Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender Vulnerability Management is now under Exposure Management and supports both cloud and device environments. Access vulnerability scanning in the Microsoft Defender portal at Exposure Management > Vulnerability Management > Overview > Cloud.
This centralized experience provides comprehensive vulnerability insights across your cloud infrastructure, including:
- Cloud vulnerabilities overview: Key metrics and trends for cloud-specific vulnerabilities
- Top cloud common vulnerabilities and exposures (CVEs): Most critical vulnerabilities affecting your cloud resources
- Top cloud recommendations: Prioritized remediation guidance
- Recommendations by resource type: Vulnerability insights organized by workload categories
- Vulnerable resources insights: Detailed analysis of affected assets
The Defender for Servers plan in Microsoft Defender for Cloud provides vulnerability scanning for connected machines. You can access this data from the unified Vulnerability Management dashboard under Exposure Management.
For detailed analysis, go to Exposure Management > Vulnerability Management > Vulnerabilities > Cloud. This view shows cloud vulnerabilities with enhanced filtering and risk-based prioritization alongside device vulnerabilities.
Key benefits of the integrated Exposure Management approach:
Unified vulnerability view: Both cloud and device vulnerabilities in a single interface
Contextual risk assessment: Vulnerabilities are prioritized based on environmental context and attack path analysis
Cross-platform insights: Comprehensive view across endpoints and cloud environments
Enhanced remediation workflows: Streamlined processes connecting vulnerabilities to broader security operations
Integrated vulnerability scanning in Defender for Cloud uses Microsoft Defender Vulnerability Management.
Microsoft Defender Vulnerability Management, together with Microsoft Defender for Endpoint, is integrated natively into Defender for Servers.
Enable vulnerability scanning for machines
The Defender for Servers plan in Microsoft Defender for Cloud provides vulnerability scanning for connected machines.
- Integrated vulnerability scanning in Defender for Cloud uses Microsoft Defender Vulnerability Management.
- Microsoft Defender Vulnerability Management, together with Microsoft Defender for Endpoint, is integrated natively into Defender for Servers.
Integrated vulnerability assessment provides many benefits:
- Scanning consistency: Use a consistent vulnerability scanner across a range of use cases, in multicloud environments, and different host runtimes.
- Risk reduction: Discover vulnerabilities and misconfigurations in near real time.
- Prioritization: Prioritize vulnerabilities based on the threat landscape and detections in your organization.
- Software inventory: Get information about your software inventory.
- Premium features: Use Defender Vulnerability Management premium features in Defender for Servers Plan 2, including certificate assessment, baseline assessment, vulnerable application blocking, and more.
Vulnerability scanning with Defender Vulnerability Management is supported for Azure virtual machines (VMs), AWS machines, and GCP machines that are connected to Defender for Cloud. It's also supported for on-premises VMs that are onboarded as Azure Arc VMs.
For a quick overview of Defender Vulnerability Management, watch this video:
Agent-based and agentless scanning
Vulnerability scanning with integrated Defender Vulnerability Management takes a hybrid approach in Defender for Cloud:
- Agentless vulnerability scanning. Defender for Cloud provides agentless vulnerability scanning as part of its agentless scanning capabilities. Agentless scanning is available in Defender for Servers Plan 2 only.
- Agent-based vulnerability scanning. The Defender for Endpoint integration in Defender for Servers provides vulnerability scanning using the Defender for Endpoint sensor. This integration is available in Defender for Servers Plan 1 (P1) and Plan 2 (P2).
Bring your own license (BYOL)
Instead of integrated Defender Vulnerability Management scanning, you can use your own bring your own license (BYOL) vulnerability scanner. Qualys and Rapid7 scanners are supported.
Here's how it works:
- Supported solutions report vulnerability data to the partner's management platform.
- Solution platforms provide vulnerability and health monitoring data back to Defender for Cloud.
You can identify vulnerable machines in Defender for Cloud, and then open the partner management console directly from Defender for Cloud for reports and more information.
You don't need a paid plan switched on in Defender for Cloud to use a non-Microsoft vulnerability solution.
Hybrid scanning behavior
Agentless scanning extends the visibility of Defender for Cloud to reach more devices. If agentless vulnerability scanning is enabled, the following occurs:
| Solution (agentless scanning switched on) |
Details |
|---|---|
| No solution | If you don't have an agent-based vulnerability scanning solution enabled on VMs, Defender for Cloud automatically runs agentless scanning with Defender Vulnerability Management. |
| Defender Vulnerability Management integration | If machines run the Defender for Endpoint agent, Defender for Cloud shows a unified vulnerability assessment view with optimized coverage and data freshness. - Machines using only one method, agent-based scanning or agentless scanning, show results from that method. - Machines using both methods show agent-based results only for better freshness. |
| BYOL solution | If you're using a partner vulnerability assessment solution, Defender for Cloud shows partner results by default. Defender for Cloud shows agentless results for machines that don't have the partner agent installed, or for machines that aren't reporting findings correctly. You can change this behavior and always show results from Defender Vulnerability Management. To do this, manually enable Vulnerability assessment for machines on the Environment settings page in Defender for Cloud. |
Premium vulnerability management features
Defender for Servers Plan 2 includes Defender Vulnerability Management premium add-on capabilities. These capabilities provide consolidated inventories, new assessments, and mitigation tools to improve your vulnerability management program. Learn more in Defender Vulnerability Management capabilities for endpoints.
Related content
- Learn more about Defender for Servers in this episode of the Defender for Cloud in the Field video series: Microsoft Defender for Servers
- Enable vulnerability scanning