You. Hello and welcome to the let's talk. Azure podcast with your host Sam Foote and Anne Armstrong. If you're new here, we're a pair of Azure and Microsoft three, six, five focused it security professionals. It's episode seven of season five. Sam and I had a recent discussion around vulnerability management, a process of finding, prioritizing and fixing security weaknesses in your organization. Here are a few things we cover. Good. What are vulnerabilities?
Why should you be monitoring and resolving them? How can Microsoft solutions help? And what licenses do you need? We've noticed a large number of you aren't subscribed. If you do enjoy our podcast, please do consider subscribing. It would mean a lot to us. For you to show your support to the show. It's a really great episode, so let's dive in. Hey, Alan, how are you doing? Hey, Sam. Not doing too bad. How are you?
Yeah, good, thank you. Good, thank you. Any news this week from the world of Azure that you want to share. Again? I've been pretty busy this week, but I think we know about Microsoft secure happening on the 13th or 14 March. I think it's the second one ever as it's sort of a new virtual event. We should probably do a wrap up of that, I would have thought. I assume it's going to be a very AI heavy episode, is my guess. Yeah, it's on when I'm in Seattle. So it's going to be. Oh yeah, yeah.
So you're going to have to, I. Don'T know, catch up live streaming it. Yeah, maybe. Yeah, it was interesting. I saw there was a learn pathway for security copilot that's been published. Did you see that? I haven't actually checked it out. Have you had a look at it? No, I haven't had a look yet, no.
I just thought it was interesting that we've got a learn pathway before we've got a pricing and a GA date. I think that says it all. I think really about the push of the product, but it'd be really interesting to see what sort of news comes. Out of secure because obviously we've got.
Security copilot which is on its way to us. Don't know. Have you got any other things that you're sort of thinking is going to be released then or do you think it's just going to be a recap? Because last time I don't think it was too much new product. There was, there it was more recap, if I remember rightly, it was when. Security copilot was announced the first is that it's when it was first announced first sort of highlighted I suppose, and. Then ignite brought it bit more close.
To reality I guess. But yeah. No, I can't think of anything that's coming up. There's a few things in the preview community that will probably be released then either into public preview or General Ga, so. But yeah. What about you Sam? Have you heard any other news around Azure? No, not really. Since our last sort of update. Obviously we'll probably be due a news. Just have a look at the calendar. Actually no news will be. Not next episode. The episode after.
Yeah. Because we're sort of flying through the month now aren't we? Right. We're getting towards the end of February so. Yeah we're already at. What is this episode seven isn't it, of season five. Yeah. Again we say it every single time. It just goes so quickly doesn't it? Normally this would be like a third of the way through the season. Yeah exactly. In our old way of doing 20. Episodes of seasons just for John. For John Alan. Right. What are we talking about this week?
Yeah, so we're going to dive into vulnerability management. We've kind of talked previously in other. Episodes about some of the technology that Microsoft has and that it helps with vulnerability management. I think we've ever sort of talked overall and then sort of brought them all together. So I think that's the idea. Ok. Let's start from the top then shall we? What are vulnerabilities and why should we be concerned about them?
So vulnerabilities are weaknesses, I think the best way to say it, weaknesses that are within your, within your organization generally. And that's probably a generalized term for it, but the context I'm using is within your, operating, within your software, within. Your hardware, within your.
You could also say your configuration. So vulnerabilities are sometimes, like I said, configuration, but also within the sort of I guess the world we have something called cves. And don't quote me what CVE means, I can't remember off the top of my head. But in effect when a vulnerability is found within some software and it's been reported, then a CVE is created for. It with the type of weakness that's. Within the software, what it could be used for, remote code execution, things like.
That, and then what version of software. Or BIOS et cetera that it's at. And then I guess how you can. Then track, it's a way to then track that within your organization. And it's important to sort of keep. Track of this, because it might be. That maybe you have a lengthy patch process with core critical systems and one. Of these vulnerabilities might come out that puts you at risk of being compromised. It might open a back door. We've seen it be on.
