Defender for Endpoint Plan 2 includes core vulnerability management capabilities. The Defender Vulnerability Management add-on extends these capabilities with consolidated inventories, expanded asset coverage, cross-platform support, and new assessment and mitigation tools.
The standalone version of Defender Vulnerability Management helps your security team to efficiently discover, assess, and remediate vulnerabilities and misconfigurations. This offering is recommended for customers who already have Defender for Endpoint Plan 1 or Microsoft 365 E3, and new customers.
Defender Vulnerability Management uses the Microsoft Defender XDR Unified role-based access control (Unified RBAC) model, which provides a single permissions management experience with a central location for administrators to control user permissions across different security solutions, such as Defender for Endpoint and Defender Vulnerability Management.
Read permissions enable your security team to view Defender Vulnerability Management data for software, weaknesses, missing KBs, advanced hunting, security baselines assessment, and devices.
Manage permissions enable your security team to address vulnerabilities, manage remediation activities, and manage exceptions to security recommendations
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.
Microsoft Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Compare Defender Vulnerability Management Offerings. Learn about the differences between the plans and select the plan that suits your organization's needs.