Microsoft Defender Vulnerability Management

Security baseline assessment

Security baseline assessment is a continues (identify changes in real time) scan of the security baseline (CIS and/or STIG) compliance.

  • Go to Baseline assessment
  • Go to Profiles
  • Select Create
  • Name & description
  • Software (Windows version), Base benchmark (CIS or STIG), Compliance level (e.g. level 1, level 2, etc.)
  • Add configuration settings (password policy, account lockout policy, etc.)
  • Devices (all device groups or selected device group(s) including tags option)
  • Review and submit

Block vulnerable applications

Block vulnerable applications (currently in beta) can block an application or warn a user that the application is vulnerable.
Requirements: (1) Microsoft Defender Antivirus, (2) cloud-delivered protection enabled and (3) Allow or block (on) in the advanced settings of Microsoft 365 Defender -Endpoints.

  • Go to Vulnerability management > Recommendations
  • Select a security recommendations (type update non-Microsoft software) and select Request remediation.
    If remediation request & remediation action is not available: (1) Microsoft application, (2) Operating systems, (3) apps for MacOS or Linux and (4) not enough information available.
  • Device scope (all device groups or selected device groups)
  • Remediation request (software update (recommended), software uninstall, remediation due date, etc.)
  • Remediation action (None, Warn or Block)
  • Review and finish

Browser extensions

Browser extensions are (small) applications installed in a web browser, the feature provides insights in all installed browsers (e.g. Microsoft Edge, Google Chrome, etc.) and the installed extensions including the risk.

  • Go to Vulnerability management > Software inventory
  • Select Browser extensions

Digital certificate assessment

Digital certificate assessment is a certificate inventory and assessment feature to provide insights in certificate issues like expiration, misconfiguration, etc.

  • Go to Vulnerability management > Software inventory
  • Select Certificates

Network share analysis

Network share analysis is a configuration assessment of network share vulnerabilities. Open the Microsoft 365 Defender portal

  • Go to Vulnerability management > Recommendations
  • Select Filters and choose Related component > OS > Shares
  • Disallow offline access to shares
  • Remove share write permissions set to ‘Everyone’
  • Remove shares from the root folder



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store