Blog Post

Microsoft Defender for Cloud Blog
10 MIN READ

Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation

GalFenig's avatar
GalFenig
Icon for Microsoft rankMicrosoft
Jul 25, 2023
Blog update 07/04/2024: The release timelines for affected Defender for Servers features were updated in the blog. Blog update 06/20/2024: The deprecation scope of adaptive recommendations was upda...
Updated Oct 11, 2024
Version 12.0
best practices
cloud security
cloud security posture management
Log Analytics
microsoft defender for endpoint
microsoft defender for servers
threat protection
GalFenig's avatar
Icon for Microsoft rankMicrosoft
Joined December 08, 2021
View Profile
Microsoft Defender for Cloud Blog
Microsoft Defender for Cloud is a cloud-native application platform (CNAPP) that offers security and compliance from code to runtime, enhanced by AI, for hybrid and multicloud environments.
mafemafe's avatar
mafemafe
Copper Contributor
Jul 25, 2023

Currently AMA/MMA agent provide some additional informations, about sending security logs that can be corelated in e.g. Sentinel, but not only. Real life example:

 

Issue: You received a Security Alert in Microsoft Defender for Cloud "Network communication with a malicious machine detected" and would like to know more about this.

 

In this type of findings we know only the Source VM and destination DNS/IP. 


Future actions: Youu can also try to leverage Microsoft Sentinel in the future as it comes inbuilt with Threat Intelligence Indicator Feeds, DNS Event Capture and Parser as well as Windows Event logs can be captured, and this will make for an easier investigation. Via Azure Monitor Agent we can capture the datails like:

  • Process Name
  • Who run the process
  • Process comunication IP

So for this kind of deep analises we still need Azure Monitor Agent and sends the logs to Log Analitics Agent (eventuallly Sentinel). Are you planning to deliver this functionality with Unified Agent? Or for this scenario AMA is still recomended?