Prerequisites & permissions for Microsoft Defender Vulnerability Management
Note
The same minimum requirements as Microsoft Defender for Endpoint apply to Microsoft Defender Vulnerability Management, for more information, see Minimum requirements.
Ensure that your devices:
Are onboarded to Microsoft Defender for Endpoint Plan 2 or Microsoft Defender Vulnerability Management
Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates:
Release Security update KB number and link Windows 10 Version 1709 KB4493441 and KB 4516071 Windows 10 Version 1803 KB4493464 and KB 4516045 Windows 10 Version 1809 KB 4516077 Windows 10 Version 1903 KB 4512941 Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager to help remediate threats found by Microsoft Defender Vulnerability Management, formerly known as Threat & Vulnerability Management (TVM). If you're using Configuration Manager, update your console to the latest version.
Note
If you have the Intune connection enabled, you get an option to create an Intune security task when creating a remediation request. This option does not appear if the connection is not set.
Have at least one security recommendation that can be viewed in the device page
Are tagged or marked as co-managed
Data storage and privacy
The same data security and privacy practices for Microsoft Defender for Endpoint apply to Microsoft Defender Vulnerability Management, for more information, see Microsoft Defender for Endpoint data storage and privacy.
Relevant permission options
Note
You can now control access and grant granular permissions for Microsoft Defender Vulnerability Management as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Microsoft Defender XDR Unified role-based access control (RBAC).
To view the permissions options for vulnerability management:
- Log in to Microsoft Defender portal using account with a Security Administrator or Global Administrator role assigned.
- In the navigation pane, select Settings > Endpoints > Roles.
For more information, see Create and manage roles for role-based access control.
Important
Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
View data
- Security operations - View all security operations data in the portal
- Defender Vulnerability Management - View Defender Vulnerability Management data in the portal
Active remediation actions
- Security operations - Take response actions, approve or dismiss pending remediation actions, manage allowed/blocked lists for automation and indicators
- Defender Vulnerability Management - Exception handling - Create new exceptions and manage active exceptions
- Defender Vulnerability Management - Remediation handling - Submit new remediation requests, create tickets, and manage existing remediation activities
- Defender Vulnerability Management - Application handling - Apply immediate mitigation actions by blocking vulnerable applications, as part of the remediation activity and manage the blocked apps and perform unblock actions
Defender Vulnerability Management - security baselines
Defender Vulnerability Management – Manage security baselines assessment profiles - Create and manage profiles so you can assess if your devices comply to security industry baselines.