updated mdvm pages

Author: diannegali

defender-vulnerability-management/tvm-certificate-inventory.md

@@ -10,9 +10,9 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 04/11/2022
+ms.date: 03/06/2025
 ---
 
 # Certificate inventory
@@ -49,18 +49,20 @@ The **Certificate inventory** lets you view a list of the certificates installed
 
 ## View your certificates
 
-1. Go to **Vulnerability management** > **Software inventory** in the [Microsoft Defender portal](https://security.microsoft.com).
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com). Navigate to **Endpoints** > **Vulnerability management** > **Inventories**.
 2. Select the **Certificates** tab.
 
-The **Certificate inventory** page opens with a list of the certificates installed across your organization, including details on the expiration date, key size, who issued the certificate, and the number of instances.
+The **Certificate inventory** page opens to an overview containing data visualizations of the number of certificates. with a list of the certificates installed across your organization, including details on the expiration date, key size, who issued the certificate, and the number of instances.
 
 > [!NOTE]
-> Only certificates found on Windows devices (in the local machine certificate store) will be displayed in certificate inventory list.
+> Only certificates found on Windows devices (in the local machine certificate store) are displayed in certificate inventory list.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/certificate_inventory.png" alt-text="Screenshot of the certificate inventory list." lightbox="/defender/media/defender-vulnerability-management/certificate_inventory.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-cert-main-small.png" alt-text="Screenshot of the certificate inventory list." lightbox="/defender/media/defender-vulnerability-management/tvm-cert-main.png":::
 
 ## Gain insights into potentially vulnerable certificates
 
+Navigate to the **All certificates** tab to view the list of certificates installed across your organization.
+
 At the top of the page, you can view the number of certificates that have been identified as potentially less secure and introduce risk into your organization. This number includes certificates with the following issues:
 
 - Expired.
@@ -73,17 +75,17 @@ At the top of the page, you can view the number of certificates that have been i
 
 You can use filters to view the inventory based on:
 
-- **Certificate status:** view the certificates that have expired, are expiring soon, are issued with a future date, or are current
+- **Type:** view certificates that are root, intermediate, issued by a trusted publisher, machine certificates, or server certificates
+- **Status:** view the certificates that have expired, are expiring soon, are issued with a future date, or are current
 - **Self-signed:** view certificates that are self-signed
 - **Key size:** view certificates that have a short key size or valid key size
 - **Signature hash:** view certificates that have a weak signature hash or valid signature hash
-- **Key usage:** view certificates with key usage values, such as digital signature, repudiation, and certificate signing
 
 ## Get more information on a discovered certificate
 
 When you select the certificate that you want to investigate, a flyout panel opens with the certificate details page:
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/certificate_details.png" alt-text="Screenshot of the certificate details page" lightbox="/defender/media/defender-vulnerability-management/certificate_details.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-cert-flyout-small.png" alt-text="Screenshot of the certificate details page" lightbox="/defender/media/defender-vulnerability-management/tvm-cert-flyout.png":::
 
 You can select the **Issuing details** tab to see information on who the certificate was issued to and who it was issued by.
 
@@ -94,9 +96,9 @@ To see the list of the devices the certificate is installed on, choose the **Ins
 You can also view a list of certificates installed on a device:
 
 1. Select the device from the **Installed devices** tab in the flyout panel or select the device directly from the **Device inventory** page.
-2. Select the **Certificate inventory** tab to see a list of certificates installed on that device.
+2. In the device page, select the **Inventories** tab then choose **Certificates** to see a list of certificates installed on that device.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/certificate_inventory_page.png" alt-text="Screenshot of the certificate inventory page" lightbox="/defender/media/defender-vulnerability-management/certificate_inventory_page.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-cert-device-small.png" alt-text="Screenshot of the certificate inventory in a device page" lightbox="/defender/media/defender-vulnerability-management/tvm-cert-device.png":::
 
 3. Select a certificate to open the flyout with more information.
 
@@ -110,7 +112,7 @@ Select **View all** to go to the certificate inventory page.
 
 ## Use advanced hunting
 
-You can use advanced hunting queries to gain visibility on certificates in your organization. For example, using the **DeviceTvmCertificateInfo** table, you can query to show all expired certificates.
+You can use advanced hunting queries to gain visibility on certificates in your organization. For example, using the [**DeviceTvmCertificateInfo**](/defender-xdr/advanced-hunting-devicetvmcertificateinfo-table) table, you can query to show all expired certificates.
 
