Migrate to Azure Defender from Qualys Vulnerability Assessment

Introduction

&nbs

Microsoft Defender for Cloud merges all vulnerability assessment solutions to utilize the Microsoft Defender Vulnerability Management vulnerability scanner. As part of this transition, the Defender for Cloud Containers Vulnerability Assessment powered by Qualys has been retired. https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes#defender-for-cloud-containers-vulnerability-assessment-powered-by-qualys-retirement

If you haven’t made the switch yet, follow the steps below to seamlessly transition to vulnerability assessments for Azure using Microsoft Defender Vulnerability Management.

Step 1. Verify scanning enablement

Container vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management is enabled by default for the following services.

• Defender for Containers
• Defender for Container Registries (deprecated)
• Defender Cloud Security Posture Management

If your organization disabled scanning, you need to re-enable the Agentless container vulnerability assessment toggle in one of the plans. This change will automatically reflect across the mentioned plans.

Step 2. Update REST API and Azure resource graph queries (optional)

If you were accessing container vulnerability assessment results via Qualys (using Azure Resource Graph (ARG) REST API or Sub assessment REST API), you’ll need to update your existing queries saved in Azure Resource Graph. Verify they match the new schema and REST API provided by the container vulnerability assessment published by Microsoft Defender Vulnerability Management.

Here are a few examples to help you transition your queries:

Example. Show unhealthy container images

Qualys query (Azure Resource Graph)

Update to Microsoft Defender vulnerability management query
 

Remember to replace "YOUR_NEW_ASSESSMENT_KEY" with the suitable assessment key.

For more details, visit the official article: Transition to Microsoft Defender Vulnerability Management.