Merge pull request #2969 from MicrosoftDocs/main

pushing MDVM updates live

Author: denisebmsft

defender-endpoint/api/isolate-machine.md

@@ -9,27 +9,22 @@ manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
-- tier3
 - must-keep
 ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 09/26/2024
+ms.date: 02/28/2025
 ---
 
 # Isolate machine API
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
-- [Microsoft Defender for Endpoint Plan 1](../microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint](../microsoft-defender-endpoint.md)
+- [Microsoft Defender for Endpoint Plan 1 or Plan 2](/defender-endpoint/microsoft-defender-endpoint)
 - [Microsoft Defender XDR](/defender-xdr)
-
-
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
+- [Microsoft Defender for Business](/defender-business)
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
 
@@ -47,11 +42,12 @@ Isolates a device from accessing external network.
 
 > [!IMPORTANT]
 > - Full isolation is available for devices on Windows 10, version 1703, and on Windows 11.
-> - Full isolation is available in **public preview** for all supported Microsoft Defender for Endpoint on Linux listed in [System requirements](../microsoft-defender-endpoint-linux.md#system-requirements).
+> - Full isolation is available for all supported Linux devices. See [Microsoft Defender for Endpoint on Linux](/defender-endpoint/microsoft-defender-endpoint-linux).
 > - Selective isolation is available for devices on Windows 10, version 1709 or later, and on Windows 11.
 > - When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.
 > - Calling this API on unmanaged devices triggers the [contain device from the network](../respond-machine-alerts.md#contain-devices-from-the-network) action.
 
+
 ## Permissions
 
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)

defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md

@@ -73,7 +73,7 @@ If you want to focus on the AsrOfficeChildProcess rule and get details on the ac
 
 ```kusto
 DeviceEvents
-| where (Actiontype startswith "AsrOfficechild")
+| where (ActionType startswith "AsrOfficechild")
 | extend RuleId=extractjson("$Ruleid", AdditionalFields, typeof(string))
 | project DeviceName, FileName, FolderPath, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessCommandLine
 ```

defender-vulnerability-management/defender-vulnerability-management-capabilities.md

@@ -13,7 +13,7 @@ f1.keywords: NOCSH
 ms.collection: 
 - m365-security
 - Tier1
-ms.date: 11/07/2024
+ms.date: 02/28/2025
 ---
 
 # Compare Microsoft Defender Vulnerability Management plans and capabilities
@@ -38,12 +38,13 @@ This article helps clarify the Defender Vulnerability Management capabilities in
 > [!NOTE]
 > The Microsoft Defender Vulnerability Management trial isn't currently available to US Government customers using GCC High, and DoD. For more information on purchase options available, see [Microsoft Defender Vulnerability Management](https://www.microsoft.com/security/business/threat-protection/microsoft-defender-vulnerability-management-pricing?msockid=17c438e9b0b8628c22d52cd3b1c763eb).
 
+- We recommend working with a Microsoft reseller to start your trial. If you're not already working with a reseller, see [Microsoft Security partners](https://www.microsoft.com/security/business/find-a-partner?msockid=3e48fd857a12656b2b0ce88f7b3f6460).
 - If you already have Defender for Endpoint Plan 2 [Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers](get-defender-vulnerability-management.md#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers).
 - For new customers or existing Defender for Endpoint P1 or Microsoft 365 E3 customers the **Microsoft Defender Vulnerability Management Standalone is now generally available**. To try it, go to [Try Defender Vulnerability Management Standalone](get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone).
 
 ## Vulnerability Management capabilities for endpoints
 
-The table below shows the availability of Defender Vulnerability Management capabilities for endpoints:
+The following table summarizes the availability of Defender Vulnerability Management capabilities for endpoints:
 
 |Capability| Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities| Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2 | Defender Vulnerability Management Standalone provides full Defender Vulnerability Management capabilities for any EDR solution |
 |:----|:----:|:----:|:----:|
@@ -57,33 +58,30 @@ The table below shows the availability of Defender Vulnerability Management capa
 |[Software inventory](tvm-software-inventory.md)|✔|-|✔|
 |[Software usages insights](tvm-usage-insights.md)|✔|-|✔|
 |[Security baselines assessment](tvm-security-baselines.md)|-|✔|✔|
-|[Block vulnerable applications](tvm-block-vuln-apps.md)|-|✔|✔ **see note** <sup>1</sup>|
+|[Block vulnerable applications](tvm-block-vuln-apps.md)|-|✔|✔ **see note**|
 |[Browser extensions assessment](tvm-browser-extensions.md)|-|✔|✔|
 |[Digital certificate assessment](tvm-certificate-inventory.md)|-|✔|✔|
 |[Network share analysis](tvm-network-share-assessment.md)|-|✔|✔|
 |[Hardware and firmware assessment](tvm-hardware-and-firmware.md)|-|✔|✔|
 |[Authenticated scan for Windows](windows-authenticated-scan.md)|-|✔|✔|
 
