diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-flyout.png
deleted file mode 100644
index 9befe6aa69..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-flyout.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-flyout500.png b/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-flyout500.png
deleted file mode 100644
index eb4ca2632e..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-flyout500.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-insights-flyout-500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-insights-flyout-500.png
new file mode 100644
index 0000000000..9663a52b55
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-insights-flyout-500.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-insights-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-insights-flyout.png
new file mode 100644
index 0000000000..725c4d04f3
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-insights-flyout.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-insights.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-insights.md
index 418993d870..e36aad94f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-insights.md
@@ -86,7 +86,9 @@ The following event types reflect time-stamped events that impact the score:
 
 Once you select an event insight, a flyout will appear listing the details and current CVEs that affect your machines. You can show more CVEs or view the related recommendation.
 
-![Event insights page](images/event-insights-flyout500.png)
+The arrow below "score trend" helps you determine whether this event potentially raised or lowered your organizational exposure score. Higher exposure score means machines are more vulnerable to exploitation.
+
+![Event insights page](images/tvm-event-insights-flyout-500.png)
 
 ## Related topics