Forum Discussion
Mulan2022
Apr 07, 2023Copper Contributor
How to onboard an Azure VM manually to Microsoft Defender for Cloud ?
Hi,
I know that when turn on the MDC to the subscription, all the new resouces belong to the subscription would be onboarded automatically. But is there any manually way to onboard it ?
The case is that I have created an Azure VM through the Azure portal, the vm is created as a Windows 11 system. How could I manually onboarded this single resouce to the MDC?
Second question, if the VM is not belong to a subscription that has MDC enabled, how could I single onboard it to the MDC?
Third question, I am quite confused that what type of resouce is a VM of Windows 11? Is it a workload? As Storage type of workload, belongs to the Workload Protection in MDC? Because so far my understanding to MDC is that it protects code repository and cloud workload, but which one is a VM of Window 11 belongs to?
Hope I have explain my question clearly.
Many Thanks,
Yang
- josequintinoIron ContributorHi Mulan2022
1. Manually onboarding an Azure VM to Microsoft Defender for Cloud:
To manually onboard a single VM to Microsoft Defender for Cloud, you can follow these steps:
a. Sign in to the Azure portal (https://portal.azure.com/).
b. Navigate to the virtual machine you want to onboard.
c. In the left-hand menu, click on "Security" or "Azure Defender."
d. Enable the Microsoft Defender plan for the VM, and then click "Save."
After completing these steps, the VM should be onboarded to Microsoft Defender for Cloud.
2. Onboarding a VM not belonging to a subscription with MDC enabled:
If the VM is not part of a subscription with Microsoft Defender for Cloud enabled, you will need to enable MDC for that specific subscription first. Once enabled, you can follow the steps mentioned above to onboard the VM manually.
3. Resource type for a Windows 11 VM:
A VM running Windows 11 is considered an Infrastructure-as-a-Service (IaaS) workload. MDC provides protection for various types of workloads, including IaaS VMs, containers, and PaaS services.
In the context of MDC, a Windows 11 VM would be considered an IaaS VM workload. It falls under the scope of MDC's protection, which includes vulnerability management, threat detection, and other security features designed to protect VMs and their underlying infrastructure.
MDC's Workload Protection refers to the broader set of security features and services that help protect various types of workloads, including IaaS VMs, containers, and PaaS services. In this case, your Windows 11 VM is part of the IaaS VM workloads that MDC is designed to protect. - natehutchBrass ContributorHi Yang,
If you want to onboard the desktop OS VM to MDFC I believe you will need to install the Azure Monitor Agent, and then using Data Collection Rule, you can point it to the Log Analytics Workspace where you have enabled the MDFC instance.
1. Onboard using AMA and point to correct workspace.
2. I believe you would use DCR to point it to the correct sub/workspace.
3. Good question, I suspect it would come under Servers, but haven't found anything to confirm that yet.
See more info below.
Log analytics and manual agent provisioning: https://learn.microsoft.com/en-us/azure/defender-for-cloud/working-with-log-analytics-agent#manual-agent
MDFS supported operating systems: https://learn.microsoft.com/en-us/azure/defender-for-cloud/support-matrix-defender-for-cloud#supported-operating-systems
Azure Monitor Agent for client devices: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-windows-client
Please note that onboarding to MDE via MDFC for Windows 11 is not supported (unless multi-session): https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint