Enable vulnerability scanning with Microsoft Defender Vulnerability Management
Important
Defender for Server's vulnerability assessment solution powered by Qualys, is on a retirement path that set to complete on May 1st, 2024. If you are a currently using the built-in vulnerability assessment powered by Qualys, you should plan to transition to the Microsoft Defender Vulnerability Management vulnerability scanning solution.
For more information about our decision to unify our vulnerability assessment offering with Microsoft Defender Vulnerability Management, see this blog post.
Check out the common questions regarding the transition to Microsoft Defender Vulnerability Management.
Customers who want to continue using Qualys, can do so with the Bring Your Own License (BYOL) method.
Microsoft Defender Vulnerability Management is included with Microsoft Defender for Servers and uses built-in and agentless scanners to:
- Discover vulnerabilities and misconfigurations in near real time
- Prioritize vulnerabilities based on the threat landscape and detections in your organization
To learn more about agentless scanning, see Find vulnerabilities and collect software inventory with agentless scanning
Note
Microsoft Defender Vulnerability Management Add-on capabilities are included in Defender for Servers Plan 2. This provides consolidated inventories, new assessments, and mitigation tools to further enhance your vulnerability management program. To learn more, see Vulnerability Management capabilities for servers.
Defender Vulnerability Management add-on capabilities are only available through the Microsoft Defender 365 portal.
If you've enabled the integration with Microsoft Defender for Endpoint, you automatically get the Defender Vulnerability Management findings without the need for more agents.
Microsoft Defender Vulnerability Management continuously monitors your organization for vulnerabilities and periodic scans aren't required.
For a quick overview of Defender Vulnerability Management, watch this video:
Tip
As well as alerting you to vulnerabilities, Defender Vulnerability Management also provides functionality for Defender for Cloud's asset inventory tool. Learn more in Software inventory.
You can learn more by watching this video from the Defender for Cloud in the Field video series:
Availability
| Aspect | Details |
|---|---|
| Release state: | General availability (GA) |
| Machine types: | 
Azure virtual machines
Azure Arc-enabled machines Supported machines |
| Pricing: | Requires Microsoft Defender for Servers Plan 1 or Plan 2 |
| Prerequisites: | Enable the integration with Microsoft Defender for Endpoint |
| Required roles and permissions: | Owner (resource group level) can deploy the scanner Security Reader can view findings |
| Clouds: |
Commercial clouds
National (Azure Government, Microsoft Azure operated by 21Vianet) |
Onboarding your machines to Defender Vulnerability Management
The integration between Microsoft Defender for Endpoint and Microsoft Defender for Cloud takes place in the background, so it doesn't involve any changes at the endpoint level.
To manually onboard one or more machines to Defender Vulnerability Management, use the security recommendation "Machines should have a vulnerability assessment solution":
To automatically find and view the vulnerabilities on existing and new machines without the need to manually remediate the preceding recommendation, see Automatically configure vulnerability assessment for your machines.
To onboard via the REST API, run PUT/DELETE using this URL:
https://management.azure.com/subscriptions/.../resourceGroups/.../providers/Microsoft.Compute/virtualMachines/.../providers/Microsoft.Security/serverVulnerabilityAssessments/mdetvm?api-version=2015-06-01-preview
The findings for all vulnerability assessment tools are in the Defender for Cloud recommendation Vulnerabilities in your virtual machines should be remediated. Learn about how to view and remediate findings from vulnerability assessment solutions on your VMs
Learn more
You can check out the following blogs:
- Security posture management and server protection for AWS and GCP are now generally available
- Microsoft Defender for Cloud Server Monitoring Dashboard
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for