You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/plan-defender-for-servers.md
+11-5Lines changed: 11 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,12 +14,12 @@ This guide helps you design and plan an effective Defender for Servers deploymen
14
14
15
15
## About this guide
16
16
17
-
The intended audience of this guide is cloud solution and infrastructure architects, security architects and analysts, and anyone who's involved in protecting cloud and hybrid servers and workloads.
17
+
The intended audience of this guide is cloud solution and infrastructure architects, security architects and analysts, and anyone who's involved in protecting cloud and hybrid servers and workloads.
18
18
19
19
The guide answers these questions:
20
20
21
21
- What does Defender for Servers do and how is it deployed?
22
-
- Where will my data be stored and what Log Analytics workspaces do I need?
22
+
- Where is my data stored and what Log Analytics workspaces do I need?
23
23
- Who needs access to my Defender for Servers resources?
24
24
- Which Defender for Servers plan should I choose and which vulnerability assessment solution should I use?
25
25
- When do I need to use Azure Arc and which agents and extensions are required?
@@ -34,14 +34,20 @@ Before you review the series of articles in the Defender for Servers planning gu
34
34
35
35
## Deployment overview
36
36
37
-
The following diagram shows an overview of the Defender for Servers deployment process:
37
+
The following table shows an overview of the Defender for Servers deployment process:
38
38
39
-
:::image type="content" source="media/plan-defender-for-servers/deployment-overview.png" border="false" alt-text="Diagram showing a summary overview of the deployment steps for Microsoft Defender for Servers.":::
| Start protecting resources | • When you open Defender for Cloud in the portal, it starts protecting resources with free foundational CSPM assessments and recommendations.<br /><br />• Defender for Cloud creates a default Log Analytics workspace with the *SecurityCenterFree* solution enabled.<br /><br />• Recommendations start appearing in the portal. |
42
+
| Enable Defender for Servers | • When you enable a paid plan, Defender for Cloud enables the *Security* solution on its default workspace.<br /><br />• Enable Defender for Servers Plan 1 (subscription only) or Plan 2 (subscription and workspace).<br /><br />• After enabling a plan, decide how you want to install agents and extensions on Azure VMs in the subscription or workgroup.<br /><br />•By default, auto-provisioning is enabled for some extensions. |
43
+
| Protect AWS/GCP machines | • For a Defender for Servers deployment, you set up a connector, turn off plans you don't need, configure auto-provisioning settings, authenticate to AWS/GCP, and deploy the settings.<br /><br />• Auto-provisioning includes the agents used by Defender for Cloud and the Azure Connected Machine agent for onboarding to Azure with Azure Arc.<br /><br />• AWS uses a CloudFormation template.<br /><br />• GCP uses a Cloud Shell template.<br /><br />• Recommendations start appearing in the portal. |
44
+
| Protect on-premises servers | • Onboard them as Azure Arc machines and deploy agents with automation provisioning. |
45
+
| Foundational CSPM | • There are no charges when you use foundational CSPM with no plans enabled.<br /><br />• AWS/GCP machines don't need to be set up with Azure Arc for foundational CSPM. On-premises machines do.<br /><br />• Some foundational recommendations rely only agents: Antimalware / endpoint protection (Log Analytics agent or Azure Monitor agent) \| OS baselines recommendations (Log Analytics agent or Azure Monitor agent and Guest Configuration extension) \| System updates recommendation (Log Analytics agent) |
40
46
41
47
- Learn more about [foundational cloud security posture management (CSPM)](concept-cloud-security-posture-management.md#defender-cspm-plan-options).
42
48
- Learn more about [Azure Arc](../azure-arc/index.yml) onboarding.
43
49
44
-
When you enable [Microsoft Defender for Servers](defender-for-servers-introduction.md) on an Azure subscription or a connected AWS account, all of the connected machines will be protected by Defender for Servers. You can enable Microsoft Defender for Servers at the Log Analytics workspace level, but only servers reporting to that workspace will be protected and billed and those servers won't receive some benefits, such as Microsoft Defender for Endpoint, vulnerability assessment, and just-in-time VM access.
50
+
When you enable [Microsoft Defender for Servers](defender-for-servers-introduction.md) on an Azure subscription or a connected AWS account, all of the connected machines are protected by Defender for Servers. You can enable Microsoft Defender for Servers at the Log Analytics workspace level, but only servers reporting to that workspace will be protected and billed and those servers won't receive some benefits, such as Microsoft Defender for Endpoint, vulnerability assessment, and just-in-time VM access.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments