Oct 12 2022 08:16 AM
Hello colleagues,
We have enrolled a few servers to azure arc and we onboard them on Defender on Cloud via Policy.
What is the best practice to configure Defender for Server settings via Azure?
eg path exclusions and other settings like schedule scans, cloud security level and other.
thank you
Nov 29 2023 10:26 PM
Hey @John_Azcloud
Best practice for rolling out defender is to onboard the agent onto your server fleet
Leave it running for a few days to discover what exclusions your server fleet will need, these will appear as alerts within the Microsoft 365 Defender portal
Add in exclusions against the revelant servers and apply the AV policy accordingly
FYI in the portal
Onboarding = Ive installed Defender agent
Enrol / Managed = Ived applied policy
Defender wont take any action against your fleet until you have enrolled your servers against an AV policy. Installing the agent onto the server will place defender into passive mode and just surface what it can see
Hope this helps
Dec 12 2023 01:14 PM
Dec 12 2023 05:03 PM
Dec 19 2023 05:37 AM
@migsg Thank you very much for your answer! So far, I know MS don't want us to manage our servers with Intune. They want us to use the Azure capability but if we use guest configuration with azure policy, they will charge 6$ / server / month. Unfortunately, I didn't know this in the beginning of the project.
The solution right now is, similar what you said, to use Intune for the Antivirus Policies. We activated the Management MDE capabilities in M365 Defender. This option is nice in my opinion because Arc onboarded machine are onboarded to Intune automatically over MDE. Maybe I am blind, but this solution is nowhere documented in the Defender for Cloud for Arc enabled machines documentation.
For now, it works well. I am looking forward to seeing how our servers will work with defender..
Thank you and I hope this will maybe help others with the same task / project..