Microsoft Defender for Cloud is a comprehensive multicloud application protection platform (CNAPP) meticulously designed to safeguard your cloud-based applications from every angle, covering the entire journey from code to cloud. A pivotal aspect of cloud security involves the continuous monitoring and management of emerging vulnerabilities across your cloud workloads. By implementing strong vulnerability management practices, organizations can enhance their security posture, minimize the attack surface, and reinforce defenses against potential security breaches.
We’re excited to share that starting May 1st, we are introducing unified vulnerability assessment, and as a part of this Defender for Cloud will now exclusively offer Microsoft Defender Vulnerability Management as its primary scanner across servers and containers, as we shared in our previous recent blogs (1, 2). This strategic transition equips security administrators with access to Microsoft's unparalleled threat intelligence, advanced breach likelihood predictions. This integration offers security administrators a centralized vulnerability scanner, serving as a unified engine for all workloads spanning cloud, on-premises, and hybrid environments. This enables a seamless and precise risk assessment process. Equipped with these functionalities, security teams can proficiently detect, evaluate, prioritize, and address vulnerabilities, effectively overseeing an extended attack surface and strengthening the overall posture against cloud risks.
Why Defender Vulnerability Management?
- Consistency: Defender Vulnerability Management offers a unified scanner tool for your environment, including containers and virtual machines, ensuring consistent and reliable outcomes across different platforms and technologies while simplifying security management.
- Efficiency: It saves time and resources by avoiding duplication, automating tasks, and allowing a better integration with other security processes, leading to faster response times and better prioritization of remediation efforts.
- Cost-Effective: With Defender Vulnerability Management, there's no additional license requirement, making it a cost-effective choice for organizations of all sizes. To learn more, you can explore our Defender for Server plans, which include both premium and regular options. Each plan offers this scanner with varying capabilities.
- Seamless Integration: Unlike traditional solutions, Defender Vulnerability Management offers seamless integration without the need for agent installations. You can decide whether to use an agent or not, depending on what suits your needs best. If you’re considering an agent-based solution, this capability is provided via Microsoft Defender for Endpoint (MDE) so all value is in a unified agent. Therefore, there’s no need to deploy an additional agent if MDE is already in use.
- Coverage- With Defender Vulnerability Management, you gain access to a vast repository of CVEs sourced from over 30 reliable security bulletins, including NIST-NVD, IBM X-Force, Red Hat and more. Benefit from comprehensive coverage of OS platforms and application vulnerabilities across Windows and Linux environments.
- Rich Metadata: Defender Vulnerability Management goes beyond conventional vulnerability assessment by providing AI-powered descriptions, fix information, and insights into exploits in the wild. Equip yourself with practical recommendations to enhance your defense against evolving threats. With this info you can prioritize vulnerability remediation based on contextual risk analysis, considering factors like exposure and data sensitivity, to ensure effective risk mitigation.
- Compliance: It assists organizations in meeting cybersecurity standards and regulations, demonstrating accountability to stakeholders like customers, partners, and regulators. (such as SBOM info, security baselines, etc.).
Next Steps
Whether you have used the built-in Qualys scanner previously or are new to our vulnerability assessment solution, you can make sure you are using Defender Vulnerability Management as your VA provider. Follow these steps if you use Defender CSPM or Defender for Server plans:
- Navigate to Microsoft Defender for Cloud > Environment settings
- If you use Defender CSPM or Defender for Servers P2, ensure Agentless scanning setting is enabled
- Defender for Server users (either P1 or P2) are eligible for Defender for Endpoint via Endpoint protection setting. Machines with Defender for Endpoint will be covered by Defender Vulnerability Management.
- Enable the vulnerability scanning with Defender Vulnerability scanning with the following explanations (Enable vulnerability scanning with Microsoft Defender Vulnerability Management, https://learn.microsoft.com/en-us/azure/defender-for-cloud/auto-deploy-vulnerability-assessment )
Remove the old vulnerability assessment solution
you still have the Qualys agent installed, feel free to remove it as it's no longer necessary. However, leaving it in place won't impact on your new results. Once you've migrated to the built-in Defender Vulnerability Management solution in Defender for Cloud, ensure to offboard each VM from their old vulnerability assessment solution. You can accomplish this by using the Remove-AzVMExtension PowerShell cmdlet or a REST API Delete request to delete the VM.
You can track your transition efforts using this workbook.
