Compare Microsoft Defender Vulnerability Management plans and capabilities
Article
Important
This article provides a summary of vulnerability management capabilities available across different Microsoft Defender product plans; however, it's not intended to be a service description or licensing contract document. For more detailed information, see the following resources:
Microsoft Defender Vulnerability Management isn't currently available to Microsoft Defender for Business customers.
Start a trial
Note
The Microsoft Defender Vulnerability Management trial isn't currently available to US Government customers using GCC High, and DoD. For more information on purchase options available, see Microsoft Defender Vulnerability Management.
For new customers or existing Defender for Endpoint P1 or Microsoft 365 E3 customers the Microsoft Defender Vulnerability Management Standalone is now generally available. To try it, go to Try Defender Vulnerability Management Standalone.
Vulnerability Management capabilities for endpoints
The table below shows the availability of Defender Vulnerability Management capabilities for endpoints:
Capability
Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities
Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2
Defender Vulnerability Management Standalone provides full Defender Vulnerability Management capabilities for any EDR solution
1 Block vulnerable applications requirement: For Defender Vulnerability Management standalone customers, to use block vulnerable applications Microsoft Defender Antivirus must be configured in active mode. For more information, see Microsoft Defender Antivirus Windows.
Note
Microsoft 365 Business Premium and the standalone version of Microsoft Defender for Business include the capabilities that are listed under Defender for Endpoint Plan 2 in the preceding table.
Vulnerability Management capabilities for servers
For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud based virtual machines and recommendations will automatically populate in the Defender for Cloud portal.
Defender Vulnerability Management premium capabilities are available to server devices with Microsoft Defender for Servers Plan 2.
Note
Client devices will require the Defender Vulnerability Management add-on license to access Defender Vulnerability Management premium capabilities.
2 The Windows authenticated scan feature will be deprecated by the end of November 2025 and will not be supported beyond that date. More information about this change are in the Windows authenticated scan deprecation FAQs.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.
Microsoft Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender vulnerability management capabilities.