Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

devices/surface/secure-surface-dock-ports-semm.md

@@ -38,7 +38,7 @@ Restricting Surface Dock 2 to authorized persons signed into a corporate host de
 
 This section provides step-by-step guidance for the following tasks:
 
-1. Install [**Surface UEFI Configurator**](https://www.microsoft.com/en-us/download/details.aspx?id=46703).
+1. Install [**Surface UEFI Configurator**](https://www.microsoft.com/download/details.aspx?id=46703).
 1. Create or obtain public key certificates.
 1. Create an .MSI configuration package.
    1. Add your certificates.

devices/surface/surface-enterprise-management-mode.md

@@ -32,6 +32,9 @@ There are two administrative options you can use to manage SEMM and enrolled Sur
 
 The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
 
+>[!NOTE]
+>You can now use Surface UEFI Configurator and SEMM to manage ports on Surface Dock 2. To learn more, see [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md).
+
 ![Microsoft Surface UEFI Configurator](images/surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator")
 
 *Figure 1. Microsoft Surface UEFI Configurator*
@@ -282,6 +285,6 @@ This version of SEMM includes:
 
 ## Related topics
 
-[Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
+- [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
-
+- [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
-[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
+- [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md)

windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md

@@ -49,26 +49,7 @@ You can remediate the issues based on prioritized [security recommendations](tvm
 
 ## Reduce your threat and vulnerability exposure
 
-To lower your threat and vulnerability exposure, follow these steps.
+Lower your threat and vulnerability exposure by remediating [security recommendations](tvm-security-recommendation.md). Make the most impact to your exposure score by remediating the top security recommendations, which can be viewed in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md).
-
-1. Review the **Top security recommendations** from your [**Threat & Vulnerability Management dashboard**](tvm-dashboard-insights.md) and select an item on the list.  
-
-   ![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png)
-
-      Always prioritize recommendations that are associated with ongoing threats:
-
-   - ![Red bug](images/tvm_bug_icon.png) Threat insight icon
-   - ![Arrow hitting a target](images/tvm_alert_icon.png) Active alert icon
-
-2. The **Security recommendations** page will open, and a flyout for the recommendation you selected will open. The flyout panel will display a description of what you need to remediate, number of vulnerabilities, associated exploits in machines, number of exposed machines and their machine names, business impact, and a list of CVEs. Select **Open software page** option from the flyout panel.  ![Example of security recommendations page with the flyout "Update Windows Server 2019" open.](images/tvm_security_recommendations_page.png)
-
-3. Select **Installed machines** and then the affected machine from the list. A flyout panel will open with the relevant machine details, exposure and risk levels, alert and incident activities. ![Example of the software page for Git, and a flyout open for a selected machine.](images/tvm_software_page_details.png)
-
-4. Click **Open machine page** to connect to the machine and apply the selected recommendation. See [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md) for details. ![Example of a machine page.](images/tvm_machine_page_details.png)
-
-5. Allow a few hours for the changes to propagate in the system.
-
-6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
 
 ## Related topics
 

windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md

@@ -85,7 +85,7 @@ Select the security recommendation that you want to investigate or process.
 
 From the flyout, you can do any of the following:
 
-- **Open software page** - Open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-support, and charts of the exposure trend over time.
+- **Open software page** - Open the software page to get more context on the software and how it is distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
 
 - **Remediation options** - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.