Merge pull request #5792 from limwainstein/msem-mdvm-updates-2

MDVM/MSEM integration updates - Batch 2: Additional pages and related…

Author: limwainstein

defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md

@@ -69,8 +69,6 @@ To change the date range, select the **Date events occurred** filter above the t
 
 ![Event timeline selected custom date range.](/defender/media/defender-vulnerability-management/event-timeline-drilldown.png)
 
-In the Exposure management **Recommendations** page, hover over the **Score history** graph to view new security configuration assessments that affect your score.
-
 If there are no events that affect your devices or your score for devices, no events are displayed.
 
 # [Existing customers](#tab/existing-customers-secure-score)

defender-vulnerability-management/tvm-microsoft-secure-score-devices.md

@@ -2,8 +2,8 @@
 title: Microsoft Secure Score for Devices
 description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls.
 ms.service: defender-vuln-mgmt
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -12,44 +12,48 @@ ms.collection:
   - Tier1
 ms.topic: article
 search.appverid: met150
-ms.date: 03/06/2025
+ms.date: 11/24/2025
+appliesto:
+    - Microsoft Defender Vulnerability Management
+    - Microsoft Defender for Endpoint Plan 2
+    - Microsoft Defender XDR
+    - Microsoft Defender for Servers Plan 1 & 2
 ---
 
 # Microsoft Secure Score for Devices
 
 [!INCLUDE [mdvm-msem-note](../includes/mdvm-msem-note.md)]
 
-**Applies to:**
+> [!NOTE]
+> The configuration score is now part of the devices secure score.
 
-- [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
-- [Microsoft Defender for Endpoint Plan 2](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Servers Plan 1 & 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
+Your devices secure score indicates how well your endpoints are protected against cybersecurity threats.
 
-> [!NOTE]
-> Configuration score is now part of vulnerability management as Microsoft Secure Score for Devices.
+This article explains what the Microsoft Secure Score for devices is, how it works, and how you can improve your security configuration to reduce your vulnerability exposure.
+
+## What is Microsoft Secure Score for devices?
 
-Your score for devices is visible in the [Defender Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender portal. A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories:
+The secure score reflects the collective security configuration state of your devices across the following categories:
 
 - Application
 - Operating system
 - Network
 - Accounts
 - Security controls
 
-Select a category to go to the [**Security recommendations**](tvm-security-recommendation.md) page and view the relevant recommendations.
+The secure score is visible in different Microsoft Defender portal locations depending on your Microsoft Defender Vulnerability Management experience:
 
-> [!TIP]
-> Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
+- If you're a **Microsoft Defender XDR + Microsoft Defender for Identity** preview customer, the secure score is visible under **Exposure management** > **Recommendations**.
+- For existing customers, the secure score is visible under the **Microsoft Defender Vulnerability Management** dashboard. Select a category to go to the [**Security recommendations**](tvm-security-recommendation.md) page and view the relevant recommendations.
 
-Unmanaged devices (devices not enrolled in management solutions like Intune or Azure AD) do count towards your Secure Score but are typically marked as non-compliant for several security checks. These devices may lower your score, especially if they fail critical security assessments such as anti-malware status, patch management, and encryption requirements. It's recommended to bring these devices under management to improve both security posture and Secure Score.
+Unmanaged devices (devices not enrolled in management solutions like Intune or Azure AD) do count towards your Secure Score but are typically marked as non-compliant for several security checks. These devices may lower your score, especially if they fail critical security assessments such as anti-malware status, patch management, and encryption requirements. It's recommended to bring these devices under management to improve both security posture and secure score.
 
 ## How it works
 
 > [!NOTE]
-> Microsoft Secure Score for Devices currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
+> Microsoft Secure Score for devices currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
 
-The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing vulnerability discovery process. It is aggregated with configuration discovery assessments that continuously:
+The data in the Microsoft Secure Score for devices is the product of meticulous and ongoing vulnerability discovery process. It is aggregated with configuration discovery assessments that continuously:
 
 - Compare collected configurations to the collected benchmarks to discover misconfigured assets
 - Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
@@ -58,39 +62,72 @@ The data in the Microsoft Secure Score for Devices card is the product of meticu
 
 ## Improve your security configuration
 
-Improve your security configuration by remediating issues from the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities.
+# [Preview customers](#tab/preview-customers)
 