 ## Related articles
 

defender-vulnerability-management/tvm-dashboard-insights.md

@@ -11,9 +11,9 @@ ms.collection:
   - m365-security
   - tier1
 ms.custom: admindeeplinkDEFENDER
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 02/23/2025
+ms.date: 03/06/2025
 ---
 
 # Microsoft Defender Vulnerability Management dashboard
@@ -63,7 +63,7 @@ Watch this video for a quick overview of what is in the Defender Vulnerability M
 |**Top vulnerable software**|Get real-time visibility into your organization's software inventory with a stack-ranked list of vulnerable software installed on your network's devices and how they impact your organizational exposure score. Select an item for details or **Show more** to see the rest of the vulnerable software list in the **Software inventory** page.|
 |**Top remediation activities**|Track the remediation activities generated from the security recommendations. You can select each item on the list to see the details in the **Remediation** page or select **Show more** to view the rest of the remediation activities, and active exceptions.|
 |**Top exposed devices**|View exposed device names and their exposure level. Select a device name from the list to go to the device page where you can view the alerts, risks, incidents, security recommendations, installed software, and discovered vulnerabilities associated with the exposed devices. Select **Show more** to see the rest of the exposed devices list. From the devices list, you can manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate device.|
-|
+|**Top events**|View the top events and the number of impacted devices in your organization in the last seven days. Select **Show more** to open the [Event timeline](threat-and-vuln-mgt-event-timeline.md) and view and filter all events, including new vulnerabilities, new exploitable vulnerabilities, and new configuration assessments.|
 
 ## Related articles
 

defender-vulnerability-management/tvm-exposure-score.md

@@ -10,9 +10,9 @@ audience: ITPro
 ms.collection: 
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 03/04/2022
+ms.date: 03/06/2025
 ---
 
 # Exposure score in Defender Vulnerability Management

defender-vulnerability-management/tvm-microsoft-secure-score-devices.md

@@ -10,9 +10,9 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 03/04/2022
+ms.date: 03/06/2025
 ---
 
 # Microsoft Secure Score for Devices
@@ -58,13 +58,13 @@ Improve your security configuration by remediating issues from the security reco
 
 1. From the Microsoft Secure Score for Devices card in the Defender Vulnerability Management dashboard, select one of the categories. You'll view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
 
-2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
+2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Request remediation**.
 
    :::image type="content" alt-text="Security controls related security recommendations." source="/defender/media/defender-vulnerability-management/security-controls.png":::
 
 3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
 
-4. **Submit request**. You'll see a confirmation message that the remediation task has been created.
+4. Select **Submit**. You'll see a confirmation message that the remediation task has been created.
 
    :::image type="content" alt-text="Remediation task creation confirmation." source="/defender/media/defender-vulnerability-management/remediation-task-created.png":::
 

defender-vulnerability-management/tvm-prerequisites.md

@@ -11,7 +11,7 @@ ms.collection:
 - m365-security
 - tier2
 - essentials-get-started
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
 ms.date: 02/23/2025
 ---

defender-vulnerability-management/tvm-remediation.md

@@ -10,7 +10,7 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier2
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
 ms.date: 02/23/2025
 ---
@@ -43,15 +43,15 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender fo
 
 ### Remediation request steps
 
-1. In the [Microsoft Defender portal](https://security.microsoft.com), go to the **Vulnerability management**, and then select [**Recommendations**](tvm-security-recommendation.md).
+1. In the [Microsoft Defender portal](https://security.microsoft.com), go to the **Endpoints** > **Vulnerability management**, and then select [**Recommendations**](tvm-security-recommendation.md).
 
-2. Select a security recommendation you would like to request remediation for, and then select **Remediation options**.
+2. Select a security recommendation you would like to request remediation for, and then select **Request remediation** in the flyout pane.
 
-3. Fill out the form, including what you are requesting remediation for, applicable device groups, priority, due date, and optional notes.
+3. Fill out the form, including what you are requesting remediation for, whether to open a ticket in Intune, priority, due date, and optional notes. Select Next.
 
-   If you choose the "attention required" remediation option, you can't select a due date because there's no specific action.
+   If you choose the **attention required** remediation option, you can't select a due date because there's no specific action.
 
-4. Select **Submit request**. Submitting a remediation request creates a remediation activity item within vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This action doesn't trigger a remediation or apply any changes to devices.
+4. Review the details of your request then, select **Submit**. Submitting a remediation request creates a remediation activity item within vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This action doesn't trigger a remediation or apply any changes to devices.
 
 5. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. If you want to check how the ticket shows up in Intune, See [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](/mem/intune/protect/atp-manage-vulnerabilities) for details.
 
@@ -68,7 +68,7 @@ Lower your organization's exposure from vulnerabilities and increase your securi
 
 When you submit a remediation request from the Security recommendations page, it kicks off a remediation activity. A security task is created that can be tracked on a **Remediation** page, and a remediation ticket is created in Microsoft Intune.
 
-If you chose the "attention required" remediation option, there's no progress bar, ticket status, or due date since there's no actual action we can monitor.
+If you chose the **attention required** remediation option, there's no progress bar, ticket status, or due date since there's no actual action we can monitor.
 
 Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete.