Microsoft Authenticated Scans can work with Azure AD / Entra ID architecture (Workstation added to Entra ID)

Jordy Evaristo Escalona Bryan 20 Reputation points
2024-07-17T15:36:24.14+00:00

Hello respectable Microsoft Community,

I'm working on a project to implement Microsoft Authenticated Scanner, I was told by a member of other Business Unit that now all our workstation are part of Azure AD/Entra ID.

I have few questions:

1.Does the authenticated scans will still work the workstation added to Entra ID? if no, what is the best/new approach I should take.

  1. Unauthorized assets found on any in-scope IP ranges are scanned using some policy?

The policy or configured has pre-defined credentials to attempt to login to this asset?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,060 questions
0 comments No comments
{count} votes

Accepted answer
  1. Raja Pothuraju 7,135 Reputation points Microsoft Vendor
    2024-07-19T22:27:52.7833333+00:00

    Hello @Jordy Evaristo Escalona Bryan,

    Thank you for posting your query on Microsoft Q&A.

    I understand you are looking to register or join all your workstations to Entra ID and want to confirm if Authenticated scans can be run from a managed device.

    According to Microsoft documentation, "Authenticated scan for Windows provides the ability to run scans on unmanaged Windows devices. You can remotely target by IP ranges or hostnames and scan Windows services by providing Microsoft Defender Vulnerability Management with credentials to remotely access the devices. Once configured the targeted unmanaged devices will be scanned regularly for software vulnerabilities. This is applicable for devices that don't have the Defender Vulnerability Management or Defender for Endpoint agent deployed."

    https://learn.microsoft.com/en-us/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide#devices-to-be-scanned

    Regarding your second question, the Microsoft Authenticated Scanner uses pre-defined credentials to attempt to login to the assets being scanned. These credentials are specified in the scanner configuration and are used to authenticate to the assets and perform the scans.

    For more detailed information, you can refer to the following document:

    https://learn.microsoft.com/en-us/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide#configure-a-group-of-devices-with-a-group-policy

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.