender/media/defender-vulnerability-management/report-inaccuracy-software.png)
+   ![Report inaccuracy](/defender/media/defender-vulnerability-management/tvm-sw-inventory-report.png)
 
 5. Select **Submit**. Your feedback is immediately sent to the vulnerability management experts.