Microsoft Defender BYOL integration End-of-Life announcement
On May 1, 2025, Microsoft officially deprecated Defender Bring Your Own License (BYOL) for Defender Vulnerability Management. As a result, BYOL-based integrations will no longer be supported due to the removal of BYOL auto-provisioning.
If you were using Microsoft Defender BYOL to surface Rapid7 scan results, you must transition to an alternative method for assessing your attack surface to avoid data gaps, integration issues, or loss of visibility within Defender for Cloud.
If you were not using the BYOL feature, no action is required.
Schedule of Events
Date | Event |
---|---|
February 3, 2025 | Microsoft Defender for Cloud announces that BYOL will no longer be available for onboarding new machines and subscriptions. |
May 1, 2025 | The BYOL feature is officially deprecated and no longer available. As a result, Rapid7 no longer supports the Microsoft Defender Cloud integration. |
Continue assessing your attack surface
Maintaining continuous visibility into your vulnerability landscape is essential. If you previously relied on BYOL, you must adopt an alternative method to assess your attack surface.
If the Rapid7 Insight Agent was automatically deployed on Azure environments via the BYOL method, we recommend the following alternatives:
- Virtualization via a Golden Image - The Insight Agent supports virtual distribution using a virtual machine clone or an Amazon Machine Image (AMI). Install the Insight Agent on a golden image and avoid duplicate asset IDs by configuring InsightVM to support non-persistent VDIs.
- Azure Portal Extension - You can manually add the Insight Agent extension via the Azure Portal's "Extensions" section on each VM.
- Group Policy Deployment (GPO) - If applicable, deploy the agent via GPO across managed assets. Install via Mass-Deployment Tool of Choice: Download the installer from your Insight Platform console and distribute it using your preferred mass-deployment tool.
For Rapid7 customers who previously used the BYOL connector to get a unified view of vulnerabilities across multi-cloud and on-premises, you can:
- Expand your coverage with Rapid7's Exposure Command offering to extinguish exposures across your entire attack surface with context enrichment from every tool in your stack.
- Transition to Microsoft Security Exposure Management Data Connector. Read Microsoft's Rapid7 Data Connector Guide for instructions.
Note, continued use of BYOL-based methods after deprecation may lead to data gaps, visibility loss, or integration failure in Microsoft Defender.
FAQ
Who is impacted?
This change impacts:
- Rapid7 integrations via the BYOL connector
- Environments where the Insight Agent was automatically deployed based on the detection of new Azure assets via the BYOL method
Onboarding via BYOL has not been possible since February 3, 2025, so any VMs created on or added after that date are not covered by the automatic deployment of the Insight Agent.
What are the key differences between Microsoft Defender BYOL and the new Exposure Management data connectors?
Using an Exposure Management connector provides centralized visibility and risk prioritization across hybrid and multi-cloud environments. It also ensures continued compliance with Microsoft’s supported configurations.
Item | Previous Method (BYOL) | New Approach (MSEM Connector) |
---|---|---|
License Type | Bring Your Own License (BYOL) | Microsoft Defender-managed integration |
Integration Method | VM-level deployment, often via agents | API-based ingestion (no agent required for integration) |
Visibility and Management | Scattered and potentially inconsistent | Unified and consistent visibility via Defender dashboard |
What's Exposure Command?
Rapid7's Exposure Command combines the power of complete attack surface visibility with high-fidelity risk context and insight into your organization’s security posture, aggregating findings from both our native exposure detection capabilities as well as third-party exposure and enrichment sources you’ve already got in place. This situational awareness enables teams to zero-in on the exposures and vulnerabilities that attackers have in their sights with the threat-aware risk context needed to prioritize more efficiently and effectively.
Who should I contact if I have more questions?
Reach out to Rapid7 Support with any additional questions. When creating a ticket, use the subject line Microsoft Defender for Cloud BYOL EOL query.