Review & Remediate Vulnerability Assessments
Implementation Effort: Medium
Security and IT teams must review vulnerability findings, prioritize remediation based on severity, and apply fixes using agentless or agent-based scanning tools.
User Impact: Low
Vulnerability remediation is handled by administrators and security teams; end users are not directly involved.
Overview
Microsoft Defender for Servers provides integrated vulnerability assessment capabilities using Microsoft Defender Vulnerability Management (MDVM). It supports both agentless and agent-based scanning to detect vulnerabilities across Azure, AWS, GCP, and on-premises machines.
Scanning Methods
-
Agentless Scanning:
- Requires Defender for Servers Plan 2.
- No software installation needed.
- Scans run daily on powered-on VMs 1.
-
Agent-Based Scanning:
- Available with Plan 1 or Plan 2.
- Uses the Microsoft Defender for Endpoint agent.
- Offers deeper insights and real-time protection 1.
How to Review Vulnerability Findings
- Go to Microsoft Defender for Cloud > Recommendations.
- Search for: "Machines should have vulnerability findings resolved".
- View all findings across subscriptions, ordered by severity.
- To filter by VM:
- Open Affected resources and select a VM.
- Or go to Inventory > Resource Health, select a VM, and view its findings 1.
How to Remediate
- Select a vulnerability to open the details pane.
- Review:
- CVE references
- Severity level
- Remediation steps
- Apply the recommended fix (e.g., patching, configuration change).
- Use Azure Resource Graph to export and track findings across environments 1.
Additional Tools
- Azure Resource Graph (ARG): Export findings for reporting and automation.
- Cloud Security Explorer: Query and filter vulnerabilities by severity, resource type, or environment.
Failing to remediate vulnerabilities leaves workloads exposed to known exploits and compliance risks. This capability supports the "Assume Breach" principle of Zero Trust by ensuring continuous detection and mitigation of weaknesses.