Assign device value
Applies to:
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
- Microsoft Defender for Servers Plan 1 & 2
Defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the Defender Vulnerability Management exposure score calculation. Devices assigned as "high value" receive more weight.
You can also use the set device value API.
Device value options:
- Low
- Normal (Default)
- High
Examples of devices that should be assigned a high value:
- Domain controllers, Active Directory
- Internet facing devices
- VIP devices
- Devices hosting internal/external production services
Tip
Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.
Choose device value
Navigate to any device page, the easiest place is from the device inventory.
Select Device value from three dots next to the actions bar at the top of the page.
A flyout opens with the current device value and what it means. Review the current value and choose the value that best fits your device.
How device value impacts your exposure score
The exposure score is a weighted average across all devices. If you have device groups, you can also filter the score by device group.
- Normal devices have a weight of 1
- Low value devices have a weight of 0.75
- High value devices have a weight of (number of assets) / 10. For example, if you have 100 devices, each high value device has a weight of 100/10 = 10.