Azure Defender built-in vulnerability assessment agent does not support proxy configuration.

%3CLINGO-SUB%20id%3D%22lingo-sub-2907143%22%20slang%3D%22en-US%22%3EAzure%20Defender%20built-in%20vulnerability%20assessment%20agent%20does%20not%20support%20proxy%20configuration.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2907143%22%20slang%3D%22en-US%22%3E%3CP%3ECurrently%20the%20Azure%20Defender%20built-in%20vulnerability%20assessment%20tool%20which%20is%20based%20on%20a%20Qualys%20solution%20does%20not%20support%20configuration%20of%20a%20proxy%20for%20the%20agent%20to%20connect%20to%20the%20required%20service%20endpoints.%3C%2FP%3E%3CP%3EThis%20is%20in%20contrast%20to%20the%20ARC%20and%20Log%20Analytics%20agents%20which%20both%20support%20proxy%20configurations.%3C%2FP%3E%3CP%3EThe%20Qualys%20agent%20itself%20does%20in%20fact%20support%20a%20proxy%20and%20so%20it%20is%20the%20deployment%20automation%20from%20Azure%20that%20is%20not%20able%20to%20set%20the%20proxy%20configuration%20and%20I%20would%20like%20to%20see%20that%20capability%20added%20so%20that%20ARC%20servers%20deployed%20behind%20a%20proxy%20can%20have%20the%20vulnerability%20assessment%20solution%20deployed%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2909469%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Defender%20built-in%20vulnerability%20assessment%20agent%20does%20not%20support%20proxy%20configuration.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2909469%22%20slang%3D%22en-US%22%3EHello%20and%20thank%20you%20for%20your%20question.%3CBR%20%2F%3EProxy%20config%2Fsupport%20in%20ASC%20is%20in%20our%20roadmap%20and%20we%20even%20have%20been%20testing%20it%20recently.%20Unfortunately%20this%20is%20a%20low%20priority%20feature%20so%20we%20don't%20have%20a%20clear%20ETA%20at%20the%20moment.%3CBR%20%2F%3EAs%20an%20alternative%20this%20can%20be%20configured%20on%20the%20agent%20side%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.qualys.com%2Fdocs%2Fqualys-cloud-agent-windows-install-guide.pdf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.qualys.com%2Fdocs%2Fqualys-cloud-agent-windows-install-guide.pdf%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fqualysguard.qg2.apps.qualys.com%2Fportal-help%2Fen%2Fca%2Fagents%2Fwin_proxy.htm%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fqualysguard.qg2.apps.qualys.com%2Fportal-help%2Fen%2Fca%2Fagents%2Fwin_proxy.htm%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fqualysguard.qg2.apps.qualys.com%2Fportal-help%2Fen%2Fca%2Fagents%2Flinux_proxy.htm%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fqualysguard.qg2.apps.qualys.com%2Fportal-help%2Fen%2Fca%2Fagents%2Flinux_proxy.htm%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Currently the Azure Defender built-in vulnerability assessment tool which is based on a Qualys solution does not support configuration of a proxy for the agent to connect to the required service endpoints.

This is in contrast to the ARC and Log Analytics agents which both support proxy configurations.

The Qualys agent itself does in fact support a proxy and so it is the deployment automation from Azure that is not able to set the proxy configuration and I would like to see that capability added so that ARC servers deployed behind a proxy can have the vulnerability assessment solution deployed too.

1 Reply
Hello and thank you for your question.
Proxy config/support in ASC is in our roadmap and we even have been testing it recently. Unfortunately this is a low priority feature so we don't have a clear ETA at the moment.
As an alternative this can be configured on the agent side:
https://www.qualys.com/docs/qualys-cloud-agent-windows-install-guide.pdf
https://qualysguard.qg2.apps.qualys.com/portal-help/en/ca/agents/win_proxy.htm
https://qualysguard.qg2.apps.qualys.com/portal-help/en/ca/agents/linux_proxy.htm