MDVM/MSEM integration updates - Batch 1: Core pages and related images

Author: limwainstein

defender-vulnerability-management/defender-vulnerability-management.md

@@ -27,10 +27,6 @@ Reducing cyber risk requires comprehensive risk-based vulnerability management t
 
 Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Using Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk.
 
-Watch the following video to learn more about Defender Vulnerability Management.
-
-> [!VIDEO https://learn-video.azurefd.net/vod/player?id=4ee839c5-4ccb-4cc9-9945-ae8228e35121]
-
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
 
@@ -74,7 +70,23 @@ Enable security administrators and IT administrators to collaborate and seamless
 - **Alternate mitigations** - Gain insights on other mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
 - **Real-time remediation status** - Real-time monitoring of the status and progress of remediation activities across the organization.
 
-## Navigation pane
+## Vulnerability management experience in Microsoft Defender portal
+
+# [Preview customers](#tab/preview-customers)
+
+[!INCLUDE [mdvm-msem-section](../includes/mdvm-msem-section.md)]
+
+|Area|Description|
+|---|---|
+| [**Exposure management > Vulnerability management > Overview**](tvm-dashboard-insights.md) |Get a high-level view of your organization's vulnerability information, including the endpoints exposure score, top recommendations, events, vulnerable software, remediation activities, and more. |
+|[**Exposure management > Recommendations**](tvm-security-recommendation.md)|See all Microsoft security recommendations in a single, streamlined experience. The **Vulnerabilities** section lists security recommendations and related threat information, where you can dive into recommendations related to specific vulnerabilities. |
+|[**Exposure management > Vulnerability management > Remediation**](tvm-remediation.md)|See remediation activities you've created and recommendation exceptions.|
+|[**Exposure management > Vulnerability management > Inventories**](tvm-software-inventory.md)|Discover and assess all your organization's assets in a single view.|
+|[**Exposure management > Vulnerability management > Vulnerabilities**](tvm-weaknesses.md)|See the list of common vulnerabilities and exposures (CVEs) in your organization.|
+|[**Exposure management > Vulnerability management > Overview > Top impactful events**](threat-and-vuln-mgt-event-timeline.md)|View events that may impact your organization's risk. You can also access the event timeline from the **Recommendations > Score history** section.|
+|[**Exposure management > Vulnerability management > Baseline assessments**](tvm-security-baselines.md)|Monitor security baseline compliance and identify changes in real-time.|
+
+# [Existing customers](#tab/existing-customers)
 
 |Area|Description|
 |---|---|
@@ -86,6 +98,8 @@ Enable security administrators and IT administrators to collaborate and seamless
 |[**Event timeline**](threat-and-vuln-mgt-event-timeline.md)|View events that may impact your organization's risk.|
 |[**Baselines assessment**](tvm-security-baselines.md)|Monitor security baseline compliance and identify changes in real-time.|
 
+---
+
 ## APIs
 
 Run vulnerability management related API calls to automate vulnerability management workflows. To get started, see [Supported Microsoft Defender for Endpoint APIs](/defender-endpoint/api/exposed-apis-list).

defender-vulnerability-management/device-restart-status.md

@@ -3,29 +3,29 @@ title: Device restart status
 description: Learn about the device restart status tag in Microsoft Defender Vulnerability Management
 ms.service: defender-vuln-mgmt
 ms.pagetype: security
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
-manager: deniseb
+manager: bagol
 audience: ITPro
 ms.collection:
   - m365-security
   - tier1
 ms.topic: concept-article
 search.appverid: met150
-ms.date: 03/04/2022
+ms.date: 11/25/2025
+appliesto:
+  - Microsoft Defender Vulnerability Management
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender XDR
+  - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Device restart status
 
 [!INCLUDE [mdvm-msem-note](../includes/mdvm-msem-note.md)]
 
-**Applies to:**
-
-- [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
-- [Microsoft Defender for Endpoint Plan 2](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Servers Plan 1 & 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
+Security recommendations can help reduce your overall vulnerability exposure and your exposure score. A robust update process is key when it comes to addressing these recommendations in your organization. If an update hasn't completed for some devices due to a pending restart, the effect of addressing the security recommendation isn't reflected in your exposure score.
 
 Security recommendations in Defender Vulnerability Management can help reduce your overall vulnerability exposure and your exposure score. A robust update process is key when it comes to addressing these recommendations in your organization. If an update hasn't completed for some devices due to a pending restart, the effect of addressing the security recommendation isn't reflected in your exposure score.
 
@@ -41,15 +41,15 @@ The **Pending restart** tag helps you identify devices in this state so you can
 
 The device restart status is visible in the following experiences in the Microsoft Defender portal.
 
-### Security recommendations page
+### Recommendations page
 
-On the security recommendations pages, filter by the **Pending restart** tag to only see security recommendations with devices pending a restart.
+On the **Recommendations** page, filter by the **Pending restart** tag to only see security recommendations with devices pending a restart.
 