Firewalls, VPN solutions, where people can then create connections. Get into your network that way, or.
Grab credentials from the systems. And then if you're not patching your environment regularly, then you're sort of exposed to that risk. Some of the really big vulnerabilities we've seen is things like, the biggest one I had to sort of be involved in was things like the Solowinds CVE when they had a supply chain attack. There's a lot of organizations that use SolarWinds to monitor their networking and things like that. And it was potentially able to do some remote code execution because it's on all the machines to monitor.
So that was quite a key one. That I've had to deal with in the past to track, make sure everything's up to date and make sure an organization isn't compromised anymore. Well, not compromised, but vulnerable to the CVE. So. It'S hard to, you need software to be monitoring it. It's very difficult to not have that because it could be one, two, three people's time to check vulnerability lists that are out there or big announcements. It could be, they may have to.
Be checking, make sure, I think is up to date, checking what versions they're on. It's almost like asset, you need software asset and things like that. So I think that's sort of it. Quite high level, I guess. And yeah, you definitely need to be sort of tracking it at least and trying to keep, make sure you're just. Reducing your exposure to risk at that point.
So you're saying this is sort of a constant challenge for organizations, I assume, with how much software that organizations use on their. If we just talk about software vulnerabilities as an example, like you say, there can be configuration and firmware, but let's just focus on software for the moment. Right?
I don't know what the average inventory size is of software on an endpoint in an organization, but I bet you it must be tens if not hundreds of applications, right? To me this must be just an ongoing sort of whack a mole situation of having vulnerabilities exposed publicly, you tracking them down and constantly patching your machines. Do you really need to do it manually? Do you not have things like Windows update that sort of covers you for these types of things?
Yeah, you're right. It is a bit of sort of like you said, whack a mole kind of thing to it. And I've been in situations kind of.
Like you said, once something's being announced, you know, you've got the software, it's on all of your endpoints, you've got to then rapidly patch it and it could be windows updates at the same time. It could be windows vulnerability. But as much as we'd like everything to sort of patch instantly, it's not always that easy. So having to track that, have to understand what is remediated, what isn't, understanding. How much of your environment is at risk. Because bear in mind you might be.
Amazing at patching and maybe patch Tuesday, the next day, it's all done sort of thing. I mean I'd like to see an. Organization that might do that because it's not that easy, but without being able to understand how much risks you've got. Or to sign it off because you're. Going to have your security team saying this needs patching. Now tell me how exposed we are sort of thing. Do we need to start locking down stuff? But yes, you can do some of that automatically.
There's various sort of tools out there that have vulnerability scanners and things like that, but a key part of it. Is monitoring it or understanding where your. Software is on versioning and things like. That and that sort of asset, software.
Asset register to understand what versions are out there so you can track if you're vulnerable and things like that. So there are tools for doing that, but then there's tools that also help with the vulnerability understanding. This version of software has this many vulnerabilities in it.
Okay, so it seems like a staple of modern it, I suppose, and the responsibility of organizations to keep on top of it. It seems like quite a complex situation really. On the surface it seems relatively simple. I suppose it's like just keep everything up to date. But I suppose when you've got potentially hundreds or thousands of endpoints with a software catalog of hundreds of different pieces of software and they're updated very differently, then tracking that is not a manual job anymore at that point.
Right? Yeah. And you might not be able to. Update software because you might need to.
Go for a testing process. Maybe you're on, there's a major version upgrade and you have to go to that to be patched against this vulnerability. You might not be able to do that because your software relies on it. I mean take older version of Java runtimes, some of those have got some, quite some vulnerability. Well they have vulnerabilities in them that are patched in newer versions, but your software only runs on that lower version so you need to track where that risk is.
Yeah, like you say, it's not just security related related patching. You've also got functionality related patching in there as well, deprecations that you've got to deal with, I suppose. Yeah, no, it seems complicated. Okay. What solution is in place for Microsoft to sort of help with vulnerabilities in the organization? So it's a mix of quite a. Lot of products around a vulnerability. It did kind of start in one. Place, which was defender for endpoint because.
