Manage endpoint vulnerabilities with Microsoft Defender Vulnerability Management

  • 6 minutes

Reducing cyber risk requires comprehensive risk-based vulnerability management. Vulnerability management identifies, assesses, remediates, and tracks an organization's biggest vulnerabilities across its most critical assets, all in a single solution.

Microsoft 365 combats cyber risk with Microsoft Defender Vulnerability Management, a Microsoft Defender for Endpoint Plan 2 component. Microsoft Defender Vulnerability Management uses Microsoft threat intelligence, breach likelihood predictions, business contexts, and device assessments. By doing so, it rapidly and continuously prioritizes the biggest vulnerabilities on an organization's most critical assets. It also provides security recommendations to mitigate risk. Vulnerability Management delivers built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices.

Microsoft Defender Vulnerability Management prioritizes vulnerabilities based on:

  • The threat landscape
  • Detections in your organization
  • Sensitive information on vulnerable devices
  • Business context

If you enable integration with Microsoft Defender for Endpoint, you automatically get the Microsoft Defender Vulnerability Management findings without the need for more agents.

Additional viewing. Select the following link to watch a short video that introduces the Microsoft Defender Vulnerability Management module.

Diagram showing the Microsoft Defender Vulnerability Management protection stack.

With Microsoft Defender Vulnerability Management, you can empower your security and IT teams to bridge workflow gaps and prioritize and address critical vulnerabilities and misconfigurations across your organization. Organizations can reduce cyber security risk by implementing the following Vulnerability Management features:

Asset discovery and inventory

Microsoft Defender Vulnerability Management's built-in and agentless scanners continuously monitor and detect risk in an organization. They do so even when an organization has devices that aren't connected to the corporate network.

Based on this asset discovery feature, Vulnerability Management provides a real-time consolidated view of an organization's software applications, digital certificates, network shares, and browser extensions. This feature enables organizations to:

  • Discover and assess all their company assets.
  • View information on extension permissions and associated risk levels.
  • Identify certificates before they expire.
  • Detect potential vulnerabilities due to weak signature algorithms.
  • Assess misconfigurations in internal network shares.

Vulnerability and configuration assessment

Microsoft Defender Vulnerability Management assesses an organization's cyber exposure with the following advanced vulnerability and configuration assessment tools:

  • Security baselines assessment. Create customizable baseline profiles to measure risk compliance against established benchmarks, such as the Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG).
  • Visibility into software and vulnerabilities. Get a view of the organization's software inventory, and software changes like installations, uninstalls, and patches.
  • Network share assessment. View a list of network share configurations identified as vulnerable.
  • Threat analytics and event timelines. Use event timelines and entity-level vulnerability assessments to understand and prioritize vulnerabilities.
  • Browser extensions. View a list of the browser extensions installed across different browsers in the organization.
  • Digital certificates. View a list of certificates installed across the organization in a single, central Certificate Inventory page.

Risk-based intelligent prioritization

Microsoft Defender Vulnerability Management applies Microsoft's threat intelligence, breach likelihood predictions, business contexts, and device assessments to quickly prioritize the biggest vulnerabilities in an organization. A single view of prioritized recommendations from multiple security feeds, along with critical details including related CVEs and exposed devices, helps organizations quickly remediate the biggest vulnerabilities on their most critical assets. Risk-based intelligent prioritization provides the following features:

  • Focuses on emerging threats. Dynamically aligns the prioritization of security recommendations with vulnerabilities currently exploited in the wild and emerging threats that pose the highest risk.
  • Pinpoints active breaches. Correlates vulnerability management and Endpoint detection and response (EDR) insights. By doing so, it can prioritize exploited vulnerabilities in active breaches within the organization.
  • Protects high-value assets. Identifies exposed devices with business-critical applications, confidential data, or high-value users.

Remediation and tracking

Microsoft Defender Vulnerability Management enables security administrators and IT administrators to collaborate and seamlessly remediate issues with built-in workflows.

  • Remediation requests sent to IT. Create a remediation task in Microsoft Intune from a specific security recommendation.
  • Block vulnerable applications. Mitigate risk with the ability to block vulnerable applications for specific device groups.
  • Alternate mitigations. Gain insights on other mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
  • Real-time remediation status. Real-time monitoring of the status and progress of remediation activities across the organization.

Knowledge check

Choose the best response for the following question. Then select “Check your answers.”

Check your knowledge

1.

Which feature of Microsoft Defender Vulnerability Management mitigates risk with the ability to block vulnerable applications for specific device groups?

Check your answers