From edf81917dad64a4aba3b3856ab7a04db1dfcb1c2 Mon Sep 17 00:00:00 2001
From: Sacha Narinx <Springstone@users.noreply.github.com>
Date: Thu, 16 Nov 2023 19:55:00 +0400
Subject: [PATCH 1/4] MDFC update

---
 docs/wiki/Whats-new.md   | 1 +
 eslzArm/eslz-portal.json | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
index d3e5d844e0..1afd44fddb 100644
--- a/docs/wiki/Whats-new.md
+++ b/docs/wiki/Whats-new.md
@@ -47,6 +47,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 - Added virtual hub routing preference support to Portal Accelerator for scenarios where you need to influence routing decisions in virtual hub router towards on-premises. For existing ALZ customers please visit [Configure virtual hub routing preference](https://learn.microsoft.com/azure/virtual-wan/howto-virtual-hub-routing-preference) for details on how to configure virtual hub routing preference settings.
 - Added virtual hub capacity option to Portal Accelerator which provides an option to select the number of routing infrastracture units. Please visit [Virtual hub capacity](https://learn.microsoft.com/azure/virtual-wan/hub-settings#capacity) for more details on Azure vWAN Virtual Hub Capacity configuration.
 - Fixed a bug in the portal accelerator experience when deploying with single platform subscription and selecting virtual WAN networking topology - Invalid Template error.
+- Updated the ALZ Portal Accelerator for Microsoft Defender for Cloud (MDFC) VM Vulnerability Assessment provider to default to use the PG recommended Microsoft Defender for Endpoint Threat/Vulnerability Management (mdeTVM) provider, instead of the Qualys provider.
 
 #### Docs
 - Fixed in ALZ Azure Setup the bash command to assign at root scope _Owner_ role to a Service Principal.
diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 6baf43b2ba..712577a4d8 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -659,17 +659,17 @@
                             "name": "vulnerabilityAssessmentProvider",
                             "type": "Microsoft.Common.OptionsGroup",
                             "label": "Choose the Microsoft Defender for Cloud for servers vulnerability assessments provider",
-                            "defaultValue": "Microsoft Defender for Cloud integrated Qualys scanner (recommended)",
+                            "defaultValue": "Microsoft Defender vulnerability management (recommended)",
                             "toolTip": "Choose the preferred vulnerability assessment provider for Microsoft Defender for Cloud for servers vulnerability assessments.<br>Uses the custom initiative <a href=\"https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config.html\">Deploy Microsoft Defender for Cloud configuration</a>.",
                             "visible": "[and(equals(steps('management').enableAsc,'Yes'), equals(steps('management').enableAscForServersVulnerabilityAssessments,'DeployIfNotExists'))]",
                             "constraints": {
                                 "allowedValues": [
                                     {
-                                        "label": "Microsoft Defender for Cloud integrated Qualys scanner (recommended)",
+                                        "label": "Microsoft Defender for Cloud integrated Qualys scanner",
                                         "value": "default"
                                     },
                                     {
-                                        "label": "Microsoft Defender vulnerability management",
+                                        "label": "Microsoft Defender vulnerability management (recommended)",
                                         "value": "mdeTvm"
                                     }
                                 ]

From 73a458d861b8aed49d080805e6f252ae91a31ede Mon Sep 17 00:00:00 2001
From: Sacha Narinx <Springstone@users.noreply.github.com>
Date: Thu, 16 Nov 2023 19:55:43 +0400
Subject: [PATCH 2/4] Spelling issue

---
 docs/wiki/Whats-new.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
index 1afd44fddb..084d2da56f 100644
--- a/docs/wiki/Whats-new.md
+++ b/docs/wiki/Whats-new.md
@@ -45,7 +45,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 #### Tooling
 
