Deprecation of the BYOL feature in Microsoft Defender for Cloud as part of a centralized vulnerability management experience. This change aims to enhance your exposure management with centralized third-party connector data and streamlined vulnerability assessment solutions.
Introduction
With the introduction of Microsoft Security Exposure Management data connectors, we are committed to enhancing your enterprise exposure management experience and data consumption through this unified view. As part of this effort, we are making changes to streamline and improve our vulnerability assessment (VA) solutions. One of these changes involves deprecating the “Bring Your Own License” (BYOL) feature in Microsoft Defender for Cloud and transitioning to Exposure Management data connectors for a more seamless and comprehensive solution.
Why this change?
Our goal is to provide a cohesive and comprehensive VA solution within the unified security operations platform. By consolidating these capabilities, we can deliver a more integrated and efficient experience for vulnerability and exposure management across cloud, hybrid and on-premises.
Deprecation timeline
The “Bring Your Own License” (BYOL) feature for vulnerability assessment will be deprecated in two phases:
- February 3, 2025: The feature will no longer be available for onboarding new machines and subscriptions. Any VMs between Feb and May will not have agents deployed
- May 1, 2025: The feature will be fully deprecated and no longer available.
What this means for you?
The new data connectors in Exposure Management will replace BYOL in Defender for Cloud and will offer:
- Multiple scanner options: Integration of different third-party VA solutions, providing more flexibility and coverage. More information about the connectors can be found here.
- Unified visibility: A single, combined view of all vulnerability assessments across multi-cloud and on-premises, simplifying prioritization, management, and reporting.
- Seamless integration: Once the data connector is configured, There is no agent installation required, because the connector retrieves data directly from the VA product via API. With the API permissions you provide, Microsoft Security Exposure Management can seamlessly consume your vulnerability data from the connector and the data collected in your environment.
Exposure Management:
Microsoft Security Exposure Management is a comprehensive security solution that offers a unified view of your security posture across all company assets and workloads. It enhances asset information with valuable security context, enabling you to proactively manage attack surfaces, protect critical assets, and identify and mitigate exposure risks effectively. Read more here.
Microsoft Defender for Cloud is already a key component of Exposure Management, providing a unified security flow that ensures consistent application of security measures across all assets. We are continuously working to enhance this collaboration, further strengthening your overall security posture by delivering a cohesive and comprehensive security strategy. A key Initiative in this strategy is vulnerability management. We aim to enhance and centralize this aspect as much as possible, leveraging all available data points from MDC, Microsoft Defender for Endpoint (MDE), Microsoft Defender Vulnerability Managment, and various connectors. This centralized approach ensures that vulnerabilities are identified, prioritized and addressed promptly, minimizing potential risks and improving overall security resilience.
This BYOL deprecation and transition to Security Exposure Management connectors is designed to enhance your overall experience and value. Below is a feature comparison to provide more clarity on the additional capabilities that will be available as part of this transition:
|
Feature |
Defender for Cloud BYOL |
Microsoft Security Exposure Managment data connectors* |
|
Auto provisioning |
Automatic agent deployment for Azure machines** |
Customer deploys VA solution according to each vendors recommendation |
|
Multi-cloud |
Azure Only |
Multi-cloud and non-cloud |
|
Supported vendors |
Rapid7, Qualys |
Rapid7, Qualys, Tenable (and more planned) |
|
Aggregated results from multiple scanners |
Each device shows results from a single provider |
Devices show aggregated results from multiple providers |
|
Product experience |
Defender for Cloud portal |
Defender portal |
*Note: during the preview phase, use of data connectors is free. Once data connectors become generally available, there will be a consumption-based cost for each of the non-Microsoft data connectors. For more information, please see here.
** Removing BYOL auto-provisioning in Defender for Cloud means that while Microsoft will no longer automatically provision the agent, customers deploy the VA solution according to each vendors recommendation.
Actions required
If you are currently using BYOL solutions in Defender for Cloud, we encourage you to begin configuring your Microsoft Security Exposure Management data connectors for Qualys and Rapid7 before May 1, 2025. For more information on using the connectors, please visit the connectors onboarding documentation.
Additional Note: BYOL is not the recommended migration path for all Defender for Servers customers currently utilizing Qualys Built-in for Vulnerability Assessment. Instead, these customers should migrate to the connector's solution suggested above for a seamless and optimized transition.
Microsoft