I think when the plan two side of things that came with vulnerabilities management, sort of early doors to kind of start your monitoring of your endpoints. But you got Defender endpoint. Microsoft then brought out some additional functionality in that space around Microsoft Defender vulnerability. Management as an add on to enhance that capability. You've then got some of the new.
Capability in things like Microsoft Defender for cloud, the cloud security posture management CSPM. So some of the protective workloads around that, especially in Defender for server. You. Was able to then use Defender for endpoint to do your vulnerability checking. Or you could use sort of bring your own license or a lightweight version of the license for qualis, which is another sort of vulnerability management solution. So across those sort of couple of.
Products there you do get sort of sight of everything as well. Again, kind of tied to defender for endpoint because it's kind of started there really because your endpoints are the most vulnerable places. That's where your users are sort of surfing the Internet, et cetera, and exposing themselves. Is they had some other capability.
Around enterprise Iot on your network as well. So I think that's kind of sort of the key areas or the key products at least that sort of help you with that today with a, like I said, there's configuration. If we talk about configuration and things like that, then Defender cloud CSPM helps with that to reduce your risk there around vulnerable sort of configuration.
To me you're saying that there's not just one tool that can sort of COVID your whole organization, is that fair to say? Because you've got different types of environments, different types of devices, different types of vulnerabilities. Yeah, it depends on the key areas. I mean, defender for endpoint and defender. For server sort of scenarios, that is a key area because like I said. That'S where your applications are. And again, if we dive into it in a bit.
There's other capability there to look at other hardware that's on the network. But really the defender vulnerability management just. Is an enhancement to it or. A. Slightly different license around it to help if you don't have full defender for endpoint, plan two. So it's kind of like the Microsoft Defender vulnerability management is kind of the. Sort of main product I guess around vulnerability management for your endpoints.
But if you've got Defender for endpoint already plan two, then you can have. An add on to it to sort of add the enhancements that you get in MDVM. So it is over a couple of products. And of course thinking about now, I didn't even include things like Defender for IoT. That's looking at your OT environment and. The vulnerabilities that might be in there. So it is a wider product. I think that's kind of. The good thing is that you've got technology out. There that you may already be consuming.
Like Defender for Endpoint, plan two for. Your EDR XDR sort of capability. And as part of that you've got. Baked into the solution vulnerability management. Should we go through sort of each one of those products and sort of just deep dive in on them just a little bit more about sort of what area each one is sort of focused on and what they're trying to achieve?
Yeah, let's go into sort of defend for cloud first and this kind of ties into fender for endpoint. But if you've got Defender for server plan two in there as the protective workload and you've got the Defender CSPM side of it. So I don't know if you need a combination or you can use them individually. I still need to work that out. But as part of that one of them you get Defend for endpoint. And with the plan two you get. The add on as well the vulnerability management for your servers.
But one of the key parts is. Within your azure AWS and GCP environments Microsoft have recently released in preview I think it is. No, that's antivirus scanning. But the vulnerability scanning is now agentless so that it's able to take snapshots of your disk and then scan it offline. So your barrier to getting defender endpoint. Deployed on it is gone. So security teams can in effect do. Vulnerability scanning without deploying an agent, which. I think is quite powerful to get.
A quick sort of, to get quick. Results really without having to go through the process of deployment. Yes, you probably will want to deploy. Defender for endpoint on those endpoints and servers, but that's not necessarily a quick task. Because if you have an agentless scan of vulnerability management, I assume that inventory, you could, I don't know, update. It once a day. Right.
Unless you're patching. And I don't really know what a patching schedule would be like on like a server for an example. Right. You might not patch, have automatic patching all the time. Right. So actually like you say, having a snapshot of the disk and then running a scan to look for vulnerabilities in another sort of asynchronous and disconnected process means that you don't have any configuration. Changes to your server. So application teams, infrastructure teams, people that.
Look after the machines themselves will have. Less concerns because there's less risk there. There's no actual changes to the machines to get your solution onboarded to it. And also there's no performance impact, I assume, except for taking the snapshot of the disk. But that's part of Azure anyway, isn't it? Right. Just part of normal process. So that seems like a really efficient way to get access to those machines.
Yeah, exactly. And there might be, like you said, concerns about having AV on operating systems. Because there was obviously an argument around that. But we definitely see it around Linux side of things that some of the Avs, defender and other avs out there take a lot of resources on Linux potentially, or because they've not been sized to support an AV solution scanning, then they're not scanned, they're not monitored, you don't know what's happening on them sort of thing.
So like you said, agent scanning just removes that barrier and just allows you. To at least see it because the data still goes into, I believe into defender for endpoint vulnerability management. So you can see it all with. The other resources there and also in. Defender cloud as well, itself. So yeah, I think it's really powerful.
And like I sort of said earlier as well, which isn't really related to defender for, isn't related to vulnerability management, but they've also done agentless scanning where. They scan the disk for malware as well. Nice. Using the same technology, but just different scope. Yeah, definitely. Interesting. Yeah, really interesting. Yeah, really good. What about defender for endpoint? Yeah, so defender for endpoint is the. Heart of it, I think. And there's so much in here.
So if you've got defender endpoint plan two, or Microsoft Defender vulnerability management full license, you in effect anything that you. Enable the sense agent on, also enable the defender for endpoint part, it then continuously scans the endpoint because it's collecting. All the data anyway because it's part. Of the EDR sort of solution side of things. And then that will collect your software. Infantry and all of your software versions.
And then what vulnerabilities are in it. And then you get a list of cves in there. And a question I always get is how often does it scan? It doesn't really scan because it's just collecting all the data anyway. So it will see the change in software version because it's happening on the device. So it's not necessarily a scan itself, it's just collected as part of that defender for endpoint service. And then it's only when the portal. Will update maybe every 24 hours with the data.
Up there. So you can really easily see how. Many devices have got vulnerabilities and what software. That's just like we'll say Windows, Linux, Mac and servers. Okay, that's that part. And then the other part is for developer endpoint because it supports Android and iOS is it also tells you the. Vulnerabilities in the operating system and the applications that are there, which is great.
It's obviously a bit more difficult with Android with the amount of versions and how often they get patched based on the manufacturer it. But at the same time, like I was kind of saying, you're understanding where. Your risk is within your organization and monitoring it at that point. So that's really good to sort of. See that visibility and see that there's maybe a large CV on, on a certain type of device that you maybe. Have in your organization and you need to, it's an older version of phone.
Maybe, and you need to replace it. Maybe because it's too much of a. Risk to keep it. That'S doing iOS and Android. And then the next part is that you've got scanning of network scanning of your switches. So using SNMP to scan your switches, your routers, your firewalls and things like. That to collect data off them, see what version they are and then monitoring. Those assets as well to see whether there's a vulnerability in the software that needs patching.
So you know, within one product you're now talking about, you know, your, your. End users, your servers, your phones, now we're talking about. Switches, routers, firewalls, things that support SNMP and that's great as well. And it can use the scanner is just installed on a. Defender endpoint endpoint to do that scanning. And that could be sat in the. Server, the data center where it is. Or in the office on a machine that's always on. Maybe it's the boardroom. Pc that's always.
On to do that scanning. So that's good as well. And then in the last sort of. Year or so they've added enterprise Iot K 30. So this is scanning your network, your endpoint scan, your network or having a passive scanner, but then it's able to then query your IoT devices like your Xbox 360. That's probably too old now, isn't it? But the latest Xbox, your PlayStation five s, your tvs, your chromecast, your Apple tvs, et cetera, they're all on the.
