MS Antimalware Extension for Azure Vs Windows Defender Antivirus
folks, Based on my research - https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware It seems Antimalware and Defender use the same MS Security Essential Framework. If yes, is it required to install Antimalware on Windows 10 VM running in Azure as Win 10 OS has Defender pre-installed? Any key differentiation that make sense to allow both on Windows based VM hosted in Azure? Vasil Vasilev Thanks in advance for your time.
Enable Bring Your Own License (BYOL)
A customer uses Bring your own license (BYOL) capability, which is being deprecated, to deploy Qualys extension in their VMs. They are questioning about the deprecation, this deprecation implicates the deploy won't be more available, but what happen with the machines already has deployed the Qualys extension? Will the extension be removed from machines, since it was deployed via BYOL? Or after deprecated the extension continues working for the already deployed machines?
New Blog | Microsoft Defender for Cloud latest protection against abuse of Azure VM Extensions
Throughout recent years, the IT world has shifted its workloads, management layers, and machines to the cloud, thus introducing a new attack surface, accompanied by new attack vectors. The following introduced a tactic for threat actors to deploy their cyber-attacks against organizations’ cloud environments, gaining strong permissions, operating for financial gain, and more. Upon succeeding in compromising an identity with sufficient permissions in Azure, threat actors often try to abuse existing features within the environment that allow them to deploy their malicious activity stealthily, efficiently, and easily, and one special feature is: Azure VM extensions. Read the full blog here: Microsoft Defender for Cloud latest protection against sophisticated abuse of Azure VM Extensions - Microsoft Community Hub
Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.ASC | New blog on Fileless Attack Detection for Linux Preview is expanding
The Azure Security Center team is excited to share that the Fileless Attack Detection for Linux Preview, which we announced earlier this year, is expanding to include all Azure VMs and non-Azure machines enrolled in Azure Security Center Standard and Standard Trial pricing tiers. This solution periodically scans your machine and extracts insights directly from the memory of processes. For more details please continue on the blog here.ASC Public Preview Announcement: ATP for Azure Storage extends its support to ADLS Gen2 API
We are happy to inform you that advanced threat protection for Azure Storage now supports Azure Data Lake Storage Gen2 API in public preview. What’s new in ATP for ADLS Gen2? Azure Data Lake Storage Gen2 (ADLS Gen2) is a set of capabilities dedicated to big data analytics. It’s built on Azure Blob storage, while focusing on performance, management and security. ADLS Gen2 was designed from the start to service multiple petabytes of information while sustaining hundreds of gigabits of throughput. For details please refer to the blog.
