Configure Microsoft Defender Vulnerability Management settings for Azure VMs
Intermediate
Security Engineer
Microsoft Defender for Cloud
Azure
Configure Microsoft Defender Vulnerability Management for Azure VMs by selecting the appropriate scanning method for your Defender for Servers plan tier, enabling vulnerability assessment at subscription and machine scope, and reviewing findings in the Microsoft Defender portal. Apply Defender for Servers Plan 2 premium capabilities—security baselines assessment and vulnerable application blocking—to enforce ongoing compliance and reduce exploitation risk.
Learning objectives
After completing this module, you'll be able to:
- Explore how Microsoft Defender Vulnerability Management integrates with Defender for Servers Plan 1 and Plan 2 to provide agent-based and agentless vulnerability scanning for Azure VMs
- Configure vulnerability scanning for Azure VMs at subscription and machine scope using Defender for Cloud Environment Settings
- Review vulnerability findings, interpret CVE and severity data, and create disable rules to manage accepted risks in the Defender portal
- Apply Defender for Servers Plan 2 premium capabilities—security baselines assessment and application blocking—to enforce VM security posture
Prerequisites
- Familiarity with Microsoft Defender for Cloud at a basic level
- Understanding of Defender for Servers Plan 1 and Plan 2 tiers
- Knowledge of Azure resource types and Azure role-based access control (RBAC)
- Familiarity with security recommendations in the Microsoft Defender for Cloud portal
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.