Compare Microsoft Defender Vulnerability Management plans and capabilities
Important
This article provides a summary of vulnerability management capabilities available across different Microsoft Defender product plans; however, it's not intended to be a service description or licensing contract document. For more detailed information, see the following resources:
This article helps clarify the Defender Vulnerability Management capabilities included in:
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Servers
Note
Microsoft Defender Vulnerability Management isn't currently available to Microsoft Defender for Business customers.
Start a trial
Note
The Microsoft Defender Vulnerability Management trial isn't currently available to US Government customers using GCC High, and DoD. For more information on purchase options available, see Microsoft Defender Vulnerability Management.
- We recommend working with a Microsoft reseller to start your trial. If you're not already working with a reseller, see Microsoft Security partners.
- If you already have Defender for Endpoint Plan 2 Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers.
- For new customers or existing Defender for Endpoint P1 or Microsoft 365 E3 customers the Microsoft Defender Vulnerability Management Standalone is now generally available. To try it, go to Try Defender Vulnerability Management Standalone.
Vulnerability Management capabilities for endpoints
The following table summarizes the availability of Defender Vulnerability Management capabilities for endpoints:
| Capability | Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities | Defender Vulnerability Management Add-on provides the following premium Vulnerability Management capabilities for Defender for Endpoint Plan 2 | Defender Vulnerability Management Standalone provides full Defender Vulnerability Management capabilities for any EDR solution |
|---|---|---|---|
| Device discovery | ✔ | - | ✔ |
| Device inventory | ✔ | - | ✔ |
| Vulnerability assessment | ✔ | - | ✔ |
| Configuration assessment | ✔ | - | ✔ |
| Risk based prioritization | ✔ | - | ✔ |
| Remediation tracking | ✔ | - | ✔ |
| Continuous monitoring | ✔ | - | ✔ |
| Software inventory | ✔ | - | ✔ |
| Software usages insights | ✔ | - | ✔ |
| Security baselines assessment | - | ✔ | ✔ |
| Block vulnerable applications | - | ✔ | ✔ see note |
| Browser extensions assessment | - | ✔ | ✔ |
| Digital certificate assessment | - | ✔ | ✔ |
| Network share analysis | - | ✔ | ✔ |
| Hardware and firmware assessment | - | ✔ | ✔ |
| Authenticated scan for Windows | - | ✔ | ✔ |
Note
If you're using the standalone version of Defender Vulnerability Management, to use the "block vulnerable applications" feature, Microsoft Defender Antivirus must be configured in active mode. For more information, see Microsoft Defender Antivirus Windows.
Vulnerability Management capabilities for servers
For Microsoft Defender for Cloud customers, Defender Vulnerability Management is natively integrated within Defender for Cloud to perform vulnerability assessments for cloud-based virtual machines. Recommendations automatically populate in the Defender for Cloud portal.
Defender Vulnerability Management premium capabilities are available to server devices with Microsoft Defender for Servers Plan 2.
Note
Client devices require the Defender Vulnerability Management add-on license to access Defender Vulnerability Management premium capabilities.
To use the premium vulnerability management capabilities for your client devices, see Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers.
The capabilities are only available through the Microsoft Defender portal.
The following table lists the availability of Defender Vulnerability Management capabilities across the Defender for Servers plans.
| Capability | Defender For Servers Plan 1 | Defender For Servers Plan 2 |
|---|---|---|
| Vulnerability assessment | ✔ | ✔ |
| Configuration assessment | ✔ | ✔ |
| Risk based prioritization | ✔ | ✔ |
| Remediation tracking | ✔ | ✔ |
| Continuous monitoring | ✔ | ✔ |
| Software inventory | ✔ | ✔ |
| Software usages insights | ✔ | ✔ |
| Security baselines assessment | - | ✔ |
| Block vulnerable applications | - | ✔ |
| Browser extensions assessment | - | ✔ |
| Digital certificate assessment | - | ✔ |
| Network share analysis | - | ✔ |
| Hardware and firmware assessment | - | ✔ |
| Authenticated scan for Windows | - | ✔see note |
Note
The Windows authenticated scan feature will be deprecated by the end of November 2025 and won't be supported beyond that date. For more information about this change, see the Windows authenticated scan deprecation FAQs.