Merge pull request #263756 from ElazarK/WI194292-servers-deploy

WI194292 configurations article

Author: v-ccolin

articles/defender-for-cloud/TOC.yml

@@ -480,6 +480,9 @@
       items:
       - name: Deploy Defender for Servers
         href: tutorial-enable-servers-plan.md
+      - name: Configure monitoring coverage
+        displayName: Defender for Servers, monitoring coverage, Log analytics, agentless scanning, Vulnerability assessment, Endpoint protection
+        href: configure-servers-coverage.md
       - name: Plan Defender for Servers deployment
         items:
           - name: Get started

articles/defender-for-cloud/configure-servers-coverage.md

@@ -0,0 +1,84 @@
+---
+title: Configure monitoring coverage
+description: Learn how to configure the different monitoring components that are available in Defender for Servers in Microsoft Defender for Cloud.
+ms.topic: install-set-up-deploy
+ms.date: 01/25/2024
+---
+
+# Configure monitoring coverage
+
+Microsoft Defender for Cloud's Defender for Servers plans contains components that monitor your environments to provide extended coverage on your servers. Each of these components can be enabled, disabled or configured to your meet your specific requirements. 
+
+| Component | Availability | Description | Learn more |
+|--|--|--|--|
+| [Log Analytics agent](plan-defender-for-servers-agents.md) | Plan 1 and Plan 2 | Collects security-related configurations and event logs from the machine and stores the data in your Log Analytics default or custom workspace for analysis. | [Learn more](../azure-monitor/agents/log-analytics-agent.md) about the Log Analytics agent. |
+| [Vulnerability assessment for machines](deploy-vulnerability-assessment-defender-vulnerability-management.md) | Plan 1 and Plan 2 |Enables vulnerability assessment on your Azure and hybrid machines. | [Learn more](monitoring-components.md) about how Defender for Cloud collects data. |
+| [Endpoint protection](integration-defender-for-endpoint.md) | Plan 1 and Plan 2 | Enables protection powered by Microsoft Defender for Endpoint, including automatic agent deployment to your servers, and security data integration with Defender for Cloud | [Learn more](integration-defender-for-endpoint.md) about endpoint protection. |
+| [Agentless scanning for machines](concept-agentless-data-collection.md) | Plan 2 | Scans your machines for installed software and vulnerabilities without relying on agents or impacting machine performance. | [Learn more](concept-agentless-data-collection.md) about agentless scanning for machines. |
+
+When you enable Defender for Servers plan 2, all of these components are toggled to **On** by default.
+
+## Configure Log Analytics agent
+
+After enabling the Log Analytics agent, you'll be presented with the option to select which workspace should be utilized.
+
+**To configure the Log Analytics agent**:
+
+1. Select **Edit configuration**.
+
+    :::image type="content" source="media/configure-servers-coverage/edit-configuration-log.png" alt-text="Screenshot that shows you where on the screen you need to select edit configuration, to edit the log analytics agent/azure monitor agent." lightbox="media/configure-servers-coverage/edit-configuration-log.png":::
+
+1. Select either a **Default workspace(s)** or a **Custom workspace** depending on your need.
+
+    :::image type="content" source="media/configure-servers-coverage/auto-provisioning-screen.png" alt-text="Screenshot of the auto provisioning configuration screen with the available options to select." lightbox="media/configure-servers-coverage/auto-provisioning-screen.png":::
+
+1. Select **Apply**.
+
+1. Select **Continue**.
+
+## Configure vulnerability assessment for machines
+
+Vulnerability assessment for machines allows you to select between two vulnerability assessment solutions:
+
+- Microsoft Defender Vulnerability Management
+- Microsoft Defender for Cloud integrated Qualys scanner
+
+**To select either of the vulnerability assessment solutions**:
+
+1. Select **Edit configuration**.
+
+    :::image type="content" source="media/configure-servers-coverage/vulnerability-edit.png" alt-text="Screenshot that shows you where to select edit for vulnerabilities assessment for machines." lightbox="media/configure-servers-coverage/vulnerability-edit.png":::
+
+1. In the Extension deployment configuration window, select either of the solutions depending on your need.
+
+1. Select **Apply**.
+
+1. Select **Continue**.
+
+## Configure endpoint protection
+
+With Microsoft Defender for Servers, you enable the protections provided by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) to your server resources. Defender for Endpoint includes automatic agent deployment to your servers, and security data integration with Defender for Cloud.
+
+To configure endpoint protection:
+
+1. Toggle the switch to **On**.
+
+1. Select **Continue**.
+
+## Configure agentless scanning for machines
+
+Defender for Cloud has the ability to scan your Azure machines for installed software and vulnerabilities without requiring you to install agents, have network connectivity or affect your machine's performance.
+
+**To configure agentless scanning for machines**:
+
+1. Select **Edit configuration**.
+
+    :::image type="content" source="media/configure-servers-coverage/agentless-scanning-edit.png" alt-text="Screenshot that shows where you need to select to edit the configuration of the agentless scanner." lightbox="media/configure-servers-coverage/agentless-scanning-edit.png":::
+
+1. Enter a tag name and tag value for any machines to be excluded from scans.
+
+1. Select **Apply**.
+
+1. Select **Continue**.
+
+Learn more about agentless scanning and how to [enable agentless scanning](enable-agentless-scanning-vms.md) on other cloud environments.

articles/defender-for-cloud/media/tutorial-enable-servers-plan/agentless-scanning-edit.png renamed to articles/defender-for-cloud/media/configure-servers-coverage/agentless-scanning-edit.png

@@ -43,6 +43,8 @@ You can enable the Defender for Servers plan from the Environment settings page
 
     :::image type="content" source="media/tutorial-enable-servers-plan/enable-servers-plan.png" alt-text="Screenshot that shows you how to toggle the Defender for Servers plan to on." lightbox="media/tutorial-enable-servers-plan/enable-servers-plan.png":::
 
+Once the plan has been enabled, you have the ability to [configure the monitoring settings](configure-servers-coverage.md) to suit your needs.
+
 ### Select a Defender for Servers plan
 
 When you enable the Defender for Servers plan, you're then given the option to select which plan - Plan 1 or Plan 2 - to enable. There are two plans you can choose from that offer different levels of protections for your resources.
@@ -71,75 +73,7 @@ When you enable the Defender for Servers plan, you're then given the option to s
 
 1. Select **Save**.
 
-### Configure monitoring coverage
-
-There are components that can be enabled and configured to provide extra protections to your environments in the Defender for Servers plans.
-
-| Component | Description | Learn more |
-|:--:|:--:|:--:|
-| [Log Analytics agent](plan-defender-for-servers-agents.md) | Collects security-related configurations and event logs from the machine and stores the data in your Log Analytics workspace for analysis. | [Learn more](../azure-monitor/agents/log-analytics-agent.md) about the Log Analytics agent. |
-| [Vulnerability assessment for machines](deploy-vulnerability-assessment-defender-vulnerability-management.md) | Enables vulnerability assessment on your Azure and hybrid machines. | [Learn more](monitoring-components.md) about how Defender for Cloud collects data. |
-| [Endpoint protection](integration-defender-for-endpoint.md) | Enables protection powered by Microsoft Defender for Endpoint, including automatic agent deployment to your servers, and security data integration with Defender for Cloud | [Learn more](integration-defender-for-endpoint.md) about endpoint protection |
-| [Agentless scanning for machines](concept-agentless-data-collection.md) | Scans your machines for installed software and vulnerabilities without relying on agents or impacting machine performance. | [Learn more](concept-agentless-data-collection.md) about agentless scanning for machines. |
-
-Toggle the corresponding switch to **On**, to enable any of these options.
-
-### Configure Log Analytics agent
-
-After enabling the Log Analytics agent, you'll be presented with the option to select which workspace should be utilized.
-
-**To configure the Log Analytics agent**:
-
-1. Select **Edit configuration**.
-
-    :::image type="content" source="media/tutorial-enable-servers-plan/edit-configuration-log.png" alt-text="Screenshot that shows you where on the screen you need to select edit configuration, to edit the log analytics agent/azure monitor agent." lightbox="media/tutorial-enable-servers-plan/edit-configuration-log.png":::
-
-1. Select either a **Default workspace(s)** or a **Custom workspace** depending on your need.
-
-    :::image type="content" source="media/tutorial-enable-servers-plan/auto-provisioning-screen.png" alt-text="Screenshot of the auto provisioning configuration screen with the available options to select." lightbox="media/tutorial-enable-servers-plan/auto-provisioning-screen.png":::
-
-1. Select **Apply**.
-
-### Configure vulnerability assessment for machines
-
-Vulnerability assessment for machines allows you to select between two vulnerability assessment solutions:
-
-- Microsoft Defender Vulnerability Management
-- Microsoft Defender for Cloud integrated Qualys scanner
-
-**To select either of the vulnerability assessment solutions**:
-
-1. Select **Edit configuration**.
-
-    :::image type="content" source="media/tutorial-enable-servers-plan/vulnerability-edit.png" alt-text="Screenshot that shows you where to select edit for vulnerabilities assessment for machines." lightbox="media/tutorial-enable-servers-plan/vulnerability-edit.png":::
-
-1. In the Extension deployment configuration window, select either of the solutions depending on your need.
-
-1. Select **Apply**.
-
-## Configure endpoint protection
-
-With Microsoft Defender for Servers, you enable the protections provided by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) to your server resources. Defender for Endpoint includes automatic agent deployment to your servers, and security data integration with Defender for Cloud.
-
-**To configure endpoint protection**:
-
-1. Toggle the switch to **On**.
-
-### Configure agentless scanning for machines
-
-Defender for Cloud has the ability to scan your Azure machines for installed software and vulnerabilities without requiring you to install agents, have network connectivity or affect your machine's performance.
-
-**To configure agentless scanning for machines**:
-
-1. Select **Edit configuration**.
-
-    :::image type="content" source="media/tutorial-enable-servers-plan/agentless-scanning-edit.png" alt-text="Screenshot that shows where you need to select to edit the configuration of the agentless scanner." lightbox="media/tutorial-enable-servers-plan/agentless-scanning-edit.png":::
-
-1. Enter a tag name and tag value for any machines to be excluded from scans.
-
-1. Select **Apply**.
-
-Learn more about agentless scanning and how to [enable agentless scanning](enable-agentless-scanning-vms.md) on other cloud environments.
+Once the plan has been enabled, you have the ability to [configure the monitoring settings](configure-servers-coverage.md) to suit your needs.
 
 ## Enable the plan at the resource level
 
@@ -156,6 +90,8 @@ Supported resource types include:
 - On-premises with Azure Arc
 - Azure Virtual Machine Scale Sets Flex
 
+Once the plan has been enabled, you have the ability to [configure the monitoring settings](configure-servers-coverage.md) to suit your needs.
+
 ### Enablement via REST API
 
 The ability to enable or disable Defender for Servers at the resource level is available exclusively via REST API. Learn how to [interact with the API](/rest/api/defenderforcloud/pricings) to manage your Defender for Servers at the resource or subscription level.
@@ -175,6 +111,8 @@ Since Microsoft Defender for Endpoint deployment for eligible machines is a near
 - If you plan to roll out and enable Servers Plan 1/Plan 2 at the subscription level and exclude individual existing VMs, make sure you exclude the VMs before (or at the same time) you enable the plan at the subscription level.
 - When you plan to exclude new VMs created under a subscription already enabled for P1/P2, make sure you exclude them during or shortly after creation time, to avoid unintentional deployment of Microsoft Defender for Endpoint.
 
+Once the plan has been enabled, you have the ability to [configure the monitoring settings](configure-servers-coverage.md) to suit your needs.
+
 ### Enablement at scale
 
 Use the following base script file to customize it for your specific needs.
@@ -183,6 +121,8 @@ Use the following base script file to customize it for your specific needs.
 1. Select whether to set pricing by **tag** or by **resource group**.
 1. Follow the onscreen instructions.
 
+Once the plan has been enabled, you have the ability to [configure the monitoring settings](configure-servers-coverage.md) to suit your needs.
+
 ### Monitoring coverage status
 
 To monitor your coverage status, you can use the inventory. In the main menu, select **Inventory** and then check the **plan status** in the “Defender for cloud” column:
@@ -194,4 +134,5 @@ To monitor your coverage status, you can use the inventory. In the main menu, se
 
 ## Next steps
 
+[Configure monitoring coverage](configure-servers-coverage.md)
 [Overview of Microsoft Defender for Servers](defender-for-servers-introduction.md)