 > [!NOTE]
-> <sup>1</sup> Block vulnerable applications requirement: For Defender Vulnerability Management standalone customers, to use block vulnerable applications Microsoft Defender Antivirus must be configured in active mode. For more information, see [Microsoft Defender Antivirus Windows](/defender-endpoint/microsoft-defender-antivirus-windows#comparing-active-mode-passive-mode-and-disabled-mode).
-
-> [!NOTE]
-> Microsoft 365 Business Premium and the standalone version of Microsoft Defender for Business include the capabilities that are listed under **Defender for Endpoint Plan 2** in the preceding table.
+> If you're using the standalone version of Defender Vulnerability Management, to use the "block vulnerable applications" feature, Microsoft Defender Antivirus must be configured in active mode. For more information, see [Microsoft Defender Antivirus Windows](/defender-endpoint/microsoft-defender-antivirus-windows#comparing-active-mode-passive-mode-and-disabled-mode).
 
 ## Vulnerability Management capabilities for servers
 
-For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud based virtual machines and recommendations will automatically populate in the Defender for Cloud portal.
+For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud-based virtual machines. Recommendations automatically populate in the Defender for Cloud portal.
 
 Defender Vulnerability Management premium capabilities are available to server devices with Microsoft Defender for Servers Plan 2. 
 
 > [!NOTE]
-> Client devices will require the Defender Vulnerability Management add-on license to access Defender Vulnerability Management premium capabilities.
+> Client devices require the Defender Vulnerability Management add-on license to access Defender Vulnerability Management premium capabilities.
 >
 > To use the premium vulnerability management capabilities for your client devices, see [Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers](get-defender-vulnerability-management.md#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers).
 
-The capabilities are only available through the [Microsoft Defender 365 portal](https://security.microsoft.com/homepage).
+The capabilities are only available through the [Microsoft Defender portal](https://security.microsoft.com/homepage).
 
-The table below shows the availability of Defender Vulnerability Management capabilities across the Defender for Servers plans.
+The following table lists the availability of Defender Vulnerability Management capabilities across the Defender for Servers plans.
 
 |Capability|Defender For Servers Plan 1|Defender For Servers Plan 2|
 |:----|:----:|:----:|
@@ -100,10 +98,10 @@ The table below shows the availability of Defender Vulnerability Management capa
 |[Digital certificate assessment](tvm-certificate-inventory.md)|-|✔|
 |[Network share analysis](tvm-network-share-assessment.md)|-|✔|
 |[Hardware and firmware assessment](tvm-hardware-and-firmware.md)|-|✔|
-|[Authenticated scan for Windows](windows-authenticated-scan.md)|-|✔**see note** <sup>2</sup>|
+|[Authenticated scan for Windows](windows-authenticated-scan.md)|-|✔**see note**|
 
-> [!IMPORTANT]
-> <sup>2</sup> The Windows authenticated scan feature will be deprecated by the end of November 2025 and will not be supported beyond that date. More information about this change are in the [Windows authenticated scan deprecation FAQs](defender-vulnerability-management-faq.md#windows-authenticated-scan-deprecation-faqs).
+> [!NOTE]
+> The Windows authenticated scan feature will be deprecated by the end of November 2025 and won't be supported beyond that date. For more information about this change, see the [Windows authenticated scan deprecation FAQs](defender-vulnerability-management-faq.md#windows-authenticated-scan-deprecation-faqs).
 
 ## Next steps
 

defender-vulnerability-management/defender-vulnerability-management-faq.md

@@ -14,7 +14,7 @@ ms.collection:
 - Tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 11/07/2024
+ms.date: 02/08/2025
 ---
 
 # Microsoft Defender Vulnerability Management frequently asked questions
@@ -50,6 +50,8 @@ If the customer has Defender for Endpoint Plan 2 they have the core vulnerabilit
 
 ### How do customers sign up for a trial?
 
+We recommend working with a Microsoft reseller. If you're not already working with a reseller, see [Microsoft Security partners](https://www.microsoft.com/security/business/find-a-partner?msockid=3e48fd857a12656b2b0ce88f7b3f6460).
+
 For existing Defender for Endpoint Plan 2 customers who want to evaluate the experience first-hand, we encourage directly onboarding onto the Microsoft Defender Vulnerability Management add-on free 90-day trial. For more information, see [Defender Vulnerability Management Add-on](get-defender-vulnerability-management.md#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers).
 
