MS Antimalware Extension for Azure Vs Windows Defender Antivirus
folks, Based on my research - https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware It seems Antimalware and Defender use the same MS Security Essential Framework. If yes, is it required to install Antimalware on Windows 10 VM running in Azure as Win 10 OS has Defender pre-installed? Any key differentiation that make sense to allow both on Windows based VM hosted in Azure? Vasil Vasilev Thanks in advance for your time.
Endpoint Protection not installed on non-Azure servers
Hi all, I've used the "Onboard servers to Security Center" with a workspace for our non Azure servers. The agent got installed successfully and could see the server on Microsoft Defender ATP as well as active. However, on the Azure Security Center dashboard, under recommendations, I see those servers as "Endpoint Protection not installed on non-Azure servers". Have an open ticket with Microsoft for almost a month without any resolution. Anyone faced this issue before and found a possible solution? Thanks!Survey: Endpoint Protection!
Hi Everyone, we need your feedback! Microsoft is actively investing in expanding endpoint protection in Azure Security Center. This is your opportunity to influence our thinking and priorities in where to invest. Here's the link to the quick, 3 question, feedback form asking your opinion on a few topics. Note: No personal information is collected in this feedback form. Thank you!
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?
Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.
Did I just stumble on a hidden gem?
Hi all, A while back I asked a question on antimalware monitoring, and Noa Kuperberg pointed me to the Antimalware assessment. However, last week I noticed Azure Security Center has the same features as the Antimalware assessment, and it even shows that in the pricing and settings: I see that even the free ASC tier has the ProtectionStatus table in the Log Analytics workspace, so I am indeed able to see the status of the antimalware. Now here comes my confusion: I know that the Azure Security Center "Azure Defender On" paid tier has alerting capabilities on things like brute force attacks, but it seems the free tier has alerting on antimalware (from the IaaSAntimalware extension at least) baked in. I tested this with an eicar test file, and sure enough I am getting alerts. I tested this on several Azure subscriptions that have no Azure Defender subscription, nor trial enabled. I see alerts not only in ASC, but they come to the Activity Log as well, so I can alert from there, even showing me the file path and threat status whether it was quarantined. My question: Is this a happy accident, or is even the free tier supposed to have antimalware alerting from Azure Security Center? Or is that ability going away like after a while, like a secret trialware? P.S. I am well aware that ASC's capabilities extend beyond just antimalware, but this feature alone would be a serious bonus.
