

Microsoft service teams review the analysis from the security team and update their service components and baseline images with applicable patches within the appropriate remediation timeframe.

Their analysis includes severity scores based on the Common Vulnerability Scoring System (CVSS) along with other risk factors. Microsoft online service security teams analyze available security patches to determine their risk level in the context of our production environments. Microsoft prioritizes new security patches and other security updates according to risk. Patch management mitigates vulnerabilities by ensuring Microsoft online services systems are updated quickly when new security patches are released. How do Microsoft online services ensure service infrastructure is up to date with the latest security patches? This security agent enables machine state scanning and reports results to our service teams. Microsoft online services apply effective PAVC by installing a custom security agent on each asset during deployment. Machine state scanning uses patching, anti-malware, vulnerability scanning, and configuration scanning (PAVC). Microsoft online services use machine state scanning to make sure the machines comprising our infrastructure are up to date with the latest patches and that their base configurations correctly align with relevant frameworks. Microsoft has built automation to continually assess our systems for this kind of degradation, enabling us to act immediately to correct issues in our security posture. All these issues can make a system less secure than when it was initially deployed. Machines can go unpatched, inadvertent configuration changes can be introduced, and regressions to security code can accumulate. No matter how well a system is designed, its security posture can degrade over time. Feedback In this article How do Microsoft online services conduct vulnerability management?
