Automatically configure vulnerability assessment for your machines
Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud. We've also renamed Azure Defender plans to Microsoft Defender plans. For example, Azure Defender for Storage is now Microsoft Defender for Storage. Learn more about the recent renaming of Microsoft security services.
Defender for Cloud collects data from your machines using agents and extensions. Those agents and extensions can be installed manually (see Manual installation of the Log Analytics agent). However, auto provisioning reduces management overhead by installing all required agents and extensions on existing - and new - machines to ensure faster security coverage for all supported resources. Learn more in Configure auto provisioning for agents and extensions from Microsoft Defender for Cloud.
To assess your machines for vulnerabilities, you can use one of the following solutions:
- Microsoft's threat and vulnerability management module of Microsoft Defender for Endpoint (included with Microsoft Defender for servers)
- An integrated Qualys agent (included with Microsoft Defender for servers)
- A Qualys or Rapid7 scanner which you have licensed separately and configured within Defender for Cloud (this is called the Bring Your Own License, or BYOL, scenario)
To automatically configure a BYOL solution, see Integrate security solutions in Microsoft Defender for Cloud.
Automatically enable a vulnerability assessment solution
From Defender for Cloud's menu, open Environment settings.
Select the relevant subscription.
Open the Auto provisioning page.
Set the status of auto provisioning for the vulnerability assessment for machines to On and select the relevant solution.
Defender for Cloud enables the following policy: (Preview) Configure machines to receive a vulnerability assessment provider.
Select Apply and Save.
To view the findings for all supported vulnerability assessment solutions, see the Machines should have vulnerability findings resolved recommendation.
Defender for Cloud also offers vulnerability assessment for your:
- SQL databases - see Explore vulnerability assessment reports in the vulnerability assessment dashboard
- Azure Container Registry images - see Use Microsoft Defender for container registries to scan your images for vulnerabilities