Share via

Defender for cloud license required. Azure ARC

Craig Garland 336 Reputation points
2023-07-06T06:14:57.0933333+00:00

Hi

I am trying to get my head around Defender for cloud and adaptive application control. I have been searching the web and don't seem to find clear instructions for any of this. Part of this might be due to not having the correct Defender licenses.

What I am trying to do is setup application whitelisting for on-premises servers. So only approved applications can run. This seems to be covered by adaptive application control.

I have servers connected to Azure via Azure ARC, and I can see them in Defender for cloud. When I go to Defender for cloud | workload protections, | adaptive application controls, I have none in configured, recommended has only our Azure VM, and "no recommendation" has our on-premise servers.

Clicking on "No recommendation" it reports you don't have Defender for cloud's full protections enabled. To upgrade those subscriptions, click here.

So what I would like to know is.

  1. Will Adaptive Application control enforce application whitelisting on my on-premises servers?
  2. How do I confirm what license has been applied to each server?
  3. What license do I require on the on-premise server to enable adaptive application control.

Thanks for your help in advance.

Regards

Craig G

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments
Accepted answer
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-07-07T19:48:01.4233333+00:00

    Hi @Craig Garland , thanks for the question.

    1. Adaptive Application Control does not enforce application whitelisting on your on-premises servers. It provides security alerts if any application runs other than the ones you've defined as safe.
    2. To confirm the license applied to each server, you can check your Azure subscription and the associated licenses.
    3. You need Microsoft Defender for Servers Plan 2 to enable Adaptive Application Control on your on-premises servers.

    Please note that Defender for Cloud needs at least two weeks of data to define unique recommendations per group of machines. Machines that have recently been created or belong to subscriptions that were only recently protected by Microsoft Defender for Servers will appear under the "No recommendation" tab

    In summary, Adaptive Application Control can help you create application whitelisting for your on-premises servers, but it does not enforce it. You need Microsoft Defender for Servers Plan 2 to enable this feature.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Craig Garland 336 Reputation points
    2023-07-09T23:40:14.8733333+00:00

    Hi,

    Thanks for the answer; it does confirm the information I have been discovering.

    I have also found that Defender Plan 2 is assigned to the whole workspace. Do you know if it's possible to create a workspace, assign a limited number of devices to this workspace, and assign Defender Plan 2 licenses?

    Regards

    Craig G

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.