Exploring Firmware Assessments in Microsoft Defender Vulnerability Management

On November 28 (yesterday), the new Firmware Assessments feature in Microsoft Defender Vulnerability Management was announced as being available in Public Preview. Read more about the announcement here: Firmware assessments in Microsoft Defender Vulnerability Management


The license requirements are too often clear as mud, but it seems to work just fine with a regular Microsoft 365 E5 license. Upon logging into the Microsoft 365 Defender portal (https://security.microsoft.com ) and navigating to Vulnerability management / Inventories, I was greeted with the message: The new Microsoft Defender Vulnerability Management add-on has been turned on for all devices, including servers, in your organization. 

Onboarding a few devices

I quickly onboarded a few devices, and while the quickly showed up under devices, complete with inventory and all, it required a reboot of the machines for the Hardware & Firmware info to be populated. Could be a coincidence too, but gut feeling says no 🙂


Sure enough, since I knew that some of the Dell machines haven't had their BIOS updated in a while, they got flagged for not being secure.

The new Hardware & Firmware tab.
The Latitude 3310 2-in-1 Firmware vulnerabilities.
Recommendation to update BIOS.
About the author

Johan Arwidmark

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments