The following operating systems are currently supported: Once the network devices are discovered and classified, security administrators will be able to receive the latest security recommendations and review recently discovered vulnerabilities on network devices deployed across their organizations. Vulnerability management for network devices Network devices: The network devices you plan to scan and onboard.Assessment device: A device that's already onboarded that you'll use to scan the network devices.There will be two types of devices to keep in mind: Depending on the network topology and characteristics, a single device or a few devices onboarded to Microsoft Defender for Endpoint will perform authenticated scans of network devices using SNMP (read-only). These types of devices require an agentless approach where a remote scan will obtain the necessary information from the devices.
Network devices are not managed as standard endpoints since Defender for Endpoint doesn't have a sensor built into the network devices themselves. Once discovered, Defender for Endpoint's threat and vulnerability management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways. Network discovery capabilities are available in the Device inventory section of the Microsoft 365 Defender portal and Microsoft 365 Defender consoles.Ī designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. This article provides an overview of the challenge that Network device discovery is designed to address, and detailed information about how get started using these new capabilities. The Network device discovery and vulnerability assessments Blog (published 04-13-2021) provides insights into the new Network device discovery capabilities in Defender for Endpoint.