Remediate machine vulnerabilities
The Defender for Servers plan in Microsoft Defender for Cloud provides agentless and agent-based vulnerability scanning for protected machines using Microsoft Defender Vulnerability Management.
| Requirement | Details |
|---|---|
| Plan | For agentless vulnerability scanning, Defender for Servers Plan 2 must be enabled, and agentless scanning must be on in the plan. For agent-based scanning with the Microsoft Defender for Endpoint agent, Defender for Servers Plan 1 or Defender for Servers Plan 2 must be enabled, and Defender for Endpoint integration must be enabled. |
| Agentless scanning | Review the prerequisites for agentless scanning. |
| Agent-based scanning | Review the prerequisites for Defender for Endpoint integration in Defender for Servers. |
View scan findings
To view vulnerability assessment findings (from all of your configured scanners) and remediate identified vulnerabilities:
From Defender for Cloud's menu, open the Recommendations page.
Select the recommendation Machines should have vulnerability findings resolved.
Defender for Cloud shows you all the findings for all VMs in the currently selected subscriptions. The findings are ordered by severity.
To filter the findings by a specific VM, open the "Affected resources" section and select the VM that interests you. Or you can select a VM from the resource health view, and view all relevant recommendations for that resource.
Defender for Cloud shows the findings for that VM, ordered by severity.
To learn more about a specific vulnerability, select it.
The details pane that appears contains extensive information about the vulnerability, including:
- Links to all relevant CVEs (where available)
- Remediation steps
- Any more reference pages
To remediate a finding, follow the remediation steps from the details pane.
Export the results
Export vulnerability assessment results with Azure Resource Graph. Azure Resource Graph provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal.
For full instructions and a sample ARG query, see the following Tech Community post: Exporting vulnerability assessment results in Microsoft Defender for Cloud.