Network and printers and it's able to then if the data is provided by. Those endpoints about their version of software can then tell you if there's vulnerabilities. In that and whether they need patching and things like that. So now you've covered, what have we covered? We've covered endpoints, servers, mobiles, network equipment, and now IoT devices just in one product that you get out of pretty. Much out the box from MDE with a bit of config. It's just such a. Massive, if you.
Break those endpoints down as well, you got windows, Mac and Linux, right? Mac, yeah. I suppose the platform coverage is pretty insane there for MD, right? Yeah. And they're always adding more functionality in there because we did an episode a. Couple of weeks ago, I think, on defend for endpoint. And I don't know. If I went into the phone stuff actually. But anyway, there's just so much information in there. And when you got the information, you.
Can see your risk. It gives you your exposure score. So the higher the number out of 100, the more exposed you are. It tells you whether when there's a. New active campaign that some bagged actors. Are using to exploit a certain CVE. It will tell you whether your patch. To mitigate against it or if you've got endpoints vulnerable, or it will tell. You if because it's collecting all the. Data, whether that type of attack is.
Actually being attempted on your environment because of that CVE. So it's just insane really how much information you get. And there's a lot of stuff in there. What you need to patch, why you need to patch it links to the. Cves themselves and things like that. And then it's got a tool or. A part of it now is you've got remediation. So it doesn't necessarily remediate automatically, but you can specify I need to patch. Adobe, so you can say I need to remediate that.
And then it will create you a. Task in defender for endpoint vulnerability management. Sort of section and then you can track say you've got like 30 machines that need patching. It will show a percentage of how. Much have been patched. And today you can then either create I think a service ticket within Servicenow. Or you can create a administration task in intune. So if you've got two teams so you've got the security team and your. Endpoint management team, the security team can.
Send a task to intune and there's a section for administrative tasks and it will tell them that they need to patch it from this version to the latest one. So then they know they've got to create the package to then deploy it out. So that's really powerful as well. Especially if you're a large organization you got multiple teams that can't see specific data there.
So it's coordinating run, not just doing vulnerability management but for this conversation it is. Right. It's coordinating vulnerability management. Well sorry vulnerability discovery software inventory for all of these various different platforms anywhere from endpoints to phones to networking equipment to IoT equipment ot equipment. Right.
And then it's sending all that information to one singular place which allows you to sort of manage and coordinate that sort of approach to patching and remediating that because I think that's probably pretty. Key is if you're somebody in an. Organization where it's your responsibility to make sure that you reduce as much vulnerability risk as possible that you have all the information in front of you. Right.
You know, I don't know, let's say CVE has been classified as a high risk in your scenario it may be lower risk to you or it might be a risk that you have to accept because of some sort of incompatibility with a version or X-Y-Z. Right. So it's probably not just cut and dry. Oh I see a vulnerability, I must patch it immediately. There's probably a process that you've got to go through, identification, understanding and then implementation. Right.
So yeah that seems really great that it's just this sort of all in. One sort of solution to so many different platforms. Yeah. There's no sort of auto patching within the Microsoft vulnerability sort of environment. There is APIs to access the data so you could build some automation in there to create packages for you into intune and things like that. But probably to sort of call out. That as part of the sort of.
New stuff that's in the intune suite to help with that sort of automatic sort of patching it's not necessarily automating it, but there's a new feature coming out that's around package management or application management, sort of more enhanced one than what's already there. And that allows you to in effect say there's an update for this package. You want me to create you the next package. So they are within intune building that mechanism to make it easy to create.
The update packages to increase I suppose the meantime to resolution or meantime to. Patching kind of thing there. Yeah, no, that's really good. And was the other area, Microsoft defender vulnerability management, sort of an add on on top of defender for endpoint? Yes. This is quite interesting. If you got, like I said, plan two, you can have this as like an add on because you get quite a lot of the capability already. But if you don't have Defender for.
Endpoint plan two, you can add on MDVM sort of full license. There's like a full license and an. Add on license to give you what you get in MDE without the EDR capability and then the extra stuff. So some of the extra stuff, and. We did talk about this in a previous episode when it first came out, but you can do things like baseline assessments, so you can help with hardening your environment. So that's going against the CIS baseline. Things like that, which is really good to sort of have.
