Skip to content

Update network-devices.md #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

Update network-devices.md #211

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
939f0e5
Update network-devices.md
MrLightBulb Mar 5, 2025
4bc987e
Update network devices documentation formatting and details
denisebmsft Mar 6, 2025
bf90c4a
Merge branch 'public' into patch-1
denisebmsft Mar 6, 2025
c13f3da
Merge branch 'public' into patch-1
denisebmsft Mar 6, 2025
d2dc7e5
Merge branch 'public' into patch-1
denisebmsft Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 17 additions & 15 deletions defender-endpoint/network-devices.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ ms.collection:
ms.custom: admindeeplinkDEFENDER
ms.topic: conceptual
search.appverid: met150
ms.date: 01/02/2025
ms.date: 03/06/2025
---

# Network device discovery and vulnerability management
Expand All @@ -23,15 +23,14 @@ ms.date: 01/02/2025

**Applies to:**

- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
- [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
- [Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
- [Microsoft Defender XDR](/defender-xdr)

> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-portaloverview-abovefoldlink)

> [!NOTE]
> The [Network device discovery and vulnerability assessments](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/network-device-discovery-and-vulnerability-assessments/ba-p/2267548) Blog \(published 04-13-2021\) provides insights into the new **Network device discovery** capabilities in Defender for Endpoint. This article provides an overview of the challenge that **Network device discovery** is designed to address, and detailed information about how get started using these new capabilities.
> The [Tech Community Blog: Network device discovery and vulnerability assessments](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/network-device-discovery-and-vulnerability-assessments/ba-p/2267548) (published 04-13-2021) provides insights into the new **Network device discovery** capabilities in Defender for Endpoint. This article provides an overview of the challenge that **Network device discovery** is designed to address, and detailed information about how get started using these new capabilities.

Network discovery capabilities are available in the **Device inventory** section of the [Microsoft Defender portal](https://security.microsoft.com) and Microsoft Defender XDR consoles.

Expand All @@ -43,6 +42,9 @@ Once the network devices are discovered and classified, security administrators

Network devices aren't managed as standard endpoints since Defender for Endpoint doesn't have a sensor built into the network devices themselves. These types of devices require an agentless approach where a remote scan obtains the necessary information from the devices. Depending on the network topology and characteristics, a single device or a few devices onboarded to Microsoft Defender for Endpoint performs authenticated scans of network devices using SNMP (read-only).

> [!NOTE]
> Authenticated scans support `SNMPv2` and `SNMPv3`.

There are two types of devices to keep in mind:

- **Scanning device**: A device that's already onboarded that you use to scan the network devices.
Expand Down Expand Up @@ -85,9 +87,9 @@ Your first step is to select a device that performs the authenticated network sc

8. To allow the scanner to be authenticated and work properly, it's essential that you add the following domains/URLs:

- \*.security.microsoft.com
- login.microsoftonline.com
- \*.blob.core.windows.net/networkscannerstable/\*
- `*.security.microsoft.com`
- `login.microsoftonline.com`
- `*.blob.core.windows.net/networkscannerstable/*`

> [!NOTE]
> Not all URLs are specified in the Defender for Endpoint documented list of allowed data collection.
Expand All @@ -109,7 +111,7 @@ The scanner is supported on Windows 10, version 1903 and Windows Server, version

2. Download the scanner and install it on the designated Defender for Endpoint scanning device.

:::image type="content" source="/defender/media/defender-endpoint/network-authenticated-scan-new.png" alt-text="Screenshot of the add new authenticated scan screen" lightbox="/defender/media/defender-endpoint/network-authenticated-scan-new.png":::
:::image type="content" source="/defender/media/defender-endpoint/network-authenticated-scan-new.png" alt-text="Screenshot of the add new authenticated scan screen" lightbox="/defender/media/defender-endpoint/network-authenticated-scan-new.png":::

## Scanner installation & registration

Expand All @@ -122,8 +124,8 @@ To complete the scanner registration process:

1. Copy and follow the URL that appears on the command line and use the provided installation code to complete the registration process.

> [!NOTE]
> You may need to change Command Prompt settings to be able to copy the URL.
> [!NOTE]
> You may need to change Command Prompt settings to be able to copy the URL.

2. Enter the code and sign in using a Microsoft account that has the Defender for Endpoint permission called "Manage security settings in Defender."

Expand All @@ -141,7 +143,7 @@ If there's a difference between the two versions, the update process determines

2. Select **Add new scan** and choose **Network device authenticated scan** and select **Next**.

:::image type="content" source="/defender/media/defender-endpoint/network-authenticated-scan.png" alt-text="Screenshot of the add new network device authenticated scan screen" lightbox="/defender/media/defender-endpoint/network-authenticated-scan.png":::
:::image type="content" source="/defender/media/defender-endpoint/network-authenticated-scan.png" alt-text="Screenshot of the add new network device authenticated scan screen" lightbox="/defender/media/defender-endpoint/network-authenticated-scan.png":::

3. Choose whether to **Activate scan**.

Expand All @@ -159,9 +161,9 @@ If there's a difference between the two versions, the update process determines

|Authentication Method|Azure KeyVault secret value|
|:----|:----:|
|AuthPriv|Username;AuthPassword;PrivPassword|
|AuthNoPriv|Username;AuthPassword|
|CommunityString |CommunityString|
|`AuthPriv`|Username;AuthPassword;PrivPassword|
|`AuthNoPriv`|Username;AuthPassword|
|`CommunityString` |CommunityString|

9. Select **Next** to run or skip the test scan.

Expand All @@ -172,7 +174,7 @@ If there's a difference between the two versions, the update process determines

### Scan and add network devices

During the set-up process, you can perform a one time test scan to verify that:
During the setup process, you can perform a one time test scan to verify that:

- There's connectivity between the Defender for Endpoint scanning device and the configured target network devices.
- The configured SNMP credentials are correct.
Expand Down