Defender for cloud Server configuration

Question

Hello colleagues,&nbsp;We have enrolled a few servers to azure arc and we onboard them on Defender on Cloud via Policy.What is the best practice to configure Defender for Server settings via Azure?&nbsp;eg path exclusions and other settings like schedule scans, cloud security level and other.&nbsp;thank you&nbsp;

billclarksonantill · Answer

Hey&nbsp;John_Azcloud&nbsp;&nbsp;Best practice for rolling out defender is to onboard the agent onto your server fleet&nbsp;Leave it running for a few days to discover what exclusions your server fleet will need, these will appear as alerts within the Microsoft 365 Defender portal&nbsp;Add in exclusions against the revelant servers and apply the AV policy accordingly&nbsp;FYI in the portalOnboarding = Ive installed Defender agentEnrol / Managed = Ived applied policy&nbsp;Defender wont take any action against your fleet until you have enrolled your servers against an AV policy. Installing the agent onto the server will place defender into passive mode and just surface what it can see&nbsp;Hope this helps

andreasponjavic · Answer

Hi everybody, I have a little hope because it seems that I am not alone with this "problem".

I also onboarded some VMs from on premise over arc and I am very confused because for me it is very hard to understand the pricipes of Defender for Cloud for Servers.

For our Clients we use Defender for Endpoint managed over Intune and the policies are easy to set up and everything is clear.

But when we talk about Defender for Cloud for Servers over Arc everything is different. What I can see in Defender for Cloud and Azure Policy is tons of compliance policies but I am not looking for compliance policies. I just want to configure Defender Antivirus Settings for every machine and I cannot find good information about this.

My hope is big to get useful information here.

Thank you very much in advance.

Have a nice day. Regards
Andreas

migsg · Answer

Adding an on-prem machine to Azure Arc will allow you to manage your on-prem device via Azure. Hence, it will be treated as an Azure machine. One of the feature of Defender for Servers is to install Defender for Endpoint (MDE) to your machines. It is just another method of deploying MDE to your machines apart from Group Policy, Config Manager and Intune. It is so far the most convenient way of deploying the agent to your Azure machines (VMs and Arc).

So far Intune is the only way I know to configure Defender AV settings. Please check out this link.

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration

andreasponjavic · Answer

migsg&nbsp;Thank you very much for your answer! So far, I know MS don't want us to manage our servers with Intune. They want us to use the Azure capability but if we use guest configuration with azure policy, they will charge 6$ / server / month. Unfortunately, I didn't know this in the beginning of the project.&nbsp;The solution right now is, similar what you said, to use Intune for the Antivirus Policies. We activated the Management MDE capabilities in M365 Defender. This option is nice in my opinion because Arc onboarded machine are onboarded to Intune automatically over MDE. Maybe I am blind, but this solution is nowhere documented in the Defender for Cloud for Arc enabled machines documentation.&nbsp;For now, it works well. I am looking forward to seeing how our servers will work with defender..&nbsp;&nbsp;Thank you and I hope this will maybe help others with the same task / project..&nbsp;

Forum Discussion

Defender for cloud Server configuration

4 Replies

Resources