This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Introduction
As Microsoft Cloud Solution Architects, we get asked by Businesses, IT Managers and Cybersecurity Experts to accurately report on the Vulnerabilities and CVEs in our environments. This could be as easy as just deploying Endpoint Protection updates or as advanced as deploying every category and 3rd Party Updates using Microsoft Defender for Endpoint.
Vulnerability Management Dashboard: Microsoft Defender for Endpoint
This Spring release involves implementing a cloud-based reporting and visualization solution that brings exposure to active threats into sharp focus. It is intended to provide value to IT Leaders, Stakeholders, Security & Compliance teams, and Operations Teams that are responsible for mitigating CVE documented risks. The reports provide rich drill throughs that enable full understanding of an organization's current data and trends. The data is sourced from Microsoft Defender for Endpoint using API calls, stored in a small serverless Azure SQL instance, and can be accessed from anywhere on any device.
Outcomes
Dashboard with a summary view that shows CVE vulnerability status for the current month, the previous month, and all prior. These views refresh daily on a desired scheduled time frame.
Customization options to exclude specific CVEs and classes of vulnerabilities.
Cloud installation that creates a small Azure serverless SQL instance, an Azure Automation Account, and an Azure Service Principal.
The Report
The report features 8 main pages to use as a starting point, with additional subpages and drill-ins to allow you to get the information the way you need to see it.
Summary - View device compliance against CVEs, grouped by the last 3 monthly release cycles. Drill into devices with a specific status in a specific period to get a detailed list of devices and which CVEs have open vulnerabilities currently.
Vulnerabilities - View a breakdown of all CVEs where a device has an open vulnerability. View and Drill into devices by CVE ID, Release Cycle, or Exploitability level.
Configurations - View a list of Configurations recommended by Windows Defender to further harden your devices. Drill into machines with a recommended configuration by Type, Platform, or for a specific recommendation.
Devices by State - View all devices in a specific state, including devices with a current open vulnerability, no open vulnerability, devices where the Operating System is no longer supported by Microsoft, devices that can be onboarded to Defender but have not yet been, and all active devices in Defender.
Search - Search for a specific vulnerability or device and drill in for more details.
Device Health - View the current health of devices in Defender, the status of Defender updates including Security Intelligence updates, and the configuration status of Defender features such as whether Defender is in Active or Passive mode, or if critical components of Defender such as Cloud Protection, Real Time Protection, Tamper Protection, and Behavior Monitoring are enabled across all of your devices.
Device Health Details - Drill into device health and status at the device level to view Defender feature status, update status, and vulnerability status.
Global Filters - Easily Filter the entire report from a single page by Device properties (Device Group, Operating System, Cloud Provider, Subscription Id, etc.), CVE properties (CVE ID, CVSS Score, Exploitability level, if there is an update available, publish date, etc.) or by specific software installed.
Conclusion
This solution will provide accurate reporting of your Vulnerabilities across the entire Defender for Endpoint Estate. This allows for remediation in a very agile manner. We proactively maintain changes and updates to adapt to customer needs and product updates for Defender for Endpoint.
How do I book this engagement?
If you are a Microsoft Premier or Unified customer, you can reach out to your Customer Success Account Manager (CSAM) for more questions!
Special thanks to the Current Dev Team:
Chris Sugdinis, Todd Sterrett, Suhail Abdul Salam, Todd Linke, Nathan Hughes-Smith, Vikram Sahay, Werner Rall, Ken Wygant, Michael Schmidt, Shawn Rand, Jon Ellis
Disclaimer: The sample scripts or Power BI Dashboards are not supported under any Microsoft standard support program or service. The sample scripts or Power BI Dashboards are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts or Power BI Dashboards be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.