Unpacking the new Defender Vulnerability Management add-on

• Microsoft Defender Vulnerability Management is an additional cost add-on for Defender for Endpoint on clients that can be used stand-alone with some third-party EDR products.
• Defender Vulnerability Management offers additional scanning and assessments to help organizations survey the security health of Windows endpoints.
• The features included in Vulnerability Management make a logical addition to Defender for Endpoint, but customers may balk at yet more monthly security costs for each user.

Defender Vulnerability Management is a new Microsoft service that delivers a set of tools to help organizations detect points of vulnerability on their Windows PCs. Defender Vulnerability builds on the capabilities included in Microsoft Defender for Endpoint (MDE) but adds additional security and vulnerability assessments for client endpoints.

Most (but not all) of these features work only with Windows endpoints, not Macs or Linux desktops or any mobile devices, but organizations may find them useful. The service is available as an add-on for MDE, or stand-alone for customers using a third-party endpoint detection and response (EDR) product or service. Note that the same features are available for server systems through Azure as a part of Microsoft Defender for Cloud’s Defender for Servers Plan 2 offering without any additional costs.