แก้ไข

แชร์ผ่าน


Defender for Endpoint/Defender for Vulnerability Management integration

Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management integrate natively with Defender for Cloud to provide:

  • Integrated security capabilities: Security capabilities provided by Defender for Endpoint, Defender Vulnerability Management, and Defender for Cloud come together to provide end-to-end protection for machines protected by the Defender for Servers plan.
  • Licensing: Defender for Servers covers licensing for Defender for Endpoint Plan 2. Licensing is charged per hour instead of per user, reducing costs by protecting VMs only when they're in use.
  • Agent provisioning: Defender for Cloud can automatically provision the Defender for Endpoint sensor on supported machines connected to Defender for Cloud.
  • Unified alerts: Alerts and vulnerability data from Defender for Endpoint appear in Defender for Cloud in the Azure portal. You can move to the Defender portal to drill down for detailed alert information and context.

Security capabilities

Defender for Cloud integrates security capabilities provided by Defender for Endpoint and Defender Vulnerability Management.

Integration architecture

Defender for Endpoint automatically creates a tenant when you use Defender for Cloud to monitor your machines.

Defender for Endpoint stores collected data in the tenant's geo-location as identified during provisioning.

  • Customer data, in pseudonymized form, might also be stored in the central storage and processing systems in the United States.
  • After you configure the location, you can't change it.
  • If you have your own license for Defender for Endpoint and need to move your data to another location, contact Microsoft support to reset the tenant.

Move between subscriptions

You can move Defender for Endpoint between subscriptions in the same tenant or between different tenants.

  • Move to a different subscription in the same tenant: To move your Defender for Endpoint extension to a different subscription in the same tenant, delete either the MDE.Linux or MDE.Windows extension from the virtual machine. Defender for Cloud will automatically redeploy it.

  • Move subscriptions between tenants: If you move your Azure subscription between Azure tenants, some manual preparatory steps are required before Defender for Cloud deploys Defender for Endpoint. For full details, contact Microsoft support.

Health status for Defender for Endpoint

Defender for Servers provides visibility to the Defender for Endpoint agents installed on your VMs.

Prerequisites

You must have either:

  • Defender for Servers P2 enabled.
    or,
  • Defender CSPM enabled with Defender for Servers plan 1 enabled.

Visibility into health issues in Defender for Servers

Defender for Servers provides visibility into two main types of health issues:

  • Installation Issues: Errors during the agent's installation.

  • Heartbeat Issues: Problems where the agent is installed but not reporting correctly.

Sometimes, Defender for Endpoint doesn't apply to certain servers. This status is also shown as described in the last query.

Defender for Servers shows specific error messages for each issue type. These messages explain the problem. When available, you'll also find instructions to fix the issue.

Health status updates every four hours. This ensures the issue reflects the state from the last four hours.

To see Defender for Endpoint health issues, use the security explorer as follows:

  • To find all the unhealthy virtual machines (VMs) with the issues mentioned, run the following query:

    Screenshot of query of unhealthy virtual machines.

  • Another way to access this data:

    Screenshot of alternate query of unhealthy virtual machines.

  • To find all the healthy VMs where Defender for Endpoint works correctly, run the following query:

    Screenshot of query of healthy virtual machines.

  • To get the list of VMs where Defender for Endpoint isn't applicable, run the following query:

    Screenshot of query of virtual machines where Defender for Endpoint isn't applicable.

Next steps

Learn more about EDR recommendations in Defender for Servers.