Vulnerability assessments for your Azure Virtual Machines
A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's Standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you. This feature is currently in preview.
Security Center also offers vulnerability analysis for your:
- SQL databases - see Explore vulnerability assessment reports in the vulnerability assessment dashboard
- Azure Container Registry images - see Azure Container Registry integration with Security Center (Preview)
The vulnerability assessment components of Security Center are managed through recommendations on your virtual machines. If Security Center doesn't find a vulnerability assessment solution installed on a VM:
For Standard tier users, a recommendation offers to install an Azure Security Center Vulnerability Assessment extension (powered by Qualys) for you at no additional cost. This extension reports its findings directly back to Security Center. To learn more, see Integrated vulnerability scanner for virtual machines.
For users on the Free tier, Security Center recommends that you install a partner solution. You'll need to purchase licenses for your chosen solution separately. Supported solutions report vulnerability data to the partner’s management platform. In turn, that platform provides vulnerability and health monitoring data back to Security Center. You can identify vulnerable VMs on the Security Center dashboard. Switch to the partner management console directly from Security Center for additional reports and information. To learn more, see Deploying a partner vulnerability scanning solution.