Home
Microsoft

 

Threat & Vulnerability Management is a new Microsoft Defender ATP component that helps effectively identify, assess, and remediate endpoint weaknesses.  Threat & Vulnerability Management provides both security administrators and security operations teams with unique value, including:

  • Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
  • Invaluable machine vulnerability context during incident investigations
  • Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager

Note: Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) integration will roll-in next month.

 

Today, we are excited to announce that the new Threat & Vulnerability Management (TVM) is now available for public preview in the Microsoft Defender ATP portal. We are bringing a game changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. See our announcement blog for details.

 

Threat & Vulnerability Management is the latest innovation in Microsoft Defender ATP, which continues to evolve to provide customers with powerful, real-time, and integrated means to discover, prioritize, and remediate threats. Customers who have turned on Microsoft Defender ATP preview features will see this game-changing capability in their dashboard.

 

Additional TVM capabilities will continue rolling out throughout the upcoming months – Stay tuned!

 

For information on getting started with Microsoft Defender ATP TVM see https://aka.ms/mdatp-tvm.

 

Screenshot_1.png

Figure 1: Screenshot of the Threat & Vulnerability Management dashboard

 

 

The Microsoft Defender ATP, Threat & Vulnerability Management team

 

11 Comments
Occasional Contributor

I'm checking out the new Threat & Vulnerability Management Security Recommendations dashboard and noticing that the detection of many registry keys relating to Internet Explorer features is broken. I have several of the keys configured properly across our environment in accordance with the Remediation Options tab, but they're not detected successfully.

 

Incorrect detections include (but may not be limited to):
* Enable 'Information Bar'
* Enable 'Restrict File Download'

 

Are others seeing this?

Frequent Visitor

The software inventory isn't correctly detecting all installed software. It shows multiple instances of some programs, while showing no instances of others. Some machines it shows up properly and some it doesn't.

Regular Visitor

I know it's new, but I am really digging the Vulnerability page. 

Occasional Visitor

Awesome addition guys, amazing work. 

Occasional Visitor

Is this new feature also available in Windows Server 2019? If not, will this come ?

 

Thanks

Occasional Contributor

It would be nice to know what the security recommendations are based on.  I have 11 machines that have the recommendation "Update 7-zip to version 19.0.0.0" but as far as I can tell, they have all been upgraded.  Is it checking registry keys, file versions in specific directories, something else?

Microsoft
great addition, please use the 'frown face' on the top right corner of the portal to file your suggestion directly with our engineering team
Occasional Contributor

Interested to know if this functionality will be back ported into previous versions of Windows Server? We're looking at the PowerBI Dashboards as a part of our patching process and can only see Windows 10 devices showing as missing security patches. 

Microsoft

Yes, the new TVM functionality is planned to be backported to previous Windows Server versions in the upcoming months.

Occasional Visitor

Is TVM able to account for supercedence updates? We see a lot of discovered vulnerabilities that have been patched in SCCM.

Regular Contributor

Is this still rolling out?
We have enabled preview features a while ago, but stil don`t see thes options.