Quickstart: Connect your non-Azure machines to Microsoft Defender for Cloud

Defender for