Microsoft Previews Defender Vulnerability Management Service Products
Public previews of two Microsoft Defender Vulnerability Management service products were announced on Thursday by Microsoft.
The Microsoft Defender Vulnerability Management service is "a single solution offering the full set of Microsoft's vulnerability management capabilities to help take your threat protection to the next level," according to the announcement. It was characterized as consolidating existing capabilities that have been available for a couple of years or so.
The capabilities of this new tooling bundle includes "asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS and network devices," according to a Microsoft document description of the Microsoft Defender Vulnerability Management service.
Defender Vulnerability Management Pricing
Although the two Microsoft Defender Vulnerability Management service products are still at the preview stage, Microsoft has already described the pricing.
Microsoft Defender Vulnerability Management will be available as an individual product, priced at $3 per user per month. It'll also be available as an add-on to Microsoft Defender for Endpoint Plan 2, priced at $2 per person per month.
The reason for the price difference between those two product offerings is that Microsoft Defender for Endpoint Plan 2 already has some of the capabilities of the "standalone" Microsoft Defender Vulnerability Management product.
Here are all of the capabilities in the main standalone product:
Microsoft appears to be adding capabilities to the Microsoft Defender Vulnerability Management product. It listed the following capabilities that can be tried in the current public preview releases:
- Security baselines assessments, including Center for Internet Security (CIS) benchmarks and Security Technical Implementation Guides (STIG) benchmarks
- Browser extension inventory and assessments
- Digital certificate inventory and assessments
- Network shares analysis, and
- Block vulnerable applications
Microsoft is planning to add another capability, called "vulnerability assessments for unmanaged endpoints," to Microsoft Defender Vulnerability Management at some point, which will be "coming soon." This unmanaged endpoints capability is currently at the private preview stage. It'll be available as a public preview "in the next couple of weeks."
Organizations wanting to try the public previews of Microsoft Defender Vulnerability Management -- both as a "standalone" product and as an add-on to Microsoft Defender for Endpoint Plan 2 -- can find the links at this page.
Organizations have to request trying the previews, apparently.
Other Microsoft Security Product News
Microsoft this week also announced some other security news concerning its Defender and Sentinel products. They come on top of new managed security service offerings that Microsoft had unveiled earlier.
Microsoft Defender for Endpoint now has a "security settings management" capability that's at the "general availability" commercial-release stage, according to a Thursday announcement. It provides a single view of those settings, which can be used to manage "antivirus (AV), endpoint detection and response (EDR) and firewall (FW) policies," across "all enlisted devices." It supports devices running "Windows 10, Windows 11 and Windows Server 2012 R2 or later." To use this capability, organizations that are also using Azure Active Directory Hybrid joins will need to update Azure Active Directory Connect, Microsoft advised. It pointed IT pros to this documentation.
Microsoft Sentinel, which is Microsoft's security information and event management (SIEM) plus security orchestration, automation and response (SOAR) tool, is getting added support from the Microsoft 365 Defender service, which is used to detect security breaches. Microsoft is previewing the use of six Microsoft 365 Defender "Advanced Hunting data tables" with Microsoft Sentinel. The tables facilitate finding things such as cloud app events, authentication activities, queries made against Active Directory objects and more, according to a Wednesday announcement.
Additionally, Microsoft established a new GitHub community for security operations center threat-hunting teams that use the Microsoft Sentinel and Microsoft Defender products. This community hub is conceived as letting contributors "expand their impact to multiple products with a single contribution," according to a Microsoft announcement made last month.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.