A vulnerability assessment solution should be enabled on your virtual machines – Azure

  1. General introduction
  2. Step-by-step guide
  3. Sources

General introduction

This is one of the more common alerts that may come up when you activate Defender for Cloud. This message comes up when a vulnerability assessment solution is not found in at least one virtual machine in your environment.

What happens behind the curtains? Azure virtual machine servers are constantly checked for infrastructure security misconfigurations by Defender for Cloud, which offers advice on how to fix them. Through integrated Vulnerability Assessment solutions or via agents and extensions, Defender for Cloud can also report on vulnerabilities found and the OS or application level. Since these “agents” must be configured for the process to work, you should configure the automatic provisioning of vulnerability assessment solutions on your virtual machines.

A valid VA solution is one of the following:

  • Microsoft threat and vulnerability management, included in both the Defender for Servers plans (P1 and P2). This is now the suggested solution, especially if you already use Microsoft Defender for Endpoint. You should not confuse this with the Microsoft Defender Vulnerability Management Add-on, which has a really similar name but is a different feature included with Defender for Servers Plan 2.
  •  The Qualys agent, also included in Defender for Servers, but just in Defender for Servers Plan 2. This used to be the default choice in the past.
  •  A Bring Your Own License Qualys or Rapid7 agent configured to integrate with Defender for Cloud. If you are looking at ways to incorporate them, follow this article: Integrate security solutions in Microsoft Defender for Cloud | Microsoft Docs

As we said, Microsoft threat and vulnerability management is the default solution to fix this recommendation. The only case I would use something else is if you already have Qualys or Rapid 7 in your environment and want to manage everything from a single pane. Defender for Endpoint will be onboarded in the VM through the MDE.Windows extension.

Step-by-step guide

To automatically enable a vulnerability assessment solution and resolve the alert:

  • Search Defender for Cloud from the Azure Portal (portal.azure.com)
  •  From Defender for Cloud’s menu, click on Environment settings from the left bar.
  • Click on the subscription the resource is in.
  • In the top bar, click on Settings & Monitoring.
  • Turn on (if it’s not already enabled) the vulnerability assessment for machines and select the solution you wish to use. I’ll enable Microsoft Defender vulnerability management.

Once you are done, wait for the check to be triggered again. The alert should go away automatically after 24 hours.