Network Device Discovery & Vulnerability Management with Microsoft 365 Defender

Discover & manage vulnerabilities in your network devices with Microsoft 365 Defender.

Network discovery capabilities are available in the Device inventory section of the Microsoft 365 Defender portal and Microsoft 365 Defender consoles.

A designated Microsoft Defender for Endpoint device is used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint’s Vulnerability Management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.

Once the network devices are discovered and classified, security administrators are able to receive the latest security recommendations and review recently discovered vulnerabilities on network devices deployed across their organizations.

Approach

Network devices aren’t managed as standard endpoints since Defender for Endpoint doesn’t have a sensor built into the network devices themselves. These types of devices require an agentless approach where a remote scan obtains the necessary information from the devices. Depending on the network topology and characteristics, a single device or a few devices onboarded to Microsoft Defender for Endpoint performs authenticated scans of network devices using SNMP (read-only).

There are two types of devices to keep in mind:

  • Scanning device: A device that’s already onboarded that you use to scan the network devices.
  • Network devices: The network devices you plan to scan and onboard.

Vulnerability management for network devices

Once the network devices are discovered and classified, security administrators are able to receive the latest security recommendations and review recently discovered vulnerabilities on network devices deployed across their organizations.

In short: Receive security recommendations & review recently discovered vulnerabilities

Operating systems that are supported

The following operating systems are currently supported:

  • Cisco IOS, IOS-XE, NX-OS
  • Juniper JUNOS
  • HPE ArubaOS, Procurve Switch Software
  • Palo Alto Networks PAN-OS

More networking vendors and OS will be added over time, based on data gathered from customer usage. Therefore, you’re encouraged to configure all your network devices, even if they’re not specified in this list. More vendors & OS will be added over time!

I had no equickment from the listed vendors, so I can´t test it! 😢

How to Get Started:

  • Choose a Defender for Endpoint onboarded device for scans
  • Allow SNMP traffic between the scanning device & targeted devices
  • Configure network devices for SNMP read-only
  • Obtain IP addresses & SNMP credentials of devices to be scanned
  • Add necessary domains/URLs for authentication

Install the scanner

  1. Go to Microsoft 365 security > Settings > Device discovery > Authenticated scans.
  2. Download the scanner and install it on the designated Defender for Endpoint scanning device.

The installer is small and esay to isntall silent, as it is an .msi 😉

Updates for the scanner

The scanner has a scheduled task that, by default, is configured to look for updates regularly. When the task runs, it compares the version of the scanner on the client device to the version of the agent on the update location. The update location is where Windows looks for updates, such as on a network share or from the internet.

If there’s a difference between the two versions, the update process determines which files are different and need to be updated on the local computer. Once the required updates are determined, the downloading of the updates will start.

It’s possible to disable automatic updates of the scanner by going to the MDATP Network Scanner Updater inside the Windows Task Scheduler. To do this:

  • In Windows, go to Computer Management > Task Scheduler > Task Scheduler Library.
  • Select MDATP Network Scanner Updater > right-click > and select Disable.
  • To re-enable, right-click on MDATP Network Scanner Updater and select Enable.

Keep your network secure & up-to-date! 💪🔐

Read more here

Total
0
Shares
Previous Article

Set up a free Microsoft Intune lab tenant with Microsoft 365 developer subscription

Next Article

What is Customer lockbox in Microsoft 365, and how to use it?

Related Posts