But one of the other areas is that it brings in, it allows you. To now see once it's enabled, your browser extensions and how risky they might be, what permissions they have, which you might not be able to see because we might be able to see what version of edge or chrome you have, but we probably can't see those extensions. That are plugged into it. So you can now see that information. And then you can determine whether they're.
Risky or not and then maybe update your policies to restrict which ones you're allowed to use. Another part to it is that you. Can see the certificates on the endpoints so that you can see ones that. Have expired rogue certificates, things like that on there. We had a customer say that was quite useful, not necessarily for sort of vulnerability management, but from an operational perspective that they could actually find out where their wildcard certificate is so they know.
Where to go and update it kind. Of thing, which is quite interesting. Didn't think about using it that way. And then from a discovery perspective, then. There'S another sort of final section, is. That it's now able to look at. BIOS and firmware of your endpoints. So it will tell you that you've got a vulnerability in your Dell BIOS. Or your Lenovo BiOs. So you can see from that level. As well whether there's a UFI or. TPM issue that needs patching. So now you're not just going down.
To software install, we're now going down to hardware and firmware, which I think is key as well because that's definitely. Difficult to patch sometimes because it's taking. The machine out potentially. Yeah. Especially if it's like BIOS, firmware versions of different, if you've got multi vendors as well. Right. Because lots of organizations have many different types of devices, change providers over years, different rolling stocks of laptops, endpoints, servers, et cetera. Right.
Keeping on top of all the latest BIos revisions for all the different skus of laptops you have in your organization. You could have 20 different laptops in your organization. Right. Some of those updates. Like you said. It'S clear cut to go and patch them because it might be that it's doing a patch to the TPM, which means that bitlocker goes into recovery because. It'S been changed and then users have.
To go through recovery. It might need required patching because of the vulnerabilities, but it could be user. Impacting quite a lot. Yeah, definitely kind of that bit. But I did say there wasn't any remediation. But there is some prevention as well. In this, in the MDVM sort of add on. And that is that if you've got. A vulnerable application you can tell. The. Solution, the vulnerability part of MDE and this add on to block the application.
Till it gets patched, which I think was very interesting. So if you got users that aren't. Patching out there, you say to them you need to do patch Adobe or. Whatever software it might be Zoom, then you need to patch it and you keep telling them and a week later, two weeks later they haven't done it. You can just block the application until. They do it now. So.
You can force that part. But if you have got a really high vulnerability, high risk one, then you can just block that application until it. Gets patched to just prevent your risk. So even if the application is there, it can't be exploited because it's prevented from being executed, right? Yeah, exactly. Which obviously is risky to the heat. Not risky to the user, but disruptive. To the user, but stops that vulnerability. Ever taking place, especially if it's quite easy to exploit.
Yeah. And it would probably mean that patching is prioritized because if there is actually a disruption at that point, you're probably. Going to get a ticket about that pretty quick. Yeah, exactly. Like I said, that's kind of it for those kind of areas. Like quick sort of talk about that. But it does prioritize as well which ones you should be doing first, but. Which one's the riskiest and things like that. Yeah, no, that's what you want.
Right. Because I assume in organizations there can be quite a mound of just whack a mowling. Right. So you need to know which ones to sort of hit first. Yeah. And probably the only other product, just. The other one, was when I briefly.
Said about defender, for IoT, it's a different, the OT side of things is different, but there is threat intelligence that gets pushed down to those sensors to tell you if there's high risk vulnerabilities in your OT environment. Slightly different sort of view of the world. Because it's an environment that you don't really ever patch if it's working. And things like that. So it's just worth understanding your risk there. Yeah, definitely.
Yeah, 100%. Cool. Alan, any other product areas that you want to cover? No, I can think off the top of my head. I mean like I said, CSPM does some of that agent stuff, MDE and things like that. I can't think anything else on top of my head. The licensing, I guess we kind of talked about it's defender for endpoint plan two or this Microsoft defender vulnerability management SKU and maybe the enterprise Iot SKU as well. If you don't have a. Is it m three six five? E five.
Three plus e five security I think, isn't it? You get it? Is it full e five? I can't remember off the top of my head I thought it was e five security. As long as you had e five security. That makes sense. Yeah. And defender for cloud is consumption based and subscription based. And defender for it is based on. Site and how many devices you're detecting. And protecting on those ot environments.
So relatively simple. Yeah. It's definitely worth thinking about. Microsoft vulnerability management, that add on, I don't know what it is in USD, but in GBP the add on is. Something like one, one pound 62 per user per month. And I think the full version if. You don't have MDE is two pound. 60 or two pound 70, something like that. Off the top of my head when I last looked. So it doesn't seem to me, it doesn't seem like a, I mean it.
Depends on how many user you have, of course. But for the amount of value you. Get and be able to show that. You'Re doing vulnerability management maybe to your site, you know, cyber insurance or something. I think it's very powerful. Yeah. I don't know. It's hard for me to know what else is out there outside of Microsoft. Right.
What other people are offering and how that sort of compares. But we do see a large number of organizations bundling in a lot of security solution with their productivity license. Right. If you're on sort of any combination of e three, e five, et cetera, you get sort of bundled savings, don't. You, really, of your solutions? Yeah. Okay.
Microsoft Defender vulnerability management is an add on defender for cloud. CSPM is extra capability and it's cloud focused. So it's kind of separate really to the. Well, is a bit different because if you had servers. But anyway, it doesn't matter. But the point being is that you can get a lot of value bundled in with your productivity license or with an extra cost in on top. And it's like somebody's people's jobs to actually work out the licensing optimization of all of these skus and various different things that organizations should have so you can be creative in what you do and don't have. If you did have your own EDR solution and you didn't need EDR from MDE, you could license this via using the same agents.
Right. But you could just use it for vulnerability management if that's something that you wanted to do. So I would call out the flexibility there to just highlight specific solutions and. Workloads that you need, which you may. Pay more for because it's unbundled and you're adding stacking on top of things. But it is possible to just single out this technology? Yeah, absolutely. And.
We'Re seeing a lot of customers starting to use. A lot of customers got MDE. See, you know, see the value in the vulnerability management side of it. And then we've been doing some recent. Workshops around the MDVM capability. And it's just the amount of sort of interest in it now because of that sort of extra capability that you get there. Yeah, exactly. Okay, Alan, anything else you want to cover or should we wrap it up there? I think that's it.
It's just probably some call outs on other episodes. So season four, episode 13, we did.
Microsoft defender for beard management when it came out. I think we got season five, episode four. So a couple of weeks ago, like I said, we got defender for endpoint generally. And then last season, season four, episode four, we've got an episode on Defender for cloud CSPM capability, but it probably won't have the vulnerability scanning agentless part in it because it wasn't out. Or maybe it was, I can't remember. It is a recent. Yeah. Okay, Sam, what about next week's episode?
I'm going to cover Azure event grid. I would say it's relatively niche. I don't know.
I just don't know a huge amount of people that use it in production or generally know about it. So I just sort of wanted to highlight event grid because there is some really cool functionality there. But effectively it's a scalable and fully managed pub sub messaging distribution service and it uses popular consumption patterns and it is highly integrated with Azure itself. So it's definitely worth knowing about if you are building solutions in Azure because it can be really handy to help to trigger certain conditions using this type of messaging protocol, but without having to.
Manage it yourself, which I think is always a good thing. Cool. Okay, that sounds interesting. Okay, so did you enjoy this episode? If so, please do consider leaving us a review on Apple or Spotify. This really helps us reach more people like yourselves. If you do have any specific feedback or suggestions, we have a link in our show notes to get in contact with us. Yeah, and if you've made it this. Far, thanks ever so much for listening and we'll catch you on the next one. Yeah, thanks all. Bye.