Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender Vulnerability Management (MDVM) has a new home under Exposure Management in the Microsoft Defender portal. This integration brings device and cloud vulnerability management into a single, unified experience, combining comprehensive vulnerability visibility with risk-based prioritization and streamlined remediation workflows. Whether you manage device vulnerabilities, cloud security posture, or both, all capabilities are now accessible from one place.
Vulnerability Management capabilities are available in three places under Exposure Management:
| Location | What's there |
|---|---|
| Overview page | A Vulnerabilities widget providing a high-level summary. |
| Recommendations page | Misconfigurations and Vulnerabilities tabs under Devices and Cloud, including an Event timeline widget. |
| Vulnerability Management section | Overview (refocused on vulnerabilities, new layout), Vulnerabilities (previously Weaknesses, with side-by-side Devices/Cloud views), Inventories, Remediation, and Baseline assessments. |
Tip
For a summary of the changes in the vulnerability management experience, see Location of vulnerability management pages and features (preview customers).
What stays the same
- Core functionality: All essential Vulnerability Management capabilities remain available.
- Data and scoring: Exposure scores and vulnerability data remain unchanged.
- Workflows: Existing remediation and management processes are preserved.
- Permissions: Current Vulnerability Management role assignments continue to work.
What's enhanced
- Unified visibility: Combined device and cloud vulnerability management in one place.
- Integrated recommendations: Part of the comprehensive recommendations catalog.
- Enhanced context: Broader security context through the Exposure Management ecosystem.
- Streamlined navigation: Single portal access for all exposure management needs.
Key enhancements
Unified device and cloud vulnerability view
Customers with both Defender for Cloud and Defender for Endpoint licenses can see all vulnerabilities affecting their digital estate in one place, with side-by-side Devices and Cloud views that align with different remediation approaches.
Enhanced vulnerability prioritization
The integration provides comprehensive vulnerability context by combining device vulnerabilities with cloud security findings, enabling better risk assessment and prioritization.
Cloud vulnerabilities
With the integration of Defender for Cloud in the Defender portal, cloud vulnerability management provides enhanced capabilities:
- Risk-based prioritization: For the first time, cloud vulnerabilities are prioritized by risk in the Defender portal, highlighting the most critical issues.
- Multi-cloud support: Comprehensive coverage of Azure, AWS, and GCP environments in a unified interface.
- Enhanced visibility: Integrated view that combines cloud security posture with vulnerability data for better context.
Device vulnerabilities
- Same table structure: The vulnerability table maintains the same fields, filters, and prioritization logic from Vulnerability Management.
- Familiar exposure scoring: Uses the established exposure score methodology.
- Enhanced context: Benefits from the broader Exposure Management ecosystem for comprehensive risk assessment.
Devices misconfigurations
- Source data from Vulnerability Management, Microsoft secure score, and Exposure Management.
- Contributes to the Devices secure score using Microsoft's established calculation methodology.
Getting started
Prerequisites
- Licensing: MDVM features require appropriate Microsoft Defender licensing (Defender for Endpoint P1).
- Permissions: Use established MDVM permissions or the new unified Exposure Management RBAC roles.
- Cloud integration: For full cloud vulnerability visibility, Defender for Cloud licensing is recommended.
Navigation
- Navigate to the Microsoft Defender portal.
- Select Exposure management from the navigation menu.
- Access vulnerability management functions:
- Overview: Exposure management > Vulnerability management > Overview
- Recommendations: Exposure management > Recommendations
- On the Devices and Cloud tabs, select Misconfigurations or Vulnerabilities to view unified recommendations
- Vulnerability management: access Overview, Vulnerabilities, Inventories, Remediation, and Baseline assessments pages