Vulnerability assessments for your Azure Virtual Machines
A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's Standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.
Security Center presents one of two recommendations if it doesn't find a vulnerability assessment solution installed on a VM:
Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys) - This recommendation only appears standard tiers. It's an invitation to install an Azure Security Center Vulnerability Assessment extension (powered by Qualys) for you at no additional cost. This extension reports its findings directly back to Security Center. To learn more, see Integrated vulnerability scanner for virtual machines.
Vulnerability assessment solution should be installed on your virtual machines - This recommendation appears for both standard and free tiers. Use this recommendation to install any of the supported partner solutions. You'll need to purchase a license for your chosen solution separately. Supported solutions report vulnerability data to the partner's management platform. In turn, that platform provides vulnerability and health monitoring data back to Security Center. You can identify vulnerable VMs on the Security Center dashboard. Switch to the partner management console directly from Security Center for additional reports and information. To learn more, see Deploying a partner vulnerability scanning solution.
Security Center also offers vulnerability analysis for your:
- SQL databases - see Explore vulnerability assessment reports in the vulnerability assessment dashboard
- Azure Container Registry images - see Azure Container Registry integration with Security Center