Update tvm-security-recommendation.md

denisebmsft · denisebmsft · commit 9ced7ef47731 · 2025-02-23T09:46:22.000-08:00
diff --git a/defender-vulnerability-management/tvm-security-recommendation.md b/defender-vulnerability-management/tvm-security-recommendation.md
@@ -46,12 +46,14 @@ Each device in the organization is scored based on three important factors to he
 
 Access the Security recommendations page a few different ways:
 
-- Vulnerability management navigation menu in the Microsoft Defender portal
+- Vulnerability management navigation menu in the [Microsoft Defender portal](https://security.microsoft.com)
 - Top security recommendations in the [vulnerability management dashboard](tvm-dashboard-insights.md)
 
 ### Navigation menu
 
-Go to the **Vulnerability management** navigation menu and select **Recommendations**. The page contains a list of security recommendations for the threats and vulnerabilities found in your organization.
+In the [Microsoft Defender portal](https://security.microsoft.com), go to the **Vulnerability management** navigation menu and select **Recommendations**. 
+
+The page contains a list of security recommendations for the threats and vulnerabilities found in your organization.
 
 ### Top security recommendations in the vulnerability management dashboard
 
@@ -65,7 +67,7 @@ The top security recommendations list the improvement opportunities prioritized
 
 Security recommendations enable you to view your organization's security recommendations, the number of weaknesses found, related components, threat insights, number of exposed devices, device status, remediation type, remediation activities, and associated tags. You can also see how your exposure score and Secure Score for devices would change when recommendations are implemented.
 
-The color of the **Exposed devices** graph changes as the trend changes. If the number of exposed devices is on the rise, the color changes to red. If there's a decrease in the number of exposed devices, the color of the graph will change to green.
+The color of the **Exposed devices** graph changes as the trend changes. If the number of exposed devices is on the rise, the color changes to red. If there's a decrease in the number of exposed devices, the color of the graph changes to green.
 
 > [!NOTE]
 > Vulnerability management shows devices that were in use within the last 30 days. This is different from device status in Defender for Endpoint, where if a device has `Inactive` status if it doesn't communicate with the service for more than seven days.
@@ -82,85 +84,95 @@ Useful icons also quickly call your attention to:
 
 ### Impact
 
-The impact column shows the potential impact on your exposure score and Secure Score for Devices once a recommendation is implemented. You should prioritize items that will lower your exposure score and raise your Secure Score for Devices.
+The impact column shows the potential impact on your exposure score and Secure Score for Devices once a recommendation is implemented. You should prioritize items that lower your exposure score and raise your Secure Score for Devices.
 
-- The potential reduction in your exposure score is displayed as: :::image type="icon" source="/defender/media/defender-vulnerability-management/reduce-exposure-score.png" border="false":::. A lower exposure score means devices are less vulnerable to exploitation. Since the exposure score is based on a combination of factors, including new remediations or newly discovered vulnerabilities, the actual score reduction may be lower.
+- The potential reduction in your exposure score is displayed as: :::image type="icon" source="/defender/media/defender-vulnerability-management/reduce-exposure-score.png" border="false":::. A lower exposure score means devices are less vulnerable to exploitation. Since the exposure score is based on a combination of factors, including new remediations or newly discovered vulnerabilities, the actual score reduction might be lower.
 
 - The projected increase to your Secure Score for Devices is displayed as: :::image type="icon" source="/defender/media/defender-vulnerability-management/increase-secure-score.png" border="false":::. A higher Secure Score for Devices means your endpoints are more resilient against cybersecurity attacks.
 
 ### Explore security recommendation options
 
-Select the security recommendation that you want to investigate or process.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), select the security recommendation that you want to investigate or process.
 
-:::image type="content" alt-text="Example of a security recommendation flyout page." source="/defender/media/defender-vulnerability-management/secrec-flyouteolsw.png" lightbox="/defender/media/defender-vulnerability-management/secrec-flyouteolsw.png":::
+   :::image type="content" alt-text="Example of a security recommendation flyout page." source="/defender/media/defender-vulnerability-management/secrec-flyouteolsw.png" lightbox="/defender/media/defender-vulnerability-management/secrec-flyouteolsw.png":::
 
-From the flyout, you can choose any of the following options:
+2. In the flyout, you can choose any of the following options:
 
-- **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
+   - **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
 
-- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT administrator to pick up and address. Track the remediation activity in the Remediation page.
+   - [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT administrator to pick up and address. Track the remediation activity in the Remediation page.
 