 For new customers or existing Defender for Endpoint P1 or Microsoft 365 E3 customers, see [Defender Vulnerability Management Standalone](get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone) to sign up for the free 90-day trial.
@@ -74,6 +76,8 @@ After your trial ends, you have a 30 day grace period of active trial before the
 
 After 180 days, your license will be deactivated and your profiles will be deleted.
 
+You can [request one extension](https://productledgrowth.powerappsportals.com/Admin-Led-Trials/request-trial/) of your current trial for 30 days within the last 15 days of the trial period. For any questions, please contact your field seller.
+
 ## Block vulnerable applications FAQs
 
 ### I want to block a vulnerable application but it's not showing up as available to block?

defender-vulnerability-management/defender-vulnerability-management-trial.md

@@ -14,49 +14,52 @@ ms.collection:
 - Tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 10/22/2024
+ms.date: 02/28/2025
 ---
 
 # About the Microsoft Defender Vulnerability Management trial
 
-Microsoft Defender Vulnerability Management provides advanced vulnerability management capabilities to minimize your organization's cyber risk. Get real-time asset discovery, continuous risk-based assessment and prioritization, and built in remediation tools.
+Microsoft Defender Vulnerability Management provides advanced vulnerability management capabilities to minimize your organization's cyber risk. Get real-time asset discovery, continuous risk-based assessment and prioritization, and built in remediation tools. It includes capabilities so your teams can intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.
 
-It includes capabilities so your teams can intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.
+To start your trial, we recommend working with a Microsoft reseller. If you're not already working with a reseller, see [Microsoft Security partners](https://www.microsoft.com/security/business/find-a-partner?msockid=3e48fd857a12656b2b0ce88f7b3f6460). 
 
 ## How to sign up for the Defender Vulnerability Management trial
 
 > [!NOTE]
-> The sign up process outlined below is only relevant to customers who have access to the [Microsoft Defender 365 portal](https://security.microsoft.com/homepage).
+> The sign up process outlined below is only relevant to customers who have access to the [Microsoft Defender portal](https://security.microsoft.com/homepage).
 >
-> If you don't have access to the Microsoft Defender 365 portal learn more about how you can sign up to the [Microsoft Defender Vulnerability Management Standalone trial](get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone).
+> If you don't have access to the Microsoft Defender portal, learn more about how you can sign up to the [Microsoft Defender Vulnerability Management Standalone trial](get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone).
 >
 > If you're a Microsoft Defender for Cloud customers, see [Vulnerability Management capabilities for servers](./defender-vulnerability-management-capabilities.md#vulnerability-management-capabilities-for-servers) to learn more about the Defender Vulnerabilities Management capabilities available to your organization.
 
-To sign up for the Defender Vulnerability Management trial, you can go directly to the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub) page or by selecting **Trials** on the left navigation from the [Microsoft Defender 365 portal](https://security.microsoft.com/homepage).
+To sign up for the Defender Vulnerability Management trial, you can go directly to the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub) page or by selecting **Trials** on the left navigation from the [Microsoft Defender portal](https://security.microsoft.com/homepage).
 
 Once you've reached the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub):
 
 - If you have Defender for Endpoint Plan 2, find the **Defender Vulnerability Management add-on** card and select **Try now**.
 - If you're a new customer or an existing Defender for Endpoint P1 or Microsoft 365 E3 customer, choose the **Defender Vulnerability Management** card and select **Try now**.
 
 :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-trialshub.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management trial hub landing page.":::
+
 2. Review the information about what's included in the trial, then select **Begin trial**.
 
 Your trial will be effective immediately:
 
 - The Defender Vulnerability Management add-on trial lasts for 90 days.
 - The Defender Vulnerability Management Standalone trial lasts for 90 days.
 
-It can take up to 6 hours for all vulnerability management features to appear in your left navigation. Sign out and sign back in to see the updates.
+It can take up to six hours for all vulnerability management features to appear in your left navigation. Sign out and sign back in to see the updates.
 
 To make the most of your trial, see [Trial user guide: Microsoft Defender Vulnerability Management](./trial-user-guide-defender-vulnerability-management.md)
 
 ## Required roles for starting the trial
 
 As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:
 
-1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**
+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**.
+
 2. Check **Let users start trials on behalf of your organization**
+
 3. Select **Save**
 
 :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-user-starttrial.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management user trial setting.":::
@@ -76,7 +79,7 @@ You can start using Defender Vulnerability Management features as soon as you se
 
 ### Extending the trial
 
-You can extend the trial within the last 15 days of the trial period. You're limited to a maximum of two trial periods. If you don't extend by the time your trial period ends, you'll need to wait at least 30 days before signing up for a second trial.
+You can [request one extension](https://productledgrowth.powerappsportals.com/Admin-Led-Trials/request-trial/) of your current trial for 30 days within the last 15 days of the trial period. For any questions, please contact your field seller.
 
 ### Ending the trial