-1. From the Microsoft Secure Score for Devices card in the Defender Vulnerability Management dashboard, select one of the categories. You'll view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
+[!INCLUDE [mdvm-msem-section](../includes/mdvm-msem-section.md)]
 
-2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Request remediation**.
+Improve your security configuration by remediating issues from the security recommendations list. As you do so, your Microsoft Secure Score for devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities.
+
+1. Navigate to the **Exposure management > Recommendations** page.
+1. Review the categories in the **Score breakdown** section.
+1. Do one of the following:
+    - View all security recommendations in the recommendation list.
+    - To view recommendations by category, in the recommendations table, add the **Category** filter and select the category you want to address.
+1. Select a recommendation. A flyout panel opens with details related to the recommendation. Select **Request remediation**.
 
    :::image type="content" alt-text="Security controls related security recommendations." source="/defender/media/defender-vulnerability-management/security-controls.png":::
 
-3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
+1. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
 
-4. Select **Submit**. You'll see a confirmation message that the remediation task has been created.
+1. Select **Submit**. You'll see a confirmation message that the remediation task has been created.
 
    :::image type="content" alt-text="Remediation task creation confirmation." source="/defender/media/defender-vulnerability-management/remediation-task-created.png":::
 
-5. Send a follow-up email to your IT Administrator and allow the time that you've allotted for the remediation to propagate in the system.
+1. Send a follow-up email to your IT Administrator and allow the time that you've allotted for the remediation to propagate in the system.
+
+1. Review the **Recommendations** page. You can expect the following outcome:
+    - In the **Score breakdown** area, the number of recommendations for the category you addressed decreases, compared to the percentage before remediation.
+    - The addressed recommendation is no longer listed in the recommendations table. 
+    - Your **Devices Secure Score** increases compared to the percentage before remediation.
+
+# [Existing customers](#tab/existing-customers)
+
+Improve your security configuration by remediating issues from the security recommendations list. As you do so, your Microsoft Secure Score for devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities.
+
+1. In the **Endpoints** > **Vulnerability management** > **Dashboard**, locate the **Microsoft Secure Score for Devices** card.
+1. Select one of the categories. The list of recommendations related to that category is visible in the [**Recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, in the **Recommendations** page, clear the search field.
+1. Select an item on the list. A flyout panel opens with details related to the recommendation. Select **Request remediation**.
+
+   :::image type="content" alt-text="Security controls related security recommendations." source="/defender/media/defender-vulnerability-management/security-controls.png":::
+
+1. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
+
+1. Select **Submit**. You'll see a confirmation message that the remediation task has been created.
+
+   :::image type="content" alt-text="Remediation task creation confirmation." source="/defender/media/defender-vulnerability-management/remediation-task-created.png":::
+
+1. Send a follow-up email to your IT Administrator and allow the time that you've allotted for the remediation to propagate in the system.
+
+1. Review the **Microsoft Secure Score for Devices** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you've addressed won't be listed there anymore. Your Microsoft Secure Score for Devices should increase.
+
+---
+
+## Download mandatory security updates
+
+To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
+
+- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
+- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
+- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
+- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
 
-6. Review the **Microsoft Secure Score for Devices** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you've addressed won't be listed there anymore. Your Microsoft Secure Score for Devices should increase.
+To download the security updates:
 
-> [!IMPORTANT]
-> To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
->
-> - 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
-> - RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
-> - RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
-> - RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
->
-> To download the security updates:
->
-> 1. Go to [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/home.aspx).
-> 2. Key-in the security update KB number that you need to download, then click **Search**.
+1. Go to [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/home.aspx).
+2. Key-in the security update KB number that you need to download, then click **Search**.
 
 ## Related topics
 
 - [Dashboard](tvm-dashboard-insights.md)
 - [Exposure score](tvm-exposure-score.md)
-- [Security recommendations](tvm-security-recommendation.md)
+- [Security recommendations](tvm-security-recommendation.md)

defender-vulnerability-management/tvm-network-share-assessment.md

@@ -2,8 +2,8 @@
 title: Network share configuration assessment
 description: Learn review recommendations related to network shares in your environment through vulnerability management.
 ms.service: defender-vuln-mgmt
-ms.author: deniseb
-author: denisebmsft
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -12,19 +12,17 @@ ms.collection:
   - Tier2
 ms.topic: how-to
 search.appverid: met150
-ms.date: 03/01/2023
+ms.date: 11/24/2025
+appliesto:
+    - Microsoft Defender Vulnerability Management
+    - Microsoft Defender XDR
+    - Microsoft Defender for Servers Plan 2
 ---
 
 # Network share configuration assessment
 
 [!INCLUDE [mdvm-msem-note](../includes/mdvm-msem-note.md)]
 
-**Applies to:**
-
-- [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Servers Plan 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
-
 > [!NOTE]
 > To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.
 
