Introduction
As Microsoft Cloud Solution Architects, we get asked by Businesses, IT Managers and Cybersecurity Experts to accurately report on the Vulnerabilities and CVEs in our environments. This could be as easy as just deploying Endpoint Protection updates or as advanced as deploying every category and 3rd Party Updates using Microsoft Defender for Endpoint.
Vulnerability Management Dashboard: Microsoft Defender for Endpoint
This Spring release involves implementing a cloud-based reporting and visualization solution that brings exposure to active threats into sharp focus. It is intended to provide value to IT Leaders, Stakeholders, Security & Compliance teams, and Operations Teams that are responsible for mitigating CVE documented risks. The reports provide rich drill throughs that enable full understanding of an organization's current data and trends. The data is sourced from Microsoft Defender for Endpoint using API calls, stored in a small serverless Azure SQL instance, and can be accessed from anywhere on any device.
Outcomes
Dashboard with a summary view that shows CVE vulnerability status for the current month, the previous month, and all prior. These views refresh daily on a desired scheduled time frame.
Customization options to exclude specific CVEs and classes of vulnerabilities.
Cloud installation that creates a small Azure serverless SQL instance, an Azure Automation Account, and an Azure Service Principal.
The Report
The report features 8 main pages to use as a starting point, with additional subpages and drill-ins to allow you to get the information the way you need to see it.
Summary - View device compliance against CVEs, grouped by the last 3 monthly release cycles. Drill into devices with a specific status in a specific period to get a detailed list of devices and which CVEs have open vulnerabilities currently.
