What is Microsoft Defender Vulnerability Management

What is Microsoft Defender Vulnerability Management

Reducing cyber risk requires comprehensive risk-based vulnerability management to identify, assess, remediate, and track all your biggest vulnerabilities across your most critical assets, all in a single solution.

Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk.

Microsoft Defender Vulnerability Management features and capabilities.

With Defender Vulnerability Management, you can empower your security and IT teams to bridge workflow gaps and prioritize and address critical vulnerabilities and misconfigurations across your organization. Reduce cyber security risk with:

Asset discovery & inventory

Defender Vulnerability Management built-in and agentless scanners continuously monitor and detect risk in your organization even when devices aren’t connected to the corporate network.

A single inventory with a real-time consolidated view of your organization’s software applications, digital certificates, network shares, and browser extensions helps you discover and assess all your organization’s assets.

View information on extension permissions and associated risk levels, identify certificates before they expire, detect potential vulnerabilities due to weak signature algorithms, and assess misconfigurations in internal network shares.

Vulnerability & configuration assessment

Understand and assess your cyber exposure with advanced vulnerability and configuration assessment tools.

  • Security baselines assessment – Create customizable baseline profiles to measure risk compliance against established benchmarks, such as, Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG).
  • Visibility into software and vulnerabilities – Get a view of the organization’s software inventory, and software changes like installations, uninstalls, and patches.
  • Network share assessment – See actionable security recommendations, in the security recommendations page, for network share configurations identified as vulnerable.
  • Threat analytics & event timelines – Use event timelines, and entity-level vulnerability assessments to understand and prioritize vulnerabilities.
  • Browser extensions – View a list of the browser extensions installed across different browsers in your organization.
  • Digital certificates – View a list of certificates installed across your organization in a single central certificate inventory page.

Risk-based intelligent prioritization

Defender Vulnerability Management leverage Microsoft’s threat intelligence, breach likelihood predictions, business contexts, and device assessments to quickly prioritize the biggest vulnerabilities in your organization. A single view of prioritized recommendations from multiple security feeds, along with critical details including related CVEs and exposed devices helps you quickly remediate the biggest vulnerabilities on your most critical assets. Risk-based intelligent prioritization:

  • Focuses on emerging threats – Dynamically aligns the prioritization of security recommendations with vulnerabilities currently being exploited in the wild and emerging threats that pose the highest risk.
  • Pinpoints active breaches – Correlates vulnerability management and EDR insights to prioritize vulnerabilities being exploited in an active breach within the organization.
  • Protects high-value assets – Identifies exposed devices with business-critical applications, confidential data, or high-value users.

Remediation and tracking

Enable security administrators and IT administrators to collaborate and seamlessly remediate issues with built-in workflows.

  • Remediation requests sent to IT – Create a remediation task in Microsoft Intune from a specific security recommendation.
  • Block vulnerable applications – Mitigate risk with the ability to block vulnerable applications for specific device groups.
  • Alternate mitigations – Gain insights on other mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
  • Real-time remediation status – Real-time monitoring of the status and progress of remediation activities across the organization.
Area Description
Dashboard Get a high-level view of the organization exposure score, threat awareness, Microsoft Secure Score for Devices, expiring certificates, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
Recommendations See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you’ve enabled your Intune connections in Defender for Endpoint.
Remediation See remediation activities you’ve created and recommendation exceptions.
Inventories Discover and assess all your organization’s assets in a single view.
Weaknesses See the list of common vulnerabilities and exposures (CVEs) in your organization.
Event timeline View events that may impact your organization’s risk.
Baselines assessment Monitor security baseline compliance and identify changes in real-time.


Run vulnerability management related API calls to automate vulnerability management workflows. Learn more from this Microsoft Tech Community blog post.

See the following articles for related APIs:

Next steps


Contact Us 


No Comments

Sorry, the comment form is closed at this time.