Endpoint detection and response solution detection
Microsoft Defender for Cloud includes endpoint detection and response (EDR) capabilities to improve security posture for supported machines. Defender for Cloud:
- Detects whether machines are connected to a supported EDR solution.
- Integrates natively with Microsoft Defender for Endpoint as an EDR solution.
Check for an EDR solution
Defender for Cloud uses agentless scanning to assess whether Azure VMs and AWS/GCP machines are connected to an EDR solution.
Agentless scanning for EDR solution settings is available when Defender for Cloud is running in your Azure subscription and either Defender for Servers Plan 2 or the Defender Cloud Security Posture Management (CSPM) plan is enabled.
Based on EDR solution findings, Defender for Cloud provides the following recommendations to help you identify and remediate machines that don't have an EDR solution running. EDR solution recommendations are as follows:
EDR solution should be installed on Virtual MachinesEDR solution should be installed on EC2sEDR solution should be installed on Virtual Machines (GCP)
Supported EDR solutions
| Solution | Supported platform |
|---|---|
| Microsoft Defender for Endpoint | Windows |
| Microsoft Defender for Endpoint | Linux |
| Microsoft Defender for Endpoint Unified Solution | Windows Server 2012/2012 R2 |
| CrowdStrike (Falcon) | Windows and Linux |
| Trellix | Windows and Linux |
| Symantec | Windows and Linux |
| Sophos | Windows and Linux |
| Singularity Platform by SentinelOne | Windows and Linux |
| Cortex XDR | Windows and Linux |