Built-in Qualys scanner vs private license Qualys

Copper Contributor


I am new here so please forgive me if I am posting in the wrong section.
What I would like to know, is when you have Defender for Cloud, you can deploy Qualys as mentioned by Microsoft here:


It also states that you could use your private license from Qualys as well.
My question is, what's the difference with using Qualys from Defender for Cloud versus the bought license from Qualys? Why would someone want to u

1 Reply



The answer (partially) is concluded in the first two paragraphs of the documentation (you posted it):

If you've enabled Microsoft Defender for Servers, you're able to use Microsoft Defender for Cloud's built-in vulnerability assessment tool as described in Integrated Qualys vulnerability scanner for virtual machines. This tool is integrated into Defender for Cloud and doesn't require any external licenses - everything's handled seamlessly inside Defender for Cloud. In addition, the integrated scanner supports Azure Arc-enabled machines.

Alternatively, you might want to deploy your own privately licensed vulnerability assessment solution from Qualys or Rapid7. You can install one of these partner solutions on multiple VMs belonging to the same subscription (but not to Azure Arc-enabled machines)."


For many solutions, we have BYOL or Included license. The client could :

  • not have Qualys (then it will buy license integrated)
  • have a licence in the org (like I have sixty-ish Windows Server licence in the drawer) and used existing to pay less

This flexibility allows organisations to use a different configuration, depends what they have (or not) in the environment.