Microsoft Defender Vulnerability Management integration with Exposure Management

This article describes the integration of Microsoft Defender Vulnerability Management (MDVM) into Microsoft Security Exposure Management, providing a unified vulnerability management experience across your entire digital estate.

Tip

For a summary of the changes in the vulnerability management experience, see Location of vulnerability management pages and features (preview customers).

Overview

Microsoft Defender Vulnerability Management has a new home under Exposure Management in the Microsoft Defender portal. This integration brings comprehensive vulnerability management capabilities for both cloud and device environments into a single, unified experience.

Key integration benefits

Unified vulnerability view

Customers with both Defender for Cloud and Defender for Endpoint licenses can see all vulnerabilities affecting their digital estate in one place, with side-by-side Devices and Cloud views that align with different remediation approaches.

Consolidated portal experience

All vulnerability management functions are accessible through the Microsoft Defender portal at security.microsoft.com under the Exposure Management section, eliminating the need to navigate between separate portals.

Enhanced vulnerability prioritization

The integration provides comprehensive vulnerability context by combining device vulnerabilities with cloud security findings, enabling better risk assessment and prioritization.

Vulnerability Management in Exposure Management

The following Vulnerability Management experiences reside within Exposure Management:

• Overview dashboard: Refocused on vulnerabilities only, with a new layout
• Vulnerabilities (previously known as weaknesses): Includes side-by-side Devices and Cloud views
• Remediation workflows: Integrated remediation processes
• Inventories and baseline assessment: Complete asset and security baseline visibility
• Event timeline: Accessible via the events widget in both recommendations page and MDVM overview dashboard

Integrated into unified recommendations

• Vulnerability Management Recommendations: Migrated into the unified recommendations page as part of the Devices tab
• Separated workflows: Misconfigurations and vulnerabilities now have dedicated views recognizing different remediation workflows

Navigation and access

Prerequisites for access

• Licensing: MDVM features require appropriate Microsoft Defender licensing (Defender for Endpoint P1)
• Permissions: Use established MDVM permissions or the new unified Exposure Management RBAC roles
• Cloud integration: For full cloud vulnerability visibility, Defender for Cloud licensing is recommended

Finding vulnerability management features

1. Navigate to the Microsoft Defender portal
2. Select Exposure management from the navigation menu
3. Access specific vulnerability management functions:
   • Overview: Exposure management > Vulnerability management > Overview
   • Vulnerabilities: Exposure management > Vulnerability management > Vulnerabilities
   • Recommendations: Exposure management > Recommendations
   • Remediation: Exposure management > Vulnerability management > Remediation

Device and cloud vulnerability management

Device vulnerabilities

• Preserved functionality: The vulnerability table maintains the same structure, fields, filters, and prioritization logic from Vulnerability Management
• Familiar exposure scoring: Uses the established exposure score methodology
• Enhanced context: Benefits from the broader Exposure Management ecosystem for comprehensive risk assessment

Cloud vulnerabilities

With the integration of Defender for Cloud in the Defender portal, cloud vulnerability management provides enhanced capabilities:

• Risk-based prioritization: For the first time, cloud vulnerabilities are prioritized by risk in the Defender portal, helping focus on what matters most
• Multi-cloud support: Comprehensive coverage across Azure, AWS, and GCP environments in a unified interface
• Enhanced visibility: Integrated view that combines cloud security posture with vulnerability data for better context
• Unified dashboard: Access cloud vulnerabilities alongside device vulnerabilities for complete digital estate visibility

Recommendations integration

The Vulnerability Management recommendations experience is part of the unified recommendations catalog.

Devices Misconfigurations

• Source data from Vulnerability Management, Microsoft secure score, and Exposure Management
• Contributes to the Devices secure score using Microsoft's established calculation methodology
• Enhanced with additional context and capabilities from multiple sources

Devices Vulnerabilities

• Maintains the same exposure score and prioritization logic customers know from Vulnerability Management
• Preserves familiar structure and workflows for vulnerability management teams
• Integrated into the unified experience while maintaining specialized focus

Migration considerations

Tip

For a summary of the changes in the vulnerability management experience, see Location of vulnerability management pages and features (preview customers).

What stays the same

• Core functionality: All essential Vulnerability Management capabilities remain available
• Data and scoring: Exposure scores and vulnerability data remain unchanged
• Workflows: Existing remediation and management processes are preserved
• Permissions: Current Vulnerability Management role assignments continue to work

What's enhanced

• Unified visibility: Combined device and cloud vulnerability management
• Integrated recommendations: Part of the comprehensive recommendations catalog
• Enhanced context: Broader security context through Exposure Management integration
• Streamlined navigation: Single portal access for all exposure management needs

Getting started

For existing Vulnerability Management users

1. Access your data: Navigate to Exposure Management in the Defender portal
2. Explore the new layout: Familiarize yourself with the integrated dashboard
3. Review unified recommendations: Check the Devices tab in the Recommendations page
4. Leverage cloud integration: If you have Defender for Cloud, explore the Cloud vulnerabilities view

For new users

1. Review prerequisites: Ensure you have appropriate licensing and permissions
2. Start with overview: Use the Vulnerability Management overview dashboard to understand your exposure
3. Explore recommendations: Navigate to the unified recommendations for actionable insights
4. Set up cloud integration: Consider Defender for Cloud for comprehensive vulnerability coverage

Next steps

• Review security recommendations in the unified catalog
• Explore attack paths with integrated vulnerability context
• Manage critical assets across devices and cloud
• Learn about the unified Secure Score experience
• Learn more about Microsoft Defender Vulnerability Management