Prerequisites & permissions for Microsoft Defender Vulnerability Management

Note

The same minimum requirements as Microsoft Defender for Endpoint apply to Microsoft Defender Vulnerability Management, for more information, see Minimum requirements.

Ensure that your devices:

  • Are onboarded to Microsoft Defender for Endpoint Plan 2 or Microsoft Defender Vulnerability Management

  • Run supported operating systems and platforms

  • Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates:

    Release Security update KB number and link
    Windows 10 Version 1709 KB4493441 and KB 4516071
    Windows 10 Version 1803 KB4493464 and KB 4516045
    Windows 10 Version 1809 KB 4516077
    Windows 10 Version 1903 KB 4512941
  • Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager to help remediate threats found by Microsoft Defender Vulnerability Management, formerly known as Threat & Vulnerability Management (TVM). If you're using Configuration Manager, update your console to the latest version.

    Note

    If you have the Intune connection enabled, you get an option to create an Intune security task when creating a remediation request. This option does not appear if the connection is not set.

  • Have at least one security recommendation that can be viewed in the device page

  • Are tagged or marked as co-managed

Data storage and privacy

The same data security and privacy practices for Microsoft Defender for Endpoint apply to Microsoft Defender Vulnerability Management, for more information, see Microsoft Defender for Endpoint data storage and privacy.

Relevant permission options

Note

You can now control access and grant granular permissions for Microsoft Defender Vulnerability Management as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Microsoft Defender XDR Unified role-based access control (RBAC).

To view the permissions options for vulnerability management:

  1. Log in to Microsoft Defender portal using account with a Security Administrator or Global Administrator role assigned.
  2. In the navigation pane, select Settings > Endpoints > Roles.

For more information, see Create and manage roles for role-based access control.

Important

Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

View data

  • Security operations - View all security operations data in the portal
  • Defender Vulnerability Management - View Defender Vulnerability Management data in the portal

Active remediation actions

  • Security operations - Take response actions, approve or dismiss pending remediation actions, manage allowed/blocked lists for automation and indicators
  • Defender Vulnerability Management - Exception handling - Create new exceptions and manage active exceptions
  • Defender Vulnerability Management - Remediation handling - Submit new remediation requests, create tickets, and manage existing remediation activities
  • Defender Vulnerability Management - Application handling - Apply immediate mitigation actions by blocking vulnerable applications, as part of the remediation activity and manage the blocked apps and perform unblock actions

Defender Vulnerability Management - security baselines

Defender Vulnerability Management – Manage security baselines assessment profiles - Create and manage profiles so you can assess if your devices comply to security industry baselines.