-- [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet.
+   - [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet.
 
 > [!NOTE]
 > When a software change is made on a device, it typically takes 2 hours for the data to be reflected in the security portal. However, it may sometimes take longer. Configuration changes can take anywhere from 4 to 24 hours.
 
 ### Investigate changes in device exposure or impact
 
-If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Secure Score for Devices, then that security recommendation is worth investigating.
+If there's a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Secure Score for Devices, then that security recommendation is worth investigating.
 
-1. Select the recommendation and **Open software page**
+1. In the [Microsoft Defender portal](https://security.microsoft.com), select a recommendation, and then select **Open software page**
 
 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)
 
 3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request
 
 ### Recommendations on devices
 
-To see the list of security recommendations that apply to a device you can:
+To see the list of security recommendations that apply to a device, follow these steps:
 
-1. Select the device from the **Exposed devices** tab in the recommendation flyout panel or select the device directly from the **Device inventory** page.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), in the **Device inventory** page, select a device. 
 
-2. Select the **Security recommendations** tab to see a list of security recommendations for this device.
+2. Select the **Security recommendations** tab to see a list of security recommendations for the device.
 
    :::image type="content" source="/defender/media/defender-vulnerability-management/security-recommendation-devicepage.png" alt-text="Screenshot of the certificate inventory page" lightbox="/defender/media/defender-vulnerability-management/security-recommendation-devicepage.png":::
 
 > [!NOTE]
-> If you have the [Microsoft Defender for IoT](/azure/defender-for-iot/organizations/concept-enterprise/) integration enabled in Defender for Endpoint, recommendations for Enterprise IoT devices that appear on IoT devices tab will appear on the security recommendations page. For more information, see [Enable Enterprise IoT security with Defender for Endpoint](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint/).
+> If you have the [Microsoft Defender for IoT](/azure/defender-for-iot/organizations/concept-enterprise/) integration enabled in Defender for Endpoint, recommendations for Enterprise IoT devices that appear on IoT devices tab appears on the security recommendations page. For more information, see [Enable Enterprise IoT security with Defender for Endpoint](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint/).
 
 ## Request remediation
 
 The vulnerability management remediation capability bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** page to Intune. [Learn more about remediation options](tvm-remediation.md)
 
 ### How to request remediation
 
-Select a security recommendation you would like to request remediation for, and then select **Remediation options**. Fill out the form and select **Submit request**. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. [Learn more about how to request remediation](tvm-remediation.md#request-remediation)
+1. In the [Microsoft Defender portal](https://security.microsoft.com), select a security recommendation you would like to request remediation for, and then select **Remediation options**. 
+
+2. Fill out the form and select **Submit request**. 
+
+3. To view the status of your remediation request, go to the [**Remediation**](tvm-remediation.md) page. 
+
+For more information, see [Learn more about how to request remediation](tvm-remediation.md#request-remediation),
 
 ## File for exception
 
-As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. [Learn more about exceptions](tvm-exception.md)
+As an alternative to a remediation request when a recommendation isn't relevant at the moment, you can create exceptions for recommendations. [Learn more about exceptions](tvm-exception.md)
 
-Only users with "exceptions handling" permissions can add exception. [Learn more about RBAC roles](/defender-endpoint/user-roles).
+Only users with appropriate permissions can add exceptions (see [Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac)).
 
 When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group).
 
 ### How to create an exception
 
-Select a security recommendation you would like to create an exception for, and then select **Exception options**.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), select the security recommendation you want to create an exception for, and then select **Exception options**.
+
+   ![Showing where the button for "exception options" is located in a security recommendation flyout.](/defender/media/defender-vulnerability-management/tvm-exception-options.png)
+
+2. Fill out the form and submit. 
 
-![Showing where the button for "exception options" is located in a security recommendation flyout.](/defender/media/defender-vulnerability-management/tvm-exception-options.png)
+3. To view your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu, and select the **Exceptions** tab. 
 
-Fill out the form and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. [Learn more about how to create an exception](tvm-exception.md#create-an-exception)
+For more information, see [Learn more about how to create an exception](tvm-exception.md#create-an-exception).
 
 ## Report inaccuracy
 
 You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information.
 
-1. Open the Security recommendation.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), open a security recommendation.
 
 2. Select the three dots beside the security recommendation that you want to report,  then select **Report inaccuracy**.
 
-3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
+3. In the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
 
 4. Select **Submit**. Your feedback is immediately sent to the vulnerability management experts.
 
