Compare Microsoft Defender Vulnerability Management plans and capabilities
Important
Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
This article helps clarify the Defender Vulnerability Management capabilities included in:
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Servers
Start a trial
- The Defender Vulnerability Management add-on for Defender for Endpoint Plan 2 is now generally available. To try the additional add-on capabilities, go to Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers.
- Defender Vulnerability Management Standalone is in public preview trial. To try it, go to Try Defender Vulnerability Management Standalone.
Vulnerability Management capabilities for endpoints
The table below shows the availability of Defender Vulnerability Management capabilities for endpoints:
| Capability | Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities | Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2 | Defender Vulnerability Management Standalone (Public Preview) provides full Defender Vulnerability Management capabilities for any EDR solution |
|---|---|---|---|
| Device discovery | ✔ | - | ✔ |
| Device inventory | ✔ | - | ✔ |
| Vulnerability assessment | ✔ | - | ✔ |
| Configuration assessment | ✔ | - | ✔ |
| Risk based prioritization | ✔ | - | ✔ |
| Remediation tracking | ✔ | - | ✔ |
| Continuous monitoring | ✔ | - | ✔ |
| Software inventory | ✔ | - | ✔ |
| Software usages insights | ✔ | - | ✔ |
| Security baselines assessment | - | ✔ | ✔ |
| Block vulnerable applications | - | ✔ | ✔ |
| Browser extensions assessment | - | ✔ | ✔ |
| Digital certificate assessment | - | ✔ | ✔ |
| Network share analysis | - | ✔ | ✔ |
| Hardware and firmware assessment | - | ✔ | ✔ |
| Authenticated scan for Windows | - | ✔ | ✔ |
Note
Microsoft 365 Business Premium and the standalone version of Microsoft Defender for Business include the capabilities that are listed under Defender for Endpoint Plan 2 in the preceding table.
Vulnerability Management capabilities for servers
For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud based virtual machines and recommendations will automatically populate in the Defender for Cloud portal.
Microsoft Defender for Servers Plan 2 includes access to the premium vulnerability management capabilities that are part of the Defender Vulnerability Management add-on. The capabilities are only available through the Microsoft Defender 365 portal.
Note
Premium Defender Vulnerability Management capabilities are currently enabled for all client devices across Defender for Cloud tenants with Defender for Servers Plan 2 subscription.
From March 15, 2023, we will begin to gradually roll out an update where premium vulnerability management capabilities will no longer be automatically enabled across tenants and will only be available for client devices eligible for the Defender Vulnerability Management add-on.
To start or continue using the premium vulnerability management capabilities for your client devices, see Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers.
The table below shows the availability of Defender Vulnerability Management capabilities across the Defender for Servers plans.
| Capability | Defender For Servers Plan 1 | Defender For Servers Plan 2 |
|---|---|---|
| Vulnerability assessment | ✔ | ✔ |
| Configuration assessment | ✔ | ✔ |
| Risk based prioritization | ✔ | ✔ |
| Remediation tracking | ✔ | ✔ |
| Continuous monitoring | ✔ | ✔ |
| Software inventory | ✔ | ✔ |
| Software usages insights | ✔ | ✔ |
| Security baselines assessment | - | ✔ |
| Block vulnerable applications | - | -* |
| Browser extensions assessment | - | ✔ |
| Digital certificate assessment | - | ✔ |
| Network share analysis | - | ✔ |
| Hardware and firmware assessment | - | ✔ |
| Authenticated scan for Windows | - | ✔ |
*Block vulnerable applications is not currently available for Microsoft Defender for Servers Plan 2. This feature is available for client devices that are eligible for the Defender Vulnerability Management add-on.
Next steps
Feedback
Submit and view feedback for