new license topic and move retention to prereq

DebLanger · web-flow · commit d54f870a2b0f · 2025-03-02T10:23:02.000+02:00
update licenses
diff --git a/exposure-management/TOC.yml b/exposure-management/TOC.yml
@@ -7,7 +7,9 @@
       - name: What is Microsoft Security Exposure Management?
         href: microsoft-security-exposure-management.md
       - name: What's new 
-        href: whats-new.md      
+        href: whats-new.md
+      - name: Integration and licensing
+        href: integration-licensing.md       
       - name: Compare Secure Score and Security Exposure Management
         href: compare-secure-score-security-exposure-management.md      
     - name: Get started
diff --git a/exposure-management/integration-licensing.md b/exposure-management/integration-licensing.md
@@ -0,0 +1,74 @@
+---
+title: Integration and Licensing for Microsoft Security Exposure Management
+description: Learn about integration capabilities, licensing options, and how to get started with Microsoft Security Exposure Management.
+author: dlanger
+ms.author: dlanger
+manager: rayne-wiselman
+ms.topic: overview
+ms.service: exposure-management
+ms.date: 02/24/2025
+---
+
+
+# Integration and licensing for Microsoft Security Exposure Management
+
+Microsoft Security Exposure Management provides a comprehensive consolidation of security posture information from various Microsoft services and external data sources, ensuring robust security management and detailed insights.
+
+
+
+## What's integrated into Security Exposure Management?
+
+Currently, Security Exposure Management consolidates security posture information and insights from workloads that include:
+
+- Microsoft Defender for Endpoint
+- Microsoft Defender for Identity
+- Microsoft Defender for Cloud Apps
+- Microsoft Defender for Office
+- Microsoft Defender for IoT
+- Microsoft Secure Score  
+- Microsoft Defender Vulnerability Management  
+- Microsoft Defender for Cloud
+- Microsoft Entra ID  
+- Microsoft Defender External Attack Surface Management (EASM)
+
+In addition to Microsoft services, Security Exposure Management allows you to connect to external data sources to further enrich and extend your security posture management.
+For more information on data connectors, see [Data connectors overview](overview-data-connectors.md).
+
+## How do I buy Microsoft Security Exposure Management?
+
+Exposure Management is available in the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com)
+
+Access to the exposure management blade and features in the Microsoft Defender portal according to the license requirements.
+
+The following licenses allow accessing all Microsoft Security Exposure Management experiences:
+
+- Microsoft 365 E5 or A5
+- Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
+- Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
+- Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
+- Windows 10 Enterprise E5 or A5
+- Windows 11 Enterprise E5 or A5
+- Enterprise Mobility + Security (EMS) E5 or A5
+- Office 365 E5 or A5
+- Microsoft Defender for Endpoint
+- Microsoft Defender for Identity
+- Microsoft Defender for Cloud Apps or Cloud App Discovery
+- Microsoft Defender for Office 365 (Plan 2)
+- Microsoft 365 Business Premium
+- Microsoft Defender for Business
+- Microsoft Defender for Cloud
+
+Integration of data from the above tools and other Microsoft Security tools like Microsoft Defender for Cloud, Microsoft Defender Cloud Security Posture Management, and Microsoft Defender External Attack Surface Management is available with those licenses.
+
+Integration of non-Microsoft security tools will be a consumption-based cost based on number of assets in the connected security tool. The external connectors are free during public preview, and pricing will be announced before starting to bill for external connectors at GA.
+
+The following licenses will allow access to Microsoft Secure Score experience only:
+
+- Microsoft 365 E3
+- Microsoft 365 A3
+- Microsoft Defender for Endpoint (Plan 2)
+- Microsoft Defender for Office 365 (Plan 2)
+
+## Next steps
+
+Review [prerequisites](prerequisites.md) to get started with Security Exposure Management.
diff --git a/exposure-management/microsoft-security-exposure-management.md b/exposure-management/microsoft-security-exposure-management.md
@@ -55,62 +55,6 @@ With Security Exposure Management you can:
   - Gain deeper insights into your security posture by integrating data from various environments.
   - Simplify the management of security data across different platforms and solutions.
 
