Azure Defender integration with TVM

As part of the October update, Azure Defender is now integrated with Microsoft Threat and Vulnerability Management (TVM) which is now in public preview!

This is an amazing set of features which we are so pumped to tell you more about! Here’s a simple breakdown of the new release in preview as of 06/10/2021:

Software Inventory For Servers (in preview)

The asset inventory page now has a filter to display machines running specific 3rd party applications and even the version. This is for Azure Defender customers using the MDE integration and you can even query the software inventory data in Azure Resource Graph Explorer.

Filtering resources by installed software
Reviewing installed software for a single resource
Advanced search with ARG

TVM Vulnerability Assessment For Servers (in preview)

The integration between Azure Defender for servers and Microsoft Defender for Endpoint has been extended for Azure Defender customers where you can now select TVM as the vulnerability assessment provider for servers, without additional installations. Discover vulnerabilities and misconfigurations in near real time with the MDE integration enabled. No agents or one-time scans and prioritised vulnerabilities based on your workload and the latest threat intel.

TVM vulnerability findings in ASC

Onboarding At-Scale For Vulnerability Assessment (in preview)

Security Center’s auto provisioning page now includes the option to automatically enable a vulnerability assessment solution for those resources protected by Azure Defender for Servers. A conversation I hear all the time with our customers is around the time of investment of configuring enterprise grade environments and this is one of many ways we want to reduce that time to adoption and accelerate project progress to help you achieve your business objectives.

If you also have MDE enabled, you can choose from either the MTVM or integrated qualys agent.

At-scale enrollment for server vulnerability assessment

Reduce your dependency on legacy and siloed 3rd party programs. Use native built-in functionality where possible to reduce your attack surface. Remove unnecessary administrative effort, especially for enterprise grade deployments.

See release notes for more details:

Resource Credit: Aviv Mor + ASC team

Author