Investigate weaknesses with Microsoft Defender for Endpoint's threat and vulnerability management
Note
Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud. We've also renamed Azure Defender plans to Microsoft Defender plans. For example, Azure Defender for Storage is now Microsoft Defender for Storage.
Learn more about the recent renaming of Microsoft security services.
Microsoft's threat and vulnerability management is a built-in module in Microsoft Defender for Endpoint that can:
- Discover vulnerabilities and misconfigurations in near real time
- Prioritize vulnerabilities based on the threat landscape and detections in your organization
If you've enabled the integration with Microsoft Defender for Endpoint, you'll automatically get the threat and vulnerability management findings without the need for additional agents.
As it's a built-in module for Microsoft Defender for Endpoint, threat and vulnerability management doesn't require periodic scans.
For a quick overview of threat and vulnerability management, watch this video:
Tip
As well as alerting you to vulnerabilities, threat and vulnerability management provides additional functionality for Defender for Cloud's asset inventory tool. Learn more in Software inventory.
Availability
| Aspect | Details |
|---|---|
| Release state: | Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. |
| Machine types: | 
Azure virtual machines
Azure Arc-enabled machines Supported machines |
| Pricing: | Requires Microsoft Defender for servers |
| Prerequisites: | Enable the integration with Microsoft Defender for Endpoint |
| Required roles and permissions: | Owner (resource group level) can deploy the scanner Security Reader can view findings |
| Clouds: |
Commercial clouds
National (Azure Government, Azure China 21Vianet) |
Onboarding your machines to threat and vulnerability management
The integration with Microsoft Defender for Cloud doesn't involve any changes at the endpoint level: it takes place in the background between the two platforms.
To manually onboard one or more machines to threat and vulnerability management, use the security recommendation "A vulnerability assessment solution should be enabled on your virtual machines":
To automatically surface the vulnerabilities, on existing and new machines, without the need to manually remediate the recommendation mentioned above, see Automatically configure vulnerability assessment for your machines.
To onboard via the REST API, run PUT/DELETE using this URL:
https://management.azure.com/subscriptions/.../resourceGroups/.../providers/Microsoft.Compute/virtualMachines/.../providers/Microsoft.Security/serverVulnerabilityAssessments/mdetvm?api-version=2015-06-01-preview
The findings for all vulnerability assessment tools are provided in a Defender for Cloud recommendation Vulnerabilities in your virtual machines should be remediated.. Learn about how to View and remediate findings from vulnerability assessment solutions on your VMs
Next steps
Defender for Cloud also offers vulnerability analysis for your:
- SQL databases - see Explore vulnerability assessment reports in the vulnerability assessment dashboard
- Azure Container Registry images - see Use Microsoft Defender for container registries to scan your images for vulnerabilities