What is Microsoft Defender Vulnerability Management

Reducing cyber risk requires comprehensive risk-based vulnerability management to identify, assess, remediate, and track all your biggest vulnerabilities across your most critical assets, all in a single solution.

Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Using Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk.

Watch the following video to learn more about Defender Vulnerability Management.


Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.

For more information on the features and capabilities that are included in each offering, see Compare Microsoft Defender Vulnerability Management offerings.

Microsoft Defender Vulnerability Management features and capabilities diagram.

With Defender Vulnerability Management, you can empower your security and IT teams to bridge workflow gaps and prioritize and address critical vulnerabilities and misconfigurations across your organization. Reduce cyber security risk with:

Continuous asset discovery and monitoring

Defender Vulnerability Management built-in and agentless scanners continuously monitor and detect risk in your organization even when devices aren't connected to the corporate network.

Consolidated inventories provide a real-time view of your organization's software applications, digital certificates, hardware and firmware, and browser extensions to help you monitor and assess all your organization's assets.

Advanced vulnerability and configuration assessment tools help you understand and assess your cyber exposure, including:

  • Security baselines assessment - Create customizable baseline profiles to measure risk compliance against established benchmarks, such as, Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG).
  • Visibility into software and vulnerabilities - Get a view of the organization's software inventory, and software changes like installations, uninstalls, and patches.
  • Network share assessment - Assess vulnerable internal network shares configuration with actionable security recommendations.
  • Authenticated scan for Windows - Scan unmanaged Windows devices regularly for software vulnerabilities by providing Microsoft Defender Vulnerability Management with credentials to remotely access the devices.
  • Threat analytics & event timelines - Use event timelines, and entity-level vulnerability assessments to understand and prioritize vulnerabilities.
  • Browser extensions assessment - View a list of the browser extensions installed across different browsers in your organization. View information on an extension's permissions and associated risk levels.
  • Digital certificates assessment - View a list of certificates installed across your organization in a single central certificate inventory page. Identify certificates before they expire and detect potential vulnerabilities due to weak signature algorithms.
  • Hardware and firmware assessment - View a list of known hardware and firmware in your organization organized by system models, processors, and BIOS. Each view includes details such as the name of the vendor, number of weaknesses, threats insights, and the number of exposed devices.

Risk-based intelligent prioritization

Defender Vulnerability Management uses Microsoft's threat intelligence, breach likelihood predictions, business contexts, and device assessments to quickly prioritize the biggest vulnerabilities in your organization. A single view of prioritized recommendations from multiple security feeds, along with critical details including related CVEs and exposed devices, helps you quickly remediate the biggest vulnerabilities on your most critical assets. Risk-based intelligent prioritization:

  • Focuses on emerging threats - Dynamically aligns the prioritization of security recommendations with vulnerabilities currently being exploited in the wild and emerging threats that pose the highest risk.
  • Pinpoints active breaches - Correlates vulnerability management and EDR insights to prioritize vulnerabilities being exploited in an active breach within the organization.
  • Protects high-value assets - Identifies exposed devices with business-critical applications, confidential data, or high-value users.

Remediation and tracking

Enable security administrators and IT administrators to collaborate and seamlessly remediate issues with built-in workflows.

  • Remediation requests sent to IT - Create a remediation task in Microsoft Intune from a specific security recommendation.
  • Block vulnerable applications - Mitigate risk with the ability to block vulnerable applications for specific device groups.
  • Alternate mitigations - Gain insights on other mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
  • Real-time remediation status - Real-time monitoring of the status and progress of remediation activities across the organization.
Area Description
Dashboard Get a high-level view of the organization exposure score, threat awareness, Microsoft Secure Score for Devices, expiring certificates, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
Recommendations See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Microsoft Entra ID and you've enabled your Intune connections in Defender for Endpoint.
Remediation See remediation activities you've created and recommendation exceptions.
Inventories Discover and assess all your organization's assets in a single view.
Weaknesses See the list of common vulnerabilities and exposures (CVEs) in your organization.
Event timeline View events that may impact your organization's risk.
Baselines assessment Monitor security baseline compliance and identify changes in real-time.


Run vulnerability management related API calls to automate vulnerability management workflows. To get started, see Supported Microsoft Defender for Endpoint APIs.

See the following articles for related Defender for Endpoint APIs:

Next steps

See also