-## What's integrated into Security Exposure Management?
-
-Currently, Security Exposure Management consolidates security posture information and insights from workloads that include:
-
-- Microsoft Defender for Endpoint
-- Microsoft Defender for Identity
-- Microsoft Defender for Cloud Apps
-- Microsoft Defender for Office
-- Microsoft Defender for IoT
-- Microsoft Secure Score  
-- Microsoft Defender Vulnerability Management  
-- Microsoft Defender for Cloud
-- Microsoft Entra ID  
-- Microsoft Defender External Attack Surface Management (EASM)
-
-In addition to Microsoft services, Security Exposure Management allows you to connect to external data sources to further enrich and extend your security posture management.
-For more information on data connectors, see [Data connectors overview](overview-data-connectors.md).
-
-## How do I buy Microsoft Security Exposure Management?
-
-Exposure Management is available in the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com)
-
-Access to the exposure management blade and features in the Microsoft Defender portal is available with any of these licenses:
-
-- Microsoft 365 E5 o*r A5*
-- Microsoft 365 E3
-- Microsoft 365 E3 with the Microsoft Enterprise Mobility + Security E5 add-on
-- Microsoft 365 A3 with the Microsoft 365 A5 security add-on
-- Microsoft Enterprise Mobility + Security E5 or A5
-- Microsoft Defender for Endpoint (Plan 1 and 2)
-- Microsoft Defender for Identity
-- Microsoft Defender for Cloud Apps
-- Microsoft Defender for Office 365 (Plans 1 and 2)
-- Microsoft Defender Vulnerability Management
-
-Integration of data from the above tools and other Microsoft Security tools like Microsoft Defender for Cloud, Microsoft Defender Cloud Security Posture Management and Microsoft Defender External Attack Surface Management is available with those licenses.
-
-Integration of non-Microsoft security tools will be a consumption-based cost based on number of assets in the connected security tool. The external connectors are free during public preview, and pricing will be announced before starting to bill for external connectors at GA.
-
-### Data freshness, retention, and related functionality
-
-We currently ingest and process supported data from first-party Microsoft products, making it available within the enterprise exposure graph and applicable Microsoft Security Exposure Management experiences built on top of graph data within 72 hours of its production at the source product.
-
-Microsoft product data is retained for no less than 14 days in the enterprise exposure graph and/or Microsoft Security Exposure Management. Only the latest data snapshot received from Microsoft products is retained; we do not store historical data.
-
-Some enterprise exposure graph and/or Microsoft Security Exposure Management experiences data is available for querying via Advanced Hunting and is subject to Advanced Hunting service limitations.
-
-We reserve the right to modify some or all of these parameters in the future, including:
-
-- Data ingestion frequency and freshness: We may increase the current 72-hour latency (decrease the frequency of data ingestion) for some or all Microsoft data sources.
-- Data retention period: We may decrease the current 14-day data retention period.
-- Service features and functionality: We may alter, limit, or discontinue specific features, capabilities, or functionalities of the service built on top of the enterprise exposure graph and/or Microsoft Security Exposure Management data.
-- Data query limits: We may impose limitations on the number, frequency, or type of data queries that can be performed against enterprise exposure graph or Microsoft Security Exposure Management data.
-
- We will make reasonable efforts to provide advance notice of any significant changes to the service. However, you acknowledge and agree that you are solely responsible for monitoring any such notifications.
-
 ## Next steps
 
-Review [prerequisites](prerequisites.md) to get started with Security Exposure Management.
+Review [integration and licensing](integration-licensing.md) for Microsoft Security Exposure Management to understand how to access and use the service.
diff --git a/exposure-management/prerequisites.md b/exposure-management/prerequisites.md
@@ -106,6 +106,23 @@ C:\Program Files\Windows Defender Advanced Threat Protection. Right-click the fi
 
     ``` DeviceInfo | project DeviceName, ClientVersion ```
 
+## Data freshness, retention, and related functionality
+
+We currently ingest and process supported data from first-party Microsoft products, making it available within the enterprise exposure graph and applicable Microsoft Security Exposure Management experiences built on top of graph data within 72 hours of its production at the source product.
+
+Microsoft product data is retained for no less than 14 days in the enterprise exposure graph and/or Microsoft Security Exposure Management. Only the latest data snapshot received from Microsoft products is retained; we do not store historical data.
+
+Some enterprise exposure graph and/or Microsoft Security Exposure Management experiences data is available for querying via Advanced Hunting and is subject to Advanced Hunting service limitations.
+
+We reserve the right to modify some or all of these parameters in the future, including:
+
+- Data ingestion frequency and freshness: We may increase the current 72-hour latency (decrease the frequency of data ingestion) for some or all Microsoft data sources.
+- Data retention period: We may decrease the current 14-day data retention period.
+- Service features and functionality: We may alter, limit, or discontinue specific features, capabilities, or functionalities of the service built on top of the enterprise exposure graph and/or Microsoft Security Exposure Management data.
+- Data query limits: We may impose limitations on the number, frequency, or type of data queries that can be performed against enterprise exposure graph or Microsoft Security Exposure Management data.
+
+ We will make reasonable efforts to provide advance notice of any significant changes to the service. However, you acknowledge and agree that you are solely responsible for monitoring any such notifications.
+
 ## Getting support
 
 To get support, select the Help question mark icon in the Microsoft Security toolbar.