 :::image type="content" alt-text="pending restart tag in the security recommendations page." source="/defender/media/defender-vulnerability-management/pending-restart.png" lightbox="/defender/media/defender-vulnerability-management/pending-restart.png":::
 
 ### Software page
 
-On the software page filter by, the **Pending restart** tag to see missing KBs with devices that are pending a restart:
+On the software page filter by the **Pending restart** tag to see missing KBs with devices that are pending a restart:
 
 :::image type="content" alt-text="pending restart tag in the software page." source="/defender/media/defender-vulnerability-management/pending-restart-KB.png" lightbox="/defender/media/defender-vulnerability-management/pending-restart-KB.png":::
 

defender-vulnerability-management/media/bios-vulnerability-details.png

@@ -2,8 +2,8 @@
 title: Event timeline 
 description: Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it.
 ms.service: defender-vuln-mgmt
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -12,21 +12,18 @@ ms.collection:
 - Tier1
 ms.topic: concept-article
 search.appverid: met150
-ms.date: 03/04/2022
+ms.date: 11/25/2025
+appliesto:    
+    - Microsoft Defender Vulnerability Management
+    - Microsoft Defender for Endpoint Plan 2
+    - Microsoft Defender XDR
+    - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Event timeline
 
 [!INCLUDE [mdvm-msem-note](../includes/mdvm-msem-note.md)]
 
-
-**Applies to:**
-
-- [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
-- [Microsoft Defender for Endpoint Plan 2](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Servers Plan 1 & 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
-
 Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization through new vulnerabilities or exploits. You can view events that may impact your organization's risk. For example, you can find new vulnerabilities that were introduced, vulnerabilities that became exploitable, exploit that was added to an exploit kit, and more.
 
 Event timeline also tells the story of your [exposure score](tvm-exposure-score.md) and [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) so you can determine the cause of large changes. Events can impact your devices or your score for devices. Reduce you exposure by addressing what needs to be remediated based on the prioritized [security recommendations](tvm-security-recommendation.md).
@@ -36,22 +33,55 @@ Event timeline also tells the story of your [exposure score](tvm-exposure-score.
 
 ## Navigate to the Event timeline page
 
-There are three entry points from the [Microsoft Defender Vulnerability Management dashboard](tvm-dashboard-insights.md):
+# [Preview customers](#tab/preview-customers)
+
+[!INCLUDE [mdvm-msem-section](../includes/mdvm-msem-section.md)]
+
+There are two entry points to the event timeline: 
+
+- **Exposure management** > **Vulnerability management** > **Overview** page: In the **Top impactful events** card, select **View all events** at the bottom of the table.
+    - The card displays the three most impactful events in the last 7 days. Impactful events indicate whether the event affects a large number of devices, or if it's a critical vulnerability.
+- **Exposure management** > **Recommendations** page: In the **Score history** card, select **View all events** at the bottom of the graph.
+
+# [Existing customers](#tab/existing-customers)
+
+There are three entry points from the **Endpoints** > **Vulnerability management** > **Dashboard** page to the event timeline:
 
 - **Organization exposure score card**: Hover over the event dots in the "Exposure Score over time" graph and select "See all events from this day." The events represent software vulnerabilities.
 - **Microsoft Secure Score for Devices**: Hover over the event dots in the "Your score for devices over time" graph and select "See all events from this day." The events represent new configuration assessments.
 - **Top events card**: Select "Show more" at the bottom of the top events table. The card displays the three most impactful events in the last 7 days. Impactful events can include if the event affects a large number of devices, or if it is a critical vulnerability.
 
+---
+
 ### Exposure score and Microsoft Secure Score for Devices graphs
 
-In the Defender Vulnerability Management dashboard, hover over the Exposure score graph to view top software vulnerability events from that day that impacted your devices. Hover over the Microsoft Secure Score for Devices graph to view new security configuration assessments that affect your score.
+# [Preview customers](#tab/preview-customers-secure-score)
+
+[!INCLUDE [mdvm-msem-section](../includes/mdvm-msem-section.md)]
 
-If there are no events that affect your devices or your score for devices, then none will be shown.
+In the Exposure management **Overview** page, hover over the **Score history** card under **Vulnerability management** to view top software vulnerability events from that day that impacted your devices.
 
-![Exposure score hover.](/defender/media/defender-vulnerability-management/tvm-event-timeline-device-hover360.png) 
-![Microsoft Secure Score for Devices hover.](/defender/media/defender-vulnerability-management/tvm-event-timeline-device-hover360.png)
+Selecting **Show all events from this day** takes you to the Event timeline page with a custom date range for that day.
 
-### Drill down to events from that day
+:::image type="content" source="/defender/media/defender-vulnerability-management/score-history-timeline.png" alt-text="Score history card.":::
+
+To change the date range, select the **Date events occurred** filter above the table, and in the **Filter** flyout pane, select a different date under **Date event occurred**.
+
+![Event timeline selected custom date range.](/defender/media/defender-vulnerability-management/event-timeline-drilldown.png)
+
+In the Exposure management **Recommendations** page, hover over the **Score history** graph to view new security configuration assessments that affect your score.
+
+If there are no events that affect your devices or your score for devices, no events are displayed.
+
+# [Existing customers](#tab/existing-customers-secure-score)
+
+In the Defender Vulnerability Management dashboard, hover over the **Exposure score** graph to view top software vulnerability events from that day that impacted your devices. 
+
+Hover over the **Microsoft Secure Score for Devices** graph to view new security configuration assessments that affect your score.
+
+If there are no events that affect your devices or your score for devices, no events are displayed.
+
+![Exposure score hover.](/defender/media/defender-vulnerability-management/tvm-event-timeline-device-hover360.png)
 
 Selecting **Show all events from this day** takes you to the Event timeline page with a custom date range for that day.
 
@@ -61,9 +91,11 @@ Select **Custom range** to change the date range to another custom one, or a pre
 
 ![Event timeline date range options.](/defender/media/defender-vulnerability-management/tvm-event-timeline-dates.png)
 
+---
+
 ## Event timeline overview
 
-On the Event timeline page, you can view the all the necessary info related to an event.
+On the **Event timeline** page, you can view the all the necessary info related to an event.
 
 Features: