Hardware and firmware assessment
- Microsoft Defender Vulnerability Management
- Microsoft 365 Defender
- Microsoft Defender for Servers Plan 2
To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.
Firmware and hardware attacks are on the rise. Attackers are increasingly targeting firmware and device drivers of hardware components to gain high privilege and persistence. Visibility into the threat posture of your firmware and hardware, and timely remediation of identified vulnerabilities is a vital part of keeping your organization secure.
Microsoft Defender Vulnerability Management hardware and firmware assessment provides a list of known hardware and firmware in your organization. It provides individual inventories for system models, processors, and BIOS. Each view includes details such as the name of the vendor, number of weaknesses, threats insights, and the number of exposed devices.
Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to sign up for a free trial.
View your hardware and firmware
To access the hardware and firmware assessment page:
- Go to Vulnerability management > Inventories in the Microsoft 365 Defender portal.
- Select the Hardware and Firmware tab.
The Hardware and Firmware page opens with individual pages available for:
Weaknesses and exposed devices information is based on security advisories from HP, Dell, and Lenovo and relates to processors and BIOS only. Weaknesses for other vendors are not reported.
Inventory and weaknesses data is collected on Windows, Linux, and MacOS (refer to the list of supported platforms).
Note: processor and BIOS information is not reported on Mac devices with M1 and M2 processors.
Laptop, desktop, and server models inventory
Select the Laptop, desktop, and server models page to see a list of all system models in the organization.
At the top of the page, you can view the number of models per vendor.
When you select a model from the list, a flyout panel will open with the model software details.
Select the Processors page to see a list of all processors in the organization.
At the top of the page, you can view the number of processors per vendor.
When you select a processor from the list, a flyout panel will open with the processor software details.
Select the BIOS page to view a list of all BIOS firmware in the organization.
At the top of the page, you can view the number of BIOS per vendor.
View BIOS firmware details
To view more details on a BIOS firmware:
Open the Hardware and Firmware page in the Microsoft 365 Defender portal
Select the BIOS page and choose a BIOS in the list to open a flyout panel.
Select Open firmware page to view more details about the BIOS firmware.
You can select the Version distribution tab to see BIOS versions that are deployed in the organization.
Get more information on missing security updates
Select the Missing security updates tab to see the security updates that should be installed on the device to remediate discovered BIOS vulnerabilities.
When you select an item from the list, a flyout panel will open with a link to the BIOS vendor advisory, a list of exposed devices, and a list of CVEs.
Hardware and firmware on devices
To view the system model, processor, and BIOS information on the device page, select the device from the Installed devices tab and in the flyout panel and select Open device page or select the device directly from the Device inventory page.
Select See all details to get a flyout panel with more information.
Find processor and BIOS weaknesses
To actively search for processor and BIOS weaknesses:
- Go to Vulnerability management > Weaknesses in the Microsoft 365 Defender portal.
- Search for 'BIOS' CVEs that relate to the processor or BIOS will be returned.
- Select an item from the list to open a flyout panel with more details on the CVE.
On individual devices view processor and BIOS CVEs by selecting the Discovered vulnerabilities tab. Select a CVE to see a flyout panel with more information:
Recommendations for firmware updates
To actively search for firmware recommendations:
- Go to Vulnerability management > Recommendations in the Microsoft 365 Defender portal.
- Filter on Remediation type 'Firmware update'.
Recommendations will appear to update a specific BIOS version if it's installed on at least 5% of devices across all organizations.
UEFI Secure Boot mode recommendations
Defender Vulnerability Management finds devices where UEFI Secure Boot mode is disabled and recommends enabling it.
To find these recommendations, search for 'scid-2100' or 'boot' in the recommendations page. On selecting a recommendation, a flyout panel will open with more information:
This capability is currently supported only on Windows.
You can use advanced hunting queries to gain visibility on hardware and firmware in your organization. Find details about the hardware and firmware installed per device in the DeviceTvmHardwareFirmware table. This table contains hardware and firmware information per device, including system model, processor, and BIOS.
For more information, see advanced hunting.
Hardware and firmware API
You can use APIs to view all hardware and firmware installed in your organization, including component type, vendor, and version.