Share via

Defender for cloud scans aren't running for windows servers

Nishant R V (Perimatics) 0 Reputation points
2025-07-08T23:03:03.8333333+00:00

images.pdf

Using defender for cloud to scan for package and other vulnerabilities on our Azure VM (see environment settings in attached screenshot). Our VMs are only on when in use (about 8 hours a day).

All VM's have the recommendation "machines should have a vulnerability assessment solution", which is surprising given the environment settings shown in first screenshot.

"Fix" button does not work for this recommendation and there is no documented method to "forcing" scans manually.

Looking for how we can turn on automatic scanning of these servers?

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 13,330 Reputation points Volunteer Moderator
    2025-07-31T07:37:35.7733333+00:00

    Hi Nishant , thanks for posting this,

    so u got those azure vms and defender for cloud keeps saying 'machines should have a vulnerability assessment solution' even though everything seems set up right )) classic microsoft moment huh?

    make sure the azure security agent is actually running on those vms. sometimes it just... stops )) check the microsoft defender for cloud agent health docs at https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management

    also look at the scan schedules - since your vms are only on 8 hours a day, the scans might be trying to run when the machines are off. defender can be a bit stubborn about this ))

    aha and about that broken 'fix' button - yeah that happens more than it should. instead, try removing the vulnerability assessment solution and adding it again https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management

    this might help in other tools too - always check if your security solutions match your vm uptime schedules. worth looking into whether u can adjust scan windows to match when servers are actually available ))

    as well check this - sometimes the built in defender scans conflict with other security tools. if u got anything else running scans, they might be stepping on each other's toes.

    oh and one more thing - defender needs internet access to do its thing. if your vms are locked down too tight, the poor thing can't phone home )) check out the network requirements here https://docs.microsoft.com/en-us/azure/defender-for-cloud/faq-data-collection-agents

    hope this helps get those scans running!

    Best regards,

    Alex

    and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer

    https://ctrlaltdel.blog/

    0 comments
  2. Catherine Kyalo 2,100 Reputation points Microsoft Employee
    2025-08-08T13:33:49.8466667+00:00

    Nishant R V (Perimatics)

    As, these are VMs and not servers,

    Today, such devices are not officially covered under the Defender for servers bundle per them not actually being servers - it means that the MDE extension via MDC will not be installed on such machines, and that vulnerability assessments results from the MDVM agent on such machines would only appear in the defender portal for devices, and not in MDC that only shows servers' MDVM VA value today.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.