 - Added virtual hub routing preference support to Portal Accelerator for scenarios where you need to influence routing decisions in virtual hub router towards on-premises. For existing ALZ customers please visit [Configure virtual hub routing preference](https://learn.microsoft.com/azure/virtual-wan/howto-virtual-hub-routing-preference) for details on how to configure virtual hub routing preference settings.
-- Added virtual hub capacity option to Portal Accelerator which provides an option to select the number of routing infrastracture units. Please visit [Virtual hub capacity](https://learn.microsoft.com/azure/virtual-wan/hub-settings#capacity) for more details on Azure vWAN Virtual Hub Capacity configuration.
+- Added virtual hub capacity option to Portal Accelerator which provides an option to select the number of routing infrastructure units. Please visit [Virtual hub capacity](https://learn.microsoft.com/azure/virtual-wan/hub-settings#capacity) for more details on Azure vWAN Virtual Hub Capacity configuration.
 - Fixed a bug in the portal accelerator experience when deploying with single platform subscription and selecting virtual WAN networking topology - Invalid Template error.
 - Updated the ALZ Portal Accelerator for Microsoft Defender for Cloud (MDFC) VM Vulnerability Assessment provider to default to use the PG recommended Microsoft Defender for Endpoint Threat/Vulnerability Management (mdeTVM) provider, instead of the Qualys provider.
 

From d27e4aeb3a2d9713ba54ea31d38fc6280b114987 Mon Sep 17 00:00:00 2001
From: Sacha Narinx <Springstone@users.noreply.github.com>
Date: Thu, 16 Nov 2023 19:57:00 +0400
Subject: [PATCH 3/4] .

---
 docs/wiki/Whats-new.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
index 084d2da56f..9312cd5c97 100644
--- a/docs/wiki/Whats-new.md
+++ b/docs/wiki/Whats-new.md
@@ -50,6 +50,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 - Updated the ALZ Portal Accelerator for Microsoft Defender for Cloud (MDFC) VM Vulnerability Assessment provider to default to use the PG recommended Microsoft Defender for Endpoint Threat/Vulnerability Management (mdeTVM) provider, instead of the Qualys provider.
 
 #### Docs
+
 - Fixed in ALZ Azure Setup the bash command to assign at root scope _Owner_ role to a Service Principal.
 
 ### October 2023

From 05528c8e9773418bf0f4a2142be444db09cae573 Mon Sep 17 00:00:00 2001
From: Sacha Narinx <Springstone@users.noreply.github.com>
Date: Mon, 20 Nov 2023 11:37:16 +0400
Subject: [PATCH 4/4] Ooops. Blonde moment...

---
 docs/wiki/Whats-new.md                                          | 2 +-
 eslzArm/eslzArm.json                                            | 2 +-
 .../policyAssignments/DINE-MDFCConfigPolicyAssignment.json      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
index 9312cd5c97..e48fb4f0c7 100644
--- a/docs/wiki/Whats-new.md
+++ b/docs/wiki/Whats-new.md
@@ -47,7 +47,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 - Added virtual hub routing preference support to Portal Accelerator for scenarios where you need to influence routing decisions in virtual hub router towards on-premises. For existing ALZ customers please visit [Configure virtual hub routing preference](https://learn.microsoft.com/azure/virtual-wan/howto-virtual-hub-routing-preference) for details on how to configure virtual hub routing preference settings.
 - Added virtual hub capacity option to Portal Accelerator which provides an option to select the number of routing infrastructure units. Please visit [Virtual hub capacity](https://learn.microsoft.com/azure/virtual-wan/hub-settings#capacity) for more details on Azure vWAN Virtual Hub Capacity configuration.
 - Fixed a bug in the portal accelerator experience when deploying with single platform subscription and selecting virtual WAN networking topology - Invalid Template error.
-- Updated the ALZ Portal Accelerator for Microsoft Defender for Cloud (MDFC) VM Vulnerability Assessment provider to default to use the PG recommended Microsoft Defender for Endpoint Threat/Vulnerability Management (mdeTVM) provider, instead of the Qualys provider.
+- Updated the ALZ Portal Accelerator and default assignments for Microsoft Defender for Cloud (MDFC) VM Vulnerability Assessment provider to default to use the PG recommended Microsoft Defender for Endpoint Threat/Vulnerability Management (mdeTVM) provider, instead of the Qualys provider.
 
 #### Docs
 
diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index c5806bbf99..89a4e5ce3b 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -140,7 +140,7 @@
         },
         "vulnerabilityAssessmentProvider": {
             "type": "string",
-            "defaultValue": "default",
+            "defaultValue": "mdeTvm",
             "allowedValues": [
                 "default",
                 "mdeTvm"
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json
index 0c1ed66320..cd05bc389f 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json
@@ -54,7 +54,7 @@
                 "default",
                 "mdeTvm"
             ],
-            "defaultValue": "default"            
+            "defaultValue": "mdeTvm"            
         },
         "enableAscForSql": {
             "type": "string",