Prerequisites & permissions for Microsoft Defender Vulnerability Management

Applies to:

• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender Vulnerability Management
• Microsoft 365 Defender

Note

Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.

Note

The same minimum requirements as Microsoft Defender for Endpoint apply to Microsoft Defender Vulnerability Management, for more information, see Minimum requirements.

Ensure that your devices:

• Are onboarded to Microsoft Defender for Endpoint Plan 2 or Microsoft Defender Vulnerability Management

• Run supported operating systems and platforms

• Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates:

  Release	Security update KB number and link
  Windows 10 Version 1709	KB4493441 and KB 4516071
  Windows 10 Version 1803	KB4493464 and KB 4516045
  Windows 10 Version 1809	KB 4516077
  Windows 10 Version 1903	KB 4512941

• Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager to help remediate threats found by Microsoft Defender Vulnerability Management, formerly known as Threat & Vulnerability Management (TVM). If you're using Configuration Manager, update your console to the latest version.

  Note

  If you have the Intune connection enabled, you get an option to create an Intune security task when creating a remediation request. This option does not appear if the connection is not set.

• Have at least one security recommendation that can be viewed in the device page

• Are tagged or marked as co-managed

Relevant permission options

To view the permissions options for vulnerability management:

1. Log in to Microsoft 365 Defender portal using account with a Security administrator or Global administrator role assigned.
2. In the navigation pane, select Settings > Endpoints > Roles.

For more information, see Create and manage roles for role-based access control.

View data

• Security operations - View all security operations data in the portal
• Threat and vulnerability management - View Defender Vulnerability Management data in the portal

Active remediation actions

• Security operations - Take response actions, approve or dismiss pending remediation actions, manage allowed/blocked lists for automation and indicators
• Threat and vulnerability management - Exception handling - Create new exceptions and manage active exceptions
• Threat and vulnerability management - Remediation handling - Submit new remediation requests, create tickets, and manage existing remediation activities
• Threat and vulnerability management - Application handling - Apply immediate mitigation actions by blocking vulnerable applications, as part of the remediation activity and manage the blocked apps and perform unblock actions

Defender Vulnerability Management - security baselines

Threat and vulnerability management – Manage security baselines assessment profiles - Create and manage profiles so you can assess if your devices comply to security industry baselines.

Note

For the Defender Vulnerability Management public preview trial this permission is not required. Users with "Threat and vulnerability management - View data" permissions can manage security baselines. However, when the trial ends and a license is purchased, this permission is required.

Related articles

• Supported operating systems and platforms
• Microsoft Defender Vulnerability Management dashboard