Merge branch 'master' into edr-blocking

windows/security/threat-protection/TOC.md

@@ -23,7 +23,7 @@
 ### [Threat & Vulnerability Management]()
 #### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
 #### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
-#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
+#### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md)
 #### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
 #### [Configuration score](microsoft-defender-atp/configuration-score.md)
 #### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)

windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md

@@ -29,8 +29,9 @@ ms.topic: article
 
 ## APIs
 
-Threat and vulnerability management supports multiple APIs. See the following topics for related APIs:
+Threat and Vulnerability Management supports multiple APIs. Microsoft Defender Advanced Threat Protection (ATP) Threat & Vulnerability Management APIs are soon to be generally available. See the following topics for related APIs:
 
+- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
 - [Machine APIs](machine.md)
 - [Recommendation APIs](vulnerability.md)
 - [Score APIs](score.md)

windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md

@@ -1,5 +1,5 @@
 ---
-title: Threat & Vulnerability Management dashboard overview
+title: Threat & Vulnerability Management dashboard insights
 description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
 keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score    
 search.appverid: met150
@@ -16,7 +16,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
-# Threat & Vulnerability Management dashboard overview
+# Threat & Vulnerability Management dashboard insights
 
 **Applies to:**
 

windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md

@@ -61,7 +61,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit
 
 In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
 
-![Screenshot of security recommendations page](images/top-security-recommendations350.png)
+![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png)
 
 The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
 
@@ -71,11 +71,11 @@ View recommendations, the number of weaknesses found, related components, threat
 
 The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green.
 
-![Screenshot of security recommendations page](images/tvmsecrec-updated.png)
+![Example of the landing page for software inventory.](images/tvmsecrec-updated.png)
 
 ### Icons
 
-Useful icons also quickly calls your attention to: <ul><li> ![Possible active alert](images/tvm_alert_icon.png) possible active alerts</li><li>![Threat insight](images/tvm_bug_icon.png) associated public exploits</li><li>![Recommendation insight](images/tvm_insight_icon.png) recommendation insights</li></ul><br>
+Useful icons also quickly calls your attention to: <ul><li> ![Arrow hitting a target](images/tvm_alert_icon.png) possible active alerts</li><li>![red bug](images/tvm_bug_icon.png) associated public exploits</li><li>![light bulb](images/tvm_insight_icon.png) recommendation insights</li></ul><br>
 
 ### Investigate
 

windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md

@@ -37,14 +37,16 @@ Since it is real-time, in a matter of minutes, you will see vulnerability inform
 
 You can access the Software inventory page by selecting **Software inventory** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md).
 
+View software on specific machines in the individual machines pages from the [machines list](machines-view-overview.md).
+
 ## Software inventory overview
 
 The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
-![Screenshot of software inventory page](images/software_inventory_filter.png)
+![Example of the landing page for software inventory.](images/software_inventory_filter.png)
 
 Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
 
-![Screenshot of software inventory flyout](images/tvm-software-inventory-flyout500.png)
+![Flyout example page of "Visual Studio 2017" from the software inventory page.](images/tvm-software-inventory-flyout500.png)
 
 ## Software pages
 
@@ -54,7 +56,16 @@ Once you are in the Software inventory page and have opened the flyout panel by
 - Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed machines
 - Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the machines that the software is installed on, and the specific versions of the software with the number of machines that have each version installed and number of vulnerabilities.
 
-![Screenshot of software page example](images/tvm-software-page-example.png)
+![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png)
+
+## Software evidence
+
+We now show evidence of where we detected a specific software on a machine from the registry, disk or both machine on where we detected a certain software.
+You can find it on any machines found in the [machines list](machines-view-overview.md) in a section called "Software Evidence."
+
+From the Microsoft Defender Security Center navigation panel, go to **Machines list** > select the name of a machine to open the machine page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence.
+
+![Software evidence example of Windows 10 from the machines list, showing software evidence registry path.](images/tvm-software-evidence.png)
 
 ## Report inaccuracy
 

windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md

@@ -34,14 +34,14 @@ Windows 7 | Operating System (OS) vulnerabilities
 Windows 8.1 | Not supported
 Windows 10 1607-1703 | Operating System (OS) vulnerabilities
 Windows 10 1709+ |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment 
-Windows Server 2008R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-Windows Server 2012R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
+Windows Server 2008 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
+Windows Server 2012 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 Windows Server 2016 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 Windows Server 2019 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 MacOS | Not supported (planned)
 Linux | Not supported (planned)
 
-Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements) list.
+Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list.
 
 ## Related topics
 

windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md

@@ -51,7 +51,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Weaknes
 
 1. Go to the global search drop-down menu.
 2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
-![tvm-vuln-globalsearch](images/tvm-vuln-globalsearch.png)
+![Global search box with the dropdown option "vulnerability" selected and an example CVE.](images/tvm-vuln-globalsearch.png)
 3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
 
 To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
@@ -67,26 +67,26 @@ If the **Exposed Machines** column shows 0, that means you are not at risk. If e
 You can view the related breach and threat insights in the **Threat** column when the icons are colored red.
 
  >[!NOTE]
- > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and breach insight ![possible active alert](images/tvm_alert_icon.png) icon.  
+ > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon ![Simple drawing of a red bug.](images/tvm_bug_icon.png) and breach insight icon ![Simple drawing of an arrow hitting a target.](images/tvm_alert_icon.png).  
 
 The breach insights icon is highlighted if there is a vulnerability found in your organization.
-![tvm-breach-insights](images/tvm-breach-insights.png)
+![Example of a breach insights text that could show up when hovering over icon. This one says "possible active alert is associated with this recommendation.](images/tvm-breach-insights.png)
 
 The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories.  
 
-![tvm-threat-insights](images/tvm-threat-insights.png)
+![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](images/tvm-threat-insights.png)
 
 ## View Common Vulnerabilities and Exposures (CVE) entries in other places
 
 ### Top vulnerable software in the dashboard
 
 1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
-![top vulnerable software card](images/tvm-top-vulnerable-software500.png)
+![Top vulnerable software card with four columns: software, weaknesses, threats, exposed machines.](images/tvm-top-vulnerable-software500.png)
 2. Select the software that you want to investigate to go a drill down page.
 3. Select the **Discovered vulnerabilities** tab.
 4. Select the vulnerability that you want to investigate. A flyout panel will appear with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.  
 
-![Windows server drill down overview](images/windows-server-drilldown.png)
+![Windows Server 2019 drill down overview.](images/windows-server-drilldown.png)
 
 ### Discover vulnerabilities in the machine page
 
@@ -104,7 +104,7 @@ View related weaknesses information in the machine page.
 
 Similar to the software evidence, we now show the detection logic we applied on a machine in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the machine page) that shows the detection logic and source.
 
-![Screenshot of the machine page with details and response options](images/cve-detection-logic.png)
+![Detection Logic example which lists the software detected on the device and the KBs.](images/cve-detection-logic.png)
 
 ## Report inaccuracy