This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Which tool or service is responsible for vulnerability scanner in M365 defender suite for Endpoints, Identify, Apps, Office 365 and Data and how it works?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Vinod Survase •
If I understand you question , the answer should be Microsoft Defender portal.
Below a microsoft article to get more details about what you can manage through this portal :
Please don't forget to accept helpful answer
I know defender is the service or portal but I was looking for exact service or apps in defender which is responsible for vulnerability scanner in M365 defender suite.
Hi @Vinod Survase , Microsoft Defender Vulnerability Management is the tool responsible for vulnerability scanning in the Microsoft 365 Defender suite. It is included with Microsoft Defender for Servers and uses built-in and agentless scanners to discover vulnerabilities and misconfigurations in near real-time. The vulnerability scanner included with Microsoft Defender for Cloud is powered by Qualys, which is one of the leading tools for real-time identification of vulnerabilities. The scanner extension works by monitoring your machines and providing recommendations to deploy the Qualys extension on your selected machine/s. The extension then collects artifacts and sends them for analysis in the Qualys cloud service in the defined region. Qualys' cloud service conducts the vulnerability assessment and sends its findings to Defender for Cloud, where the findings are available for review.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
Thanks James Hamil
I was helpful. I have another follow-up question on this is that ; whether Microsoft Defender Vulnerability Management tool also captures the Vulnerabilities of the other third party apps deployed on devices or not because we are seeing many apps were showing in there but really there is no direct way or option shown to patch them, so I think this tool does not scan other external apps patching or CVE's or may be I am not right on this.