Defender for cloud Server configuration

John_Azcloud · ‎Oct 12 2022

Hello colleagues,

We have enrolled a few servers to azure arc and we onboard them on Defender on Cloud via Policy.

What is the best practice to configure Defender for Server settings via Azure?

eg path exclusions and other settings like schedule scans, cloud security level and other.

thank you

BillClarksonAntill · ‎Nov 29 2023

Hey @John_Azcloud

Best practice for rolling out defender is to onboard the agent onto your server fleet

Leave it running for a few days to discover what exclusions your server fleet will need, these will appear as alerts within the Microsoft 365 Defender portal

Add in exclusions against the revelant servers and apply the AV policy accordingly

FYI in the portal

Onboarding = Ive installed Defender agent

Enrol / Managed = Ived applied policy

Defender wont take any action against your fleet until you have enrolled your servers against an AV policy. Installing the agent onto the server will place defender into passive mode and just surface what it can see

Hope this helps

andreasponjavic · ‎Dec 12 2023

Hi everybody, I have a little hope because it seems that I am not alone with this "problem".

I also onboarded some VMs from on premise over arc and I am very confused because for me it is very hard to understand the pricipes of Defender for Cloud for Servers.

For our Clients we use Defender for Endpoint managed over Intune and the policies are easy to set up and everything is clear.

But when we talk about Defender for Cloud for Servers over Arc everything is different. What I can see in Defender for Cloud and Azure Policy is tons of compliance policies but I am not looking for compliance policies. I just want to configure Defender Antivirus Settings for every machine and I cannot find good information about this.

My hope is big to get useful information here.

Thank you very much in advance.

Have a nice day. Regards
Andreas

migsg · ‎Dec 12 2023

Adding an on-prem machine to Azure Arc will allow you to manage your on-prem device via Azure. Hence, it will be treated as an Azure machine. One of the feature of Defender for Servers is to install Defender for Endpoint (MDE) to your machines. It is just another method of deploying MDE to your machines apart from Group Policy, Config Manager and Intune. It is so far the most convenient way of deploying the agent to your Azure machines (VMs and Arc).

So far Intune is the only way I know to configure Defender AV settings. Please check out this link.

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration

andreasponjavic · ‎Dec 19 2023

@migsg Thank you very much for your answer! So far, I know MS don't want us to manage our servers with Intune. They want us to use the Azure capability but if we use guest configuration with azure policy, they will charge 6$ / server / month. Unfortunately, I didn't know this in the beginning of the project.

The solution right now is, similar what you said, to use Intune for the Antivirus Policies. We activated the Management MDE capabilities in M365 Defender. This option is nice in my opinion because Arc onboarded machine are onboarded to Intune automatically over MDE. Maybe I am blind, but this solution is nowhere documented in the Defender for Cloud for Arc enabled machines documentation.

For now, it works well. I am looking forward to seeing how our servers will work with defender..

Thank you and I hope this will maybe help others with the same task / project..

Defender for cloud Server configuration

Defender for cloud Server configuration

Re: Defender for cloud Server configuration

Re: Defender for cloud Server configuration

Re: Defender for cloud Server configuration

Re: Defender for cloud Server configuration

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Defender for cloud Server configuration