Vulnerability Management
Discover, prioritize, and remediate vulnerabilities across your endpoints with Microsoft Defender Vulnerability Management. Get continuous assessment of software weaknesses, misconfigurations, and exposure risks.
Note: Vulnerability Management is included with Defender for Endpoint Plan 2 and Microsoft 365 E5 Security. Standalone add-on also available.
Vulnerability Dashboard
- 247 — Critical/High CVEs
- 1,456 — Total Vulnerabilities
- 89 — Devices at Risk
- 42.5 — Exposure Score
Exposure Score
Composite score (0-100) representing your organization’s vulnerability exposure:
- 0 — Low Exposure
- 50 — Medium
- 100 — High Exposure
Severity Weighting
Critical CVEs impact score more than low severity.
Exploit Availability
Known exploits increase risk score.
Device Exposure
More affected devices = higher score.
Vulnerability List
| Column | Description |
|---|---|
| CVE ID | Common Vulnerabilities and Exposures identifier |
| Severity | Critical, High, Medium, Low |
| CVSS Score | Common Vulnerability Scoring System (0-10) |
| Exposed Devices | Number of affected devices |
| Age | Days since vulnerability was first detected |
| Exploit Available | Whether public exploit code exists |
| Threat Insights | Linked to active threat campaigns |
Software Inventory
View all software installed across endpoints with vulnerability status:
Vulnerable Software
Software with known CVEs. Sorted by risk based on severity and exposure.
Missing Updates
Security updates available but not installed. Prioritized by impact.
End-of-Life Software
Applications no longer receiving security updates. High risk.
Browser Extensions
Visibility into browser extensions with risk assessment.
Security Recommendations
Prioritized actions to reduce exposure:
Update Adobe Reader (Critical)
15 devices running Adobe Reader with 3 critical CVEs. Update to version 2024.001.
- Score impact: -2.3
- Exposed: 15 devices
Enable Attack Surface Reduction (High)
ASR rules not enabled on 45 devices. Blocks common attack techniques.
- Score impact: -1.8
- Exposed: 45 devices
Remove End-of-Life Windows 7 (Critical)
3 devices running Windows 7 with no security updates since 2020.
- Score impact: -3.1
- Exposed: 3 devices
Remediation Tracking
Remediation Requests
Create requests for IT to patch vulnerabilities. Track status from open to completed. Integrate with ServiceNow or Intune.
Exception Management
Document accepted risks when vulnerabilities cannot be patched. Set expiration dates and justification for exceptions.
Threat and Vulnerability Insights
Exploit Availability
Flag CVEs with publicly available exploit code. Higher priority for patching.
Active Threats
Link to Microsoft threat intelligence showing active campaigns exploiting specific vulnerabilities.
CISA KEV
Flag vulnerabilities on CISA’s Known Exploited Vulnerabilities catalog. Required remediation for federal agencies.
Device Vulnerability View
See all vulnerabilities affecting a specific device:
- Total CVEs by severity
- Vulnerable applications installed
- Missing security updates
- Security configuration weaknesses
- Remediation recommendations for that device
Best Practices
- Prioritize by exposure score impact — Focus on recommendations that reduce exposure score the most.
- Address exploited-in-wild first — CVEs with active exploits pose immediate risk. Patch within 24-48 hours.
- Review exceptions regularly — Don’t let risk exceptions become permanent. Set expiration reminders.
- Remove end-of-life software — Unsupported software accumulates vulnerabilities with no patches available.
API Reference
GET /api/security/vulnerabilities— List all detected vulnerabilitiesGET /api/security/vulnerabilities/exposure-score— Get organization exposure scoreGET /api/security/vulnerabilities/software— Get vulnerable software inventoryGET /api/security/vulnerabilities/recommendations— Get security recommendationsGET /api/security/vulnerabilities/devices/:deviceId— Get device vulnerabilities