Many of our customers face challenges installing agents on all of their devices and in some cases, not all Windows-based devices support the agent if they are using older versions of Windows.
To combat these challenges, we’re excited to share a new capability within Microsoft Defender Vulnerability Management to remotely scan Windows-based devices that do not have agents installed. Authenticated scans for Windows provide the ability to remotely target by IP\range or hostname and scan Windows services by equipping the tool with credentials to remotely access the machines. This is applicable for devices that do not have the Defender Vulnerability Management or Defender for Endpoint agent deployed so organizations like yours can get complete vulnerability assessment coverage without reliance on an agent. Defender Vulnerability Management add-on and standalone customers can take advantage of this new feature today.
Along with the release of the ability to remotely scan Windows devices, we have made updates and added new functionality to the remote scan capability (some of which are already available for network devices).
One place for managing authenticated scans
You can access authenticated scans in the Microsoft 365 Defender Portal through Settings > Device Discovery. This makes managing discovery and scanning of non-Microsoft Defender for Endpoint onboarded devices easier under the same location.
Create an authenticated scan for Windows devices
Once in the authenticated scan section, select “add new scan” to create an authenticated scan for Windows.
New fields for authenticated scans allows for customization to fully support your organization's needs
Set up your scanner device and devices to be scanned
To set up your scanner device and the devices to be scanned, you’ll need to use a gMSA account. To create a gMSA for scanning please see create a scanning account in our documentation.
The gMSA is then used by the scanning device to authenticate and remotely access the devices to be scanned. Further configurations for the gMSA account are also required on the devices to be scanned. For more information, see devices to be scanned section in our documentation.
We hope you enjoy this new feature. See below for more information about authenticated scans for Windows:
__
Microsoft Defender Vulnerability Management is in public preview. Explore premium capabilities of Microsoft Defender Vulnerability Management such as this one and more by signing up for a free trial of Defender Vulnerability Management add-on and standalone here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.