Microsoft Defender for Cloud is segmented as a Cloud Security Posture Management (CSPM) and Cloud Workload protection Platform product (CWPP). CWPPs is defined by workload-centric security protection solutions, which are typically agent-based. To be able to protect IaaS VM's, on-premises servers and other clouds server’s Defender for Cloud uses agent-based monitoring.
In this blogpost, we want to help you understand the options available to protect your resources and the advantages and disadvantages.
There are two types of agents:
The direct agent is a standalone installation. This installation is an MSI\EXE file hence, organizations can leverage a deployment tool such as System Center Configuration Manager or other scripted way to deploy it.
To extend visibility and Defender for Cloud capabilities, we can install the agent on computers running outside of Azure, including resources running on-premises and in other clouds.
When installing the direct agent, we will need to supply two parameters:
Here is how you obtain and install the Direct Agent from the Microsoft Defender for Cloud portal:
For additional details on how to extend visibility for resources running outside of Azure, please refer to the following links:
The extension installs the Log Analytics agent on Azure virtual machines and enrolls virtual machines into an existing Log Analytics workspace.
For details on supported Windows and Linux operating systems, check out the following documents:
Resource Group: DefaultResourceGroup-[geo]
For additional details, read the data collection document.
Below is an example of Linux policy assignment
4.ARM template – We can integrate the Log Analytics agent extension to a VM creation process by leveraging ARM template.
Template Example for Log analytics agent (MMA extension) installation of Windows VM, this part should integrate in VM deployment template:
5. System Center Configuration (SCCM)
6. SCOM Agent
The recommended practice is to utilize the Log Analytics VM extension. The Log Analytics VM extension has the following advantages over using the Direct Agent:
In this blogpost, we provided details on the options available to provide protection for your hybrid resources and the advantage and disadvantage. For more information on how Microsoft Defender for Cloud provides co visit our documentation below:
Kudos to @Yaniv Shasha for the great collaboration!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.