All Articles

MDATP Threat Vulnerability Management

Threat & Vulnerability Management is a new Microsoft Defender ATP component that helps effectively identify, assess, and remediate endpoint weaknesses. Threat & Vulnerability Management provides both security administrators and security operations teams with unique value, including:

  • Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
  • Invaluable machine vulnerability context during incident investigations
  • Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager

16 april 2019 Microsoft was announcing MDATP Threat Vulnerability Management is in public preview.

Threat & Vulnerability Management is the latest innovation in Microsoft Defender ATP, which continues to evolve to provide customers with powerful, real-time, and integrated means to discover, prioritize, and remediate threats. Customers who have turned on Microsoft Defender ATP preview features will see this game-changing capability in their dashboard.

Let’s take a look:

Dashboard

Get a high-level view of the organization exposure score, MDATP configuration score, top remediation activities, top security recommendations, top vulnerable software, and top exposed machines data.

Security recommendations

See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, and have the option to open the software page, and see the remediation options.

Remediation

See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV.

Software inventory

See the list of applications, versions, weaknesses, whether there’s an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the vulnerabilities and misconfigurations associated and its machine and version distribution details.