Defender for Cloud recommendation 'Machines should have a vulnerability assessment solution

Question

I have some unhealthy machines and healthy machines in the recommendation 'Machines should have a vulnerability assessment solution', when clicking 'remediate', the only option seems to be using the third-party vulnerability assessment solution/BYOL.

The defender CSPM license has been enabled, agentless scanning also enabled, log analytic agents are installed for all machines. Defender for Server is OFF.

If the issue of lack of vulnerability assessment solution relates to DFS then why there are also some healthy machines?

Does agentless scanning (defender CPSM license) provides vulnerability assessment?

Microsoft docs seem to be very confusing around this, if I am right, the agentless scan should also provide vulnerability assessment solution and DFS is not required. Please correct me if I am wrong.

Answer 1

Hi

Let me clear few things for you.

Defender for cloud recommendations are free. Does not require any license/plan.

How ever to fix "the machine should have vulnerability assesment" with qualys or defender , you need to have active defender plan.

Since you didnt enable the defender for servers i believe thats why dont you see those rest option to quick fix the issue.

Now lets come to defender CSPM Plan :

1. Free version Funcation : Security recommendations to fix misconfigurations and weaknesses.
2. Paid Version : Yes , paid version has vulnerability assesment.

You can use agentless on VM where performance of VM is imp.

---------If you find my answer useful , Kindly accept the answer ----------