Exposed Devices on Microsoft defender 365

omik ahmed 1 Reputation point
2022-02-25T13:57:39.33+00:00

Hi All,

On vulnerability management on Microsoft defender, when I opened a CVE and see the list of all expose devices, my question is what does this expose device mean? Is it mean that all devices are vulnerable to exploit even they are not internet facing devices?

Thankx,

Omik

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2022-02-25T21:27:31.56+00:00

    Hi @omik ,

    What does this expose device mean?

    The "Exposed Devices" list will show devices that have different vulnerabilities. These are usually devices that are involved in high severity alerts.

    If your exposed device is not internet-facing, it's likely that a different type of vulnerability has been identified.

    The vulnerabilities can be related to applications, operating systems, network, accounts, and security controls. If your devices are not Internet-facing, my guess is that Defender is flagging certain software that is installed.

    177969-image.png

    Often when there is an issue it is related to a vulnerability found in certain software. For example, devices with Window 7 installed will be flagged since Windows 7 is no longer supported and has some vulnerabilities.

    177986-image.png

    Let me know if this helps and if you have further questions.

    For more details around how the exposed devices are identified, see:

    Event timeline - threat and vulnerability management
    Hunt for exposed devices - threat and vulnerability management

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.