Rediģēt

Kopīgot, izmantojot


Common questions about the built-in Microsoft Defender Vulnerability Management solution

What are the benefits of having one consolidate VA solution, powered by Microsoft Defender Vulnerability Management (MDVM) across Defender for Cloud?

  1. Hybrid approach: offers flexible deployments options, by utilizing a consistent vulnerability scanner across various use cases. It's applicable in multicloud environments and different host runtimes:

    • Agentless vulnerability assessment: Enabling agentless scanning on a subscription automatically scan all virtual machines in Azure, AWS, and GCP for software inventory and vulnerabilities, powered by MDVM.

    • Consolidated agent: (MDVM) uses the same agent as Microsoft Defender for Endpoints (MDE) to protect servers, so, if you're an existing MDE customer, you're automatically covered by MDVM.

  2. Software vulnerability evidence (coming soon): The MDVM scanner identifies vulnerable software and provides the corresponding file path and/or registry key as evidence.

  3. Software inventory: The MDVM scanner detects applications installed on virtual machines and establishes a correlation between the software and its associated known vulnerabilities.

  4. MDVM premium capabilities: Customers of Defender for Servers P2 have the added benefit of access to premium capabilities of Microsoft Defender Vulnerability Management. These include Certificate Assessment, Baseline Assessment, Block vulnerable applications, and more. You can learn more about MDVM's premium capabilities

How can I view the VA findings generated by MDVM with a focus on CVE ID?

You can use the CVE workbook which covers both the built-in Qualys VA solution and the built-in MDVM solution. The CVE workbook provides an overview of machines in your environment that have open vulnerabilities with a focus on CVE IDs. It shows vulnerability findings for either Microsoft Defender Vulnerability Management, or the integrated Qualys VA scanner.

Why is there a different total number of vulnerabilities on the Recommendation page between MDVM and Qualys?

The vulnerability assessment solution for servers, powered by MDVM, provides a unified and consolidated view of vulnerable software on the Recommendations page. Qualys utilizes the Qualys IDs that often contain one or two CVEs. MDVM consolidates these CVEs into a single or a few Vulnerability IDs. MDVM aggregates these CVEs into a single or a few Vulnerability IDs. This consolidation addresses multiple vulnerabilities within the same software simultaneously.

What are the operating systems (OS) that are compatible with the MDVM scanner?

Refer to the list of compatible operating systems that are compatible with the MDVM scanner.

If your machine's operating system isn't on the list of compatible OS, an upgrade is necessary to allow MDVM to perform a scan.

Which agent is being used by the built-in MDVM VA solution?

The built-in MDVM scanner in Defender for Cloud uses the same agent as Microsoft Defender for Endpoint. If endpoint protection is enabled, the MDVM agent is already enabled.

If I'm using an EDR solution other than MDE, how can I upgrade my VA solution to MDVM?

For cloud VMs, we recommend enabling agentless scanning under the Defender for Servers P2 plan, to provide a more comprehensive coverage while ensuring minimal effect on your machine's performance.

If you're utilizing an on-premises machine, the installation of the MDE agent is mandatory. The MDVM solution requires the agent in order to conduct vulnerability scans.

How can the premium capabilities offered by MDVM be accessed?

Premium capabilities currently can be accessed through the MDVM portal. Navigate to the MDVM portal, and access the premium capabilities features under the vulnerability assessment section.

Screenshot of the MDVM dashboard.

Learn more about MDVM's premium capabilities.