This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 40%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB8%3C/text%3E%3C/svg%3E)
Qualys is being deprecated to be used together with Cloud Defender for Servers Plan 2.
In the documentation I read that MDVM is part of MDE, either plan 1 or plan 2.
Plan 1 has basic vulnerability scanning and p2 supplies addons to that basic vulnerability scanning such as agentless scanning and some features which can be controlled via the Microsoft security portal.
Now I wonder which plan for MDE reflects the same functionality as the Qualys which was delivered in plan 2. I ask the question because none of the add-on capabilities which are in P2 for MDVM were actually capabilities of the Qualys extension.
So my question here is if Cloud Defender for Servers Plan 1 replaces Qualys as previously supplied by the P2 plan?
Hi,
The exact feature that replaces Qualys vulnerability assessment is Vulnerability assessment for machines:
It is available for both P1 and P2 plans. Vulnerability assessment agent details.. You can find more information about the feature here. There you will find all the documentation about it + the deprecated Qualys which was used for the same feature. There is even Common questions document. There are certain capabilities of Vulnerability assessment that are only available in P2.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @Stanislav Zhelyazkov Thanks for the fast reply.
Still a follow up question. Some time ago we had a meeting with Microsoft and some Microsoft person made a remark of vulnerability scanning (MDVM) actually not being present in de P1 plan despite it being mentioned like that in the portal and the documentation. Basically, he was saying the documentation was not correct on this point.
Maybe there was a miscommunication in that meeting which resulted in the given answer, maybe he interpreted our question in the frame of vulnerability assessment. + security baseline capabilities, which is only in available in 2. The topic of the meeting was (pushing) cis compute benchmarks amongst others.
Or maybe we interpreted the answer wrongly. Who knows.
As I don't have his contact details I can't follow up on my verification question for the above.
As we need to inform our customers about which plan to use for swapping "basic Qualys capabilities" we need to be rather sure about our advice. The documentation is not very clear on this as some info could be there like "If you used Qualys the same capabilities are offered in the P1 plan, with possibilities to add extra capabilities by using the P2 plan". Would be nice if such a reference to Qualys could be made.
Can we take your answer as an MS statement that there is indeed "vulnerability assessment" as part of the P1 plan, with the capabilities described in the current documentation?
Thanks again for your swift reply.
Hi,
You cannot take my answer as MS statement as I am not Microsoft employee. If you want answer from Microsoft about this contact your Microsoft account manager or raise a support request.
As far as I am aware the Qualys integration with Defender for Cloud has not offered the full capabilities of having Qualys with a license. It only enabled basic vulnerability assessment which should be what P1 offers. If you want the additional features that is where you need P2. Overall your customer should have requirements what kind of scanning features it needs - those in P1 only or those in P2. It will not be well money spend if they deploy P2 but do not need all the features there. If nothing else I am pretty sure that the customer can use Qualys as third party if any of the features or the price of P1 or P2 does not meet its needs. Some answers from common questions that can help you:
Why is there a different total number of vulnerabilities on the Recommendation page between MDVM and Qualys?
The vulnerability assessment solution for servers, powered by MDVM, provides a unified and consolidated view of vulnerable software on the Recommendations page. Qualys utilizes the Qualys IDs that often contain one or two CVEs. MDVM consolidates these CVEs into a single or a few Vulnerability IDs. MDVM aggregates these CVEs into a single or a few Vulnerability IDs. This consolidation addresses multiple vulnerabilities within the same software simultaneously.
Thanks for the info! I will also ask for a statement via an MS ticket but you describe indeed what I also concluded from the documentation.
The answer of Stanislav was validated with MS in a ticket