0

Given Azure Cloud Services (Classic, not Extended Support) using Family 6 (Windows 2019). Windows Defender is enabled and scanning files.

How can the logs and scan results be surfaced to the Azure Portal, ideally Security Centre / Monitor.

"The Microsoft Antimalware Client and Service is installed by default in a disabled state in all supported Azure guest operating system families in the Cloud Services platform." https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware#architecture

Defender is enabled, but the client and extensions are not. https://docs.microsoft.com/en-us/archive/blogs/azuresecurity/update-to-azure-antimalware-extension-for-cloud-services

Note, enabling Antimalware within the Portal for the CS roles doesn't appear to help.

Do we need to install Microsoft Monitoring Agent / Log Analytics? https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#log-analytics-agent

Michael Blake
  • 101
  • 2
  • via https://stackoverflow.com/questions/67431313/how-can-you-connect-azure-cloud-services-classic-defender-to-azure-security-ce – Michael Blake May 11 '21 at 15:18

1 Answers1

0

The log analytics agent is required to be installed for a VM to send data to security centre. See here.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
  • Have you managed to get this working with Cloud Services Classic? Does it need to be a startup task or can I use an extension? – Michael Blake May 12 '21 at 08:46