@@ -44,32 +42,34 @@ When vulnerable network share configurations are identified, they're mapped to a
 
 To see security recommendations addressing network share configurations:
 
-1. Go to **Vulnerability management** > **Recommendations**.
-2. Select **Filters** and choose **Related component** > **OS > Shares**.
+1. In the Microsoft Defender portal, do one of the following:
+    - If you're a **Microsoft Defender XDR + Microsoft Defender for Identity** preview customer, select **Exposure management** > **Recommendations**.
+    - If you're an existing customer, select **Endpoints** > **Vulnerability management** > **Recommendations**.
+1. Select **Filters** and choose **Related component** > **OS > Shares**.
 
-:::image type="content" alt-text="Options for filtering on network shares" source="/defender/media/defender-vulnerability-management/network-share-filter.png" lightbox="/defender/media/defender-vulnerability-management/network-share-filter.png":::
+    :::image type="content" alt-text="Options for filtering on network shares" source="/defender/media/defender-vulnerability-management/network-share-filter.png":::
 
-3. Select **Apply**.
+1. Select **Apply**.
 
-If there are network shares with vulnerabilities to address, they'll appear in the list of recommendations
+If there are network shares with vulnerabilities to address, they'll appear in the list of recommendations.
 
 :::image type="content" alt-text="Network shares configuration recommendations" source="/defender/media/defender-vulnerability-management/network-share-recommendations.png" lightbox="/defender/media/defender-vulnerability-management/network-share-recommendations.png":::
 
-Select a recommendation to see a flyout with information on the vulnerable network share configuration:
+Select a recommendation to see a flyout pane with information on the vulnerable network share configuration:
 
-:::image type="content" alt-text="Network shares configuration recommendation details" source="/defender/media/defender-vulnerability-management/network-share-recommendations-details.png" lightbox="/defender/media/defender-vulnerability-management/network-share-recommendations-details.png":::
+:::image type="content" alt-text="Network shares configuration recommendation details" source="/defender/media/defender-vulnerability-management/network-share-recommendations-details.png":::
 
 Explore the **Exposed devices** and **Exposed shares** tabs for details of the exposed entities in your organization.
 
 ## Request remediation for the network share configuration
 
 You can view and submit a remediation request from the remediation options tab:
 
-:::image type="content" alt-text="Network shares configuration remediation options" source="/defender/media/defender-vulnerability-management/network-share-remediation.png" lightbox="/defender/media/defender-vulnerability-management/network-share-remediation.png":::
+:::image type="content" alt-text="Network shares configuration remediation options" source="/defender/media/defender-vulnerability-management/network-share-remediation.png":::
 
 ## View configuration remediation activities
 
-Go to **Vulnerability management** > **Remediation** and filter by the remediation type, "configuration change" to see the activity item related to this change.
+In the **Remediation** page, filter by the remediation type, "configuration change" to see the activity item related to this change.
 
 ## Related articles
 

defender-vulnerability-management/tvm-prerequisites.md

@@ -37,6 +37,10 @@ To start a trial or to purchase Defender Vulnerability Management, see [Sign up
 - Devices must be running a [Supported operating systems, platforms, and capabilities](tvm-supported-os.md) with available updates installed
 - Devices must meet the minimum requirements for [Defender for Endpoint](/defender-endpoint/minimum-requirements)
 
+## Microsoft Security Exposure Management requirements
+
+For **Microsoft Defender XDR + Microsoft Defender for Identity** preview customers, Defender Vulnerability Management is now integrated with Microsoft Security Exposure Management. If you're using this preview experience, ensure you meet the [Security Exposure Management prerequisites](/security-exposure-management/prerequisites).
+
 ## Roles and permissions
 
 Defender Vulnerability Management uses the [Microsoft Defender XDR Unified role-based access control](/defender-xdr/manage-rbac) (Unified RBAC) model, which provides a single permissions management experience with a central location for administrators to control user permissions across different security solutions, such as Defender for Endpoint and Defender Vulnerability Management.