Compare Microsoft Defender Vulnerability Management plans and capabilities

Important

This article provides a summary of vulnerability management capabilities available across different Microsoft Defender product plans; however, it's not intended to be a service description or licensing contract document. For more detailed information, see the following resources:

This article helps clarify the Defender Vulnerability Management capabilities included in:

Start a trial

Note

This offering isn't currently available to:

  • US Government customers using GCC, GCC High, and DoD
  • Microsoft Defender for Business customers

Vulnerability Management capabilities for endpoints

The table below shows the availability of Defender Vulnerability Management capabilities for endpoints:

Capability Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2 Defender Vulnerability Management Standalone provides full Defender Vulnerability Management capabilities for any EDR solution
Device discovery -
Device inventory -
Vulnerability assessment -
Configuration assessment -
Risk based prioritization -
Remediation tracking -
Continuous monitoring -
Software inventory -
Software usages insights -
Security baselines assessment -
Block vulnerable applications - see note 1
Browser extensions assessment -
Digital certificate assessment -
Network share analysis -
Hardware and firmware assessment -
Authenticated scan for Windows -

Note

1 Block vulnerable applications requirement: For Defender Vulnerability Management standalone customers, to use block vulnerable applications Microsoft Defender Antivirus must be configured in active mode. For more information, see Microsoft Defender Antivirus Windows.

Note

Microsoft 365 Business Premium and the standalone version of Microsoft Defender for Business include the capabilities that are listed under Defender for Endpoint Plan 2 in the preceding table.

Vulnerability Management capabilities for servers

For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud based virtual machines and recommendations will automatically populate in the Defender for Cloud portal.

Defender Vulnerability Management premium capabilities are available to server devices with Microsoft Defender for Servers Plan 2.

Note

Client devices will require the Defender Vulnerability Management add-on license to access Defender Vulnerability Management premium capabilities.

To use the premium vulnerability management capabilities for your client devices, see Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers.

The capabilities are only available through the Microsoft Defender 365 portal.

The table below shows the availability of Defender Vulnerability Management capabilities across the Defender for Servers plans.

Capability Defender For Servers Plan 1 Defender For Servers Plan 2
Vulnerability assessment
Configuration assessment
Risk based prioritization
Remediation tracking
Continuous monitoring
Software inventory
Software usages insights
Security baselines assessment -
Block vulnerable applications -
Browser extensions assessment -
Digital certificate assessment -
Network share analysis -
Hardware and firmware assessment -
Authenticated scan for Windows -

Next steps