Leverage authenticated scans to prevent attacks on your Windows devices
Published Jan 26 2023 10:30 AM 10.4K Views
Microsoft

Many of our customers face challenges installing agents on all of their devices and in some cases, not all Windows-based devices support the agent if they are using older versions of Windows.

To combat these challenges, we’re excited to share a new capability within Microsoft Defender Vulnerability Management to remotely scan Windows-based devices that do not have agents installed. Authenticated scans for Windows provide the ability to remotely target by IP\range or hostname and scan Windows services by equipping the tool with credentials to remotely access the machines. This is applicable for devices that do not have the Defender Vulnerability Management or Defender for Endpoint agent deployed so organizations like yours can get complete vulnerability assessment coverage without reliance on an agent. Defender Vulnerability Management add-on and standalone customers can take advantage of this new feature today.

 

Along with the release of the ability to remotely scan Windows devices, we have made updates and added new functionality to the remote scan capability (some of which are already available for network devices).

 

One place for managing authenticated scans

YossiBasha_0-1674576274353.png

 

You can access authenticated scans in the Microsoft 365 Defender Portal through Settings > Device Discovery. This makes managing discovery and scanning of non-Microsoft Defender for Endpoint onboarded devices easier under the same location.

 

Create an authenticated scan for Windows devices

YossiBasha_1-1674576274358.png

 

Once in the authenticated scan section, select “add new scan” to create an authenticated scan for Windows.

New fields for authenticated scans allows for customization to fully support your organization's needs

YossiBasha_2-1674576274364.png

 

  • Define scan interval – provides ability to configure an interval per authenticated scan or set it to run once. 
  • Windows authenticated scan gMSA support - For better security we have moved to using a  Account (gMSA) instead of username\password. 
  • Define scan targets by hostname or upload a CSV
  • Azure Key Vault support
  • Scan definition API improvements
  • Scan history for an ability to better understand scans

 

Set up your scanner device and devices to be scanned

To set up your scanner device and the devices to be scanned, you’ll need to use a gMSA account. To create a gMSA for scanning please see create a scanning account in our documentation.

 

The gMSA is then used by the scanning device to authenticate and remotely access the devices to be scanned. Further configurations for the gMSA account are also required on the devices to be scanned. For more information, see devices to be scanned section in our documentation.

 

We hope you enjoy this new feature. See below for more information about authenticated scans for Windows:

__

Microsoft Defender Vulnerability Management is in public preview. Explore premium capabilities of Microsoft Defender Vulnerability Management such as this one and more by signing up for a free trial of Defender Vulnerability Management add-on and standalone here. 

7 Comments
Co-Authors
Version history
Last update:
‎Jan 26 2023 12:26 PM
Updated by: