Common questions about the Microsoft Defender Vulnerability Management solution
Get answers to common questions on the new Container VA offering powered by Microsoft Defender Vulnerability Management solution.
How do I transition to the container vulnerability assessment powered by Microsoft Defender Vulnerability Management?
See the Transition Guide for Containers for recommended guidance on transitioning to Microsoft Defender Vulnerability Management for container image vulnerability assessment scanning.
Is there any change to pricing when transitioning to container vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management?
No. The cost of the vulnerability assessment scanning is included in Defender for Containers, Defender CSPM and Defender for Container Registries (deprecated) and doesn't differ in regard to the scanner being used.
Am I being billed twice when scanning with both offerings?
No. Each unique image is billed once according to the pricing of the Defender plan enabled, regardless of scanner.
Does container vulnerability assessment powered by Microsoft Defender Vulnerability Management require a sensor?
Vulnerability assessment for container images in the registry is agentless. Vulnerability assessment for runtime supports both agentless and sensor-based deployment. This approach allows us to provide maximum visibility when vulnerability assessment is enabled, while providing improved refresh rate for image inventory on clusters running our sensor.
How complicated is it to enable container vulnerability assessment powered by Microsoft Defender Vulnerability Management?
The Microsoft Defender Vulnerability Management powered offering is already enabled by default in all supported plans. For instructions on how to re-enable Microsoft Defender Vulnerability Management with a single click if you previously disabled this offering, see Enabling vulnerability assessments powered by Microsoft Defender Vulnerability Management.
How long does it take for a new image to be scanned with the Microsoft Defender Vulnerability Management powered offering?
In Azure, new images are typically scanned in a few minutes, and it might take up to an hour in rare cases. In AWS, new images are typically scanned within a few hours, and might take up to a day in rare cases.
Are there any other capabilities that are unique to the Microsoft Defender Vulnerability Management powered offering?
- Each reported vulnerability is enriched with real-world exploit exploitability insights, helping customers prioritize remediation of vulnerabilities with known exploit methods and exploitability tools. Exploit sources include CISA key, exploit DB, Microsoft Security Response Center, and more.
- Vulnerability reports for OS packages are enriched with evidence on commands that can be used to find the vulnerable package.
Next steps
- Learn about Defender for Containers
- Learn more about Vulnerability assessments for Azure with Microsoft Defender Vulnerability Management
- Learn more about Vulnerability assessments for AWS with Microsoft Defender Vulnerability Management