Unable to resolve - A vulnerability assessment solution should be enabled on your virtual machines
We currently have a mix of approximately 45 Windows / Linux Servers and AVD machines which are not successfully being marked as compliant with the Defender recommendation "A vulnerability assessment solution should be enabled on your virtual machines". On the subscription level we have Defender for Servers Plan 2 enabled and Agentless Scanning CSPM enabled. Within a subscription some of the of these VMs are compliant and others are not. Their compliance state doesn't appear to have any relevance to if the Qualys or MDE extensions are installed. We have servers that are healthy that have Qualys, MDE, or none installed and are healthy. Our VMs are not using the full feature set of Defender Plan 2 as we use CrowdStrike so the Defender for Endpoint functionality of the Defender for Servers Plan 2 has been disabled, but to my knowledge this shouldn't impact Vulnerability assessments. In Security Portal it does seem that generally all the VMs that healthy for this recommendation are visible in the devices section. Whereas these 45 that are not, are either not searchable or have sensor health state "inactive". We have an Azure Policy generated to onboard devices to Vulnerability assessment using MDE.Tvm and it seems to be generally working but not for these 45 devices. The Microsoft Documentation is really unclear, what do we need to make these systems compliant?
New Blog | Monthly news - January 2024
It's the monthly "What's new" blog post, summarizing product updates and various new assets that were released over the past month. This month's blog goes over all the goodness from December 2023. See the full blog post here: Monthly news - January 2024 - Microsoft Community HubNew Blog | Monthly news - December 2023
Check out the "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from November 2023. Read the blog post here: Monthly news - December 2023 - Microsoft Community HubE2E Bootstrap Solution for Malicious File Scanning Using Microsoft Defender for Storage in Azure
The following blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for storage malware scanning. Read the full blog here: Malicious File Scanning Using Microsoft Defender for Storage in AzureUsing Lighthouse to monitor MDC
This Cross-tenant management experiences - Azure Lighthouse | Microsoft Learn states that "the entire subscription must be delegated to the managing tenant; Microsoft Defender for Cloud scenarios are not supported with delegated resource groups" does this mean that every subscription monitored by MDC must be delegated to the managed service provider? Also what happens if MDC is monitoring another cloud? how does this affect the service provider?
Missing scan data on Endpoint protection should be installed on virtual machine scale sets
Hi everyone, I have enabled Defender for Cloud on one of our Azure Subscriptions as we are looking to test it's capabilities to report on Defender for Windows. I'm looking at the metric "Endpoint protection should be installed on virtual machine scale sets" however all of my VMSS instances are "Missing Scan Data". If I look at the scale sets on the Inventory page of Defender for Cloud I can see the Monitoring Agent is Installed and Defender for Cloud is On. Is there anything else I need to do to start scanning? How can I tell why these VMSS's are not being scanned.
