This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 46%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
Is Defender for Cloud's integrated Qualys vulnerability scanner FedRAMP authorized? And if so, what level?
Is Microsoft's Defender built-in Vulnerability Management be FedRAMP authorized? And if so, what level?
If these vulnerability scanners are in Azure Commercial does that affect their FedRAMP authorization level?
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Chen, Vivien (CGI Federal) Thank you for reaching out to us, let me research on your query and revert back.
@Chen, Vivien (CGI Federal) Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
FedRamp applies to the Azure Gov tenants. Qualys is not available for the Gov tenants. https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm#availability
I recommend the following link:
https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-fedramp
I also recommend working with your organization's Microsoft support contacts for additional details if needed.