Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Threat & Vulnerability Management now publicly available!
Published Apr 16 2019 07:45 AM 92.8K Views
Microsoft

 

Threat & Vulnerability Management is a new Microsoft Defender ATP component that helps effectively identify, assess, and remediate endpoint weaknesses.  Threat & Vulnerability Management provides both security administrators and security operations teams with unique value, including:

  • Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
  • Invaluable machine vulnerability context during incident investigations
  • Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager

Note: Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) integration will roll-in next month.

 

Today, we are excited to announce that the new Threat & Vulnerability Management (TVM) is now available for public preview in the Microsoft Defender ATP portal. We are bringing a game changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. See our announcement blog for details.

 

Threat & Vulnerability Management is the latest innovation in Microsoft Defender ATP, which continues to evolve to provide customers with powerful, real-time, and integrated means to discover, prioritize, and remediate threats. Customers who have turned on Microsoft Defender ATP preview features will see this game-changing capability in their dashboard.

 

Additional TVM capabilities will continue rolling out throughout the upcoming months – Stay tuned!

 

For information on getting started with Microsoft Defender ATP TVM see https://aka.ms/mdatp-tvm.

 

Screenshot_1.png

Figure 1: Screenshot of the Threat & Vulnerability Management dashboard

 

 

The Microsoft Defender ATP, Threat & Vulnerability Management team

 

19 Comments
Brass Contributor

I'm checking out the new Threat & Vulnerability Management Security Recommendations dashboard and noticing that the detection of many registry keys relating to Internet Explorer features is broken. I have several of the keys configured properly across our environment in accordance with the Remediation Options tab, but they're not detected successfully.

 

Incorrect detections include (but may not be limited to):
* Enable 'Information Bar'
* Enable 'Restrict File Download'

 

Are others seeing this?

Copper Contributor

The software inventory isn't correctly detecting all installed software. It shows multiple instances of some programs, while showing no instances of others. Some machines it shows up properly and some it doesn't.

Copper Contributor

I know it's new, but I am really digging the Vulnerability page. 

Copper Contributor

Awesome addition guys, amazing work. 

Iron Contributor

Is this new feature also available in Windows Server 2019? If not, will this come ?

 

Thanks

Brass Contributor

It would be nice to know what the security recommendations are based on.  I have 11 machines that have the recommendation "Update 7-zip to version 19.0.0.0" but as far as I can tell, they have all been upgraded.  Is it checking registry keys, file versions in specific directories, something else?

Microsoft
great addition, please use the 'frown face' on the top right corner of the portal to file your suggestion directly with our engineering team
Brass Contributor

Interested to know if this functionality will be back ported into previous versions of Windows Server? We're looking at the PowerBI Dashboards as a part of our patching process and can only see Windows 10 devices showing as missing security patches. 

Microsoft

Yes, the new TVM functionality is planned to be backported to previous Windows Server versions in the upcoming months.

Copper Contributor

Is TVM able to account for supercedence updates? We see a lot of discovered vulnerabilities that have been patched in SCCM.

Is this still rolling out?
We have enabled preview features a while ago, but stil don`t see thes options.

Brass Contributor

I got it since last Thursday. Nice feature guys!

Brass Contributor
Cool and I have this tool, does it comes tech support as does O365. I have this tool with my M365 E5. Or is tech support a fee base for this product?
Brass Contributor
@Jerry Gonzalez Support is included in your M365 E5 subscription
Brass Contributor

Thanks, but how do I get the support. I have call O365 and they stated they don't support.  Try to open a ticket and get these, which I don't have that information and not sure if I need this. Since I am paying for the M365 E5 that covers everything.Contract option.jpgSubscription option.jpgSupport Request.jpg

Brass Contributor
I'm sorry to say I get the same on that page. I received free support a few months back, but as I recall, this ticket was created via the Azure portal.
Copper Contributor

It looks like window server 2019 is the only OS supported. 

 

Will this be expanded to included server 2016 as this is still going to be around for around 5+ years?

Copper Contributor

Is there a roadmap for new features of MDATP (like for o365) available so one can follow when the support for server 2016/12R2 is planned to be available?

Copper Contributor

At Ignite, Microsoft said that Exposure level data will be available for server 2012 and up in about 2 months.

Version history
Last update:
‎Sep 16 2020 10:32 AM
Updated by: