Prerequisites & permissions for Microsoft Defender Vulnerability Management

Licensing requirements

Microsoft Defender Vulnerability Management is available as an add-on for Microsoft Defender for Endpoint Plan 2 or as a standalone subscription.

  • Defender for Endpoint Plan 2 includes core vulnerability management capabilities. The Defender Vulnerability Management add-on extends these capabilities with consolidated inventories, expanded asset coverage, cross-platform support, and new assessment and mitigation tools.

  • The standalone version of Defender Vulnerability Management helps your security team to efficiently discover, assess, and remediate vulnerabilities and misconfigurations. This offering is recommended for customers who already have Defender for Endpoint Plan 1 or Microsoft 365 E3, and new customers.

For more information about Defender for Endpoint licensing, see Microsoft 365 guidance for security & compliance: Defender for Endpoint.

To start a trial or to purchase Defender Vulnerability Management, see Sign up for Microsoft Defender Vulnerability Management.

Device requirements

Roles and permissions

Defender Vulnerability Management uses the Microsoft Defender XDR Unified role-based access control (Unified RBAC) model, which provides a single permissions management experience with a central location for administrators to control user permissions across different security solutions, such as Defender for Endpoint and Defender Vulnerability Management.

  • Read permissions enable your security team to view Defender Vulnerability Management data for software, weaknesses, missing KBs, advanced hunting, security baselines assessment, and devices.

  • Manage permissions enable your security team to address vulnerabilities, manage remediation activities, and manage exceptions to security recommendations

For more information, see Start using Microsoft Defender XDR Unified RBAC model.