Defender for Endpoint endpoint detection and response assessment
Microsoft Defender for Cloud integrates natively with Microsoft Defender for Endpoint as an endpoint detection and response (EDR) solution.
EDR capabilities in Defender for Endpoint detect, investigate, and respond to advanced threats, including advanced threat hunting, and automatic investigation and remediation capabilities.
- Defender for Cloud uses agentless scanning to assess EDR settings.
- Agentless scanning for EDR settings is available when Defender for Cloud is running in your Azure subscription and either Defender for Servers Plan 2 or the Defender Cloud Security Posture Management (CSPM) plan is enabled.
Assess Defender for Endpoint settings
When machines run Defender for Endpoint as an EDR solution, Defender for Servers agentlessly scans the machines with security checks that assess whether Defender for Endpoint is configured correctly. Checks include:
- Both full and quick scans are out of 7 days
- Signature out of date
- Anti-virus is off or partially configured
If misconfigurations are found, Defender for Cloud presents recommendations such as:
EDR configuration issues should be resolved on virtual machinesEDR configuration issues should be resolved on EC2sAnti-Virus component in your EDR is off or partially configuredAnti-Virus component of your EDR uses outdated signatures
Once you locate these recommendations, you can remediate them.