Connect your non-Azure machines to Microsoft Defender for Cloud
Microsoft Defender for Cloud can monitor the security posture of your non-Azure machines, but first you need to connect them to Azure.
You can connect your non-Azure computers in any of the following ways:
- Onboarding with Azure Arc:
- By using Azure Arc-enabled servers (recommended)
- By using the Azure portal
- Onboarding directly with Microsoft Defender for Endpoint
This article describes the methods for onboarding with Azure Arc.
If you're connecting machines from other cloud providers, see Connect your AWS account or Connect your GCP project. The multicloud connectors for Amazon Web Services (AWS) and Google Cloud Platform (GCP) in Defender for Cloud transparently handle the Azure Arc deployment for you.
Prerequisites
To complete the procedures in this article, you need:
A Microsoft Azure subscription. If you don't have an Azure subscription, you can sign up for a free one.
Microsoft Defender for Cloud set up on your Azure subscription.
Access to an on-premises machine.
Connect on-premises machines by using Azure Arc
A machine that has Azure Arc-enabled servers becomes an Azure resource. When you install the Log Analytics agent on it, it appears in Defender for Cloud with recommendations, like your other Azure resources.
Azure Arc-enabled servers provide enhanced capabilities, such as enabling guest configuration policies on the machine and simplifying deployment with other Azure services. For an overview of the benefits of Azure Arc-enabled servers, see Supported cloud operations.
To deploy Azure Arc on one machine, follow the instructions in Quickstart: Connect hybrid machines with Azure Arc-enabled servers.
To deploy Azure Arc on multiple machines at scale, follow the instructions in Connect hybrid machines to Azure at scale.
Defender for Cloud tools for automatically deploying the Log Analytics agent work with machines running Azure Arc. However, this capability is currently in preview. When you connect your machines by using Azure Arc, use the relevant Defender for Cloud recommendation to deploy the agent and benefit from the full range of protections that Defender for Cloud offers:
- Log Analytics agent should be installed on your Linux-based Azure Arc machines
- Log Analytics agent should be installed on your Windows-based Azure Arc machines
Connect on-premises machines by using the Azure portal
After you connect Defender for Cloud to your Azure subscription, select Direct onboarding in the Environment Settings of the Defender for Cloud to directly enable Defender for Cloud on your on-premises machines
Microsoft Defender for Endpoint integration or agentless scanning
Defender for Cloud collects data from your non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats. Some Defender plans require monitoring components to collect data from your workloads.
Data collection is required to provide visibility into missing updates, misconfigured OS security settings, endpoint protection status, and health and threat protection.
To ensure your servers are secured, receive all the security content of Defender for Servers, verify Defender for Endpoint (MDE) integration and agentless disk scanning are enabled on your subscriptions. This ensures you'll seamlessly be up to date and receive all the alternative deliverables once they're provided.
Verify that your machines are connected
Your Azure and on-premises machines are available to view in one location.
To verify that your machines are connected:
Sign in to the Azure portal.
Search for and select Microsoft Defender for Cloud.
On the Defender for Cloud menu, select Inventory to show the asset inventory.
Filter the page to view the relevant resource types. These icons distinguish the types:
Non-Azure machine
Azure VM
Azure Arc-enabled server
Integrate with Microsoft Defender XDR
When you enable Defender for Cloud, Defender for Cloud's alerts are automatically integrated into the Microsoft Defender Portal. No further steps are needed.
The integration between Microsoft Defender for Cloud and Microsoft Defender XDR brings your cloud environments into Microsoft Defender XDR. With Defender for Cloud's alerts and cloud correlations integrated into Microsoft Defender XDR, SOC teams can now access all security information from a single interface.
Learn more about Defender for Cloud's alerts in Microsoft Defender XDR.
Clean up resources
There's no need to clean up any resources for this article.
Next steps
- Protect all of your resources with Defender for Cloud.
- Set up your AWS account and GCP projects.