From Vulnerability Fatigue to Action: How SKF Operationalized MDVM with a Custom Dashboard

Microsoft

Mar 31, 2026

In today’s rapidly evolving digital landscape, organizations must proactively manage security risk and stay ahead of emerging threats to keep systems and data secure. However, many teams face “vulnerability fatigue”; remediation doesn’t get easier as environments grow, Mean Time to Remediate (MTTR) increases, and Mean Time to Exploit continues to shrink. (References: CyberMindr, “Average Time-to-Exploit in 2025”; “MTTR: The Most Important Security Metric”).

Microsoft Defender Vulnerability Management (MDVM) transforms vulnerability management into a holistic, risk-based practice—with a single place to discover exposure, prioritize what matters most, and drive remediation.

MDVM surfaces a large volume of vulnerability data. To help customers focus time and resources effectively, it applies a risk-based approach that maps identified weaknesses to actionable security recommendations, prioritized by impact. Each recommendation includes practical remediation guidance.

How SKF Approaches Recommendations

SKF, a global enterprise with thousands of assets, has taken significant steps to strengthen its security posture by leveraging Microsoft Defender Vulnerability Management. MDVM is available as part of Microsoft Defender for Endpoint, which is deployed across SKF’s environment.

SKF’s patch management model spans multiple owning teams (for example, the Windows team, business application teams, and device owners responsible for patching non-managed applications). SKF uses the MDVM API together with its Configuration Management Database Application Portfolio Management (CMDB APM) to export vulnerability data—along with application name and owner—to external dashboards. These dashboards visualize the data in near real time, enabling each asset or application owner to see only what they own and take action on the recommendations assigned to them.

Figure 1: Vulnerability dashboard

In this blog, we will focus on the external dashboard SKF customized to meet its organizational needs.

Building a Vulnerability Dashboard

A dashboard is beneficial for organizations where remediation actions are the accountability of different departments or application owners outside of the security organization.

The dashboard is built using MDVM data, which is pulled via the MDVM API. It allows for exporting software vulnerabilities assessments per device through Microsoft Defender for Endpoint. Export software vulnerabilities assessment per device - Microsoft Defender for Endpoint | Microsoft Learn

SKF took the follow series of steps to build out this dashboard include:

Design: Identifying key metrics for the dashboard to address the vulnerability & defining the RBAC role of each category of user
Data Source Integration: Microsoft Defender API, Microsoft Graph API, CMDBAPM and Entra

CMDB allows connecting between application owners and device owners and share application vulnerabilities along with remediation steps to take

Integrated Data Modeling: Schema defined to map multiple variables & defined relationships between data points
Access Implementation: RBAC applied in Power BI& assigned roles for controlled exposure of data
Visualization and UX: Build interactive dashboards with dynamic filtering and contextual data displays to improve user engagement and data insights
Testing & Deployment: Persona based validation & Data integrity tested, verified & deployed

Solution Capabilities

The solution allows a dynamic, real-time, distributed, and visualized risk-based approach that correlates organizational weaknesses with accountable personas.

The solution supports:

Near real-time updates reflecting asset vulnerability status

CMDB integration to match devices to device owners, application names &application owners

CMDB has also been used to retrieve assets criticality information. Critical assets will be prioritized and will be handled in shorter SLA

An RBAC (Role-Based Access Control) model, ensuring that each manager, application owner, or department can view only their data

Dynamic filtering to refine data by application owners, location, device groups, CVE data, Business specific information etc.

While filtering on specific device group or owner, Risk exposure score will dynamically change and reflect the exposure of the selected devices. This enables each team owner or device owner to understand the risk on their assts

Comparative insights, allowing teams to benchmark their risk against organizational averages

Filters: Can be configured in the dashboard itself and in the Filters section

Figure 2: Data search by device type or device info.

SKF's Vulnerability Management Process

SKF is now advancing its vulnerability management strategy with automation-driven enhancements to reduce Mean Time to Remediate (MTTR) by activating the following:

Each application owner or device owner responsibility to log into the dashboard and view required actions to take

Automated email notification to asset owners for critical activities required

SLA enforcement- Defined SLA per vulnerability severity, this includes network enforcement in case the SLA is not met

Patch automation – there are various methods to implement automatic patch automation. This can be implement using Intune enterprise application management or any management system or using AI agent

Summary

Combining MDVM's risk-based prioritization model and clear RACI ownership helps organizations manage and remediate vulnerabilities more effectively. By translating exposure into concrete, actionable recommendations—and aligning those recommendations to the right teams—SKF improved coordination, accountability, and overall security outcomes. The following was observed at SKF:

Role-specific views of the data, so each audience sees only what is relevant to them

Non-security device and application owners can still prioritize remediation using business- and risk-context signals such as exposure score, exploitability, application criticality, and more

The custom dashboard also helps track and improve risk-reduction KPIs over time—at the individual level and across departments, regions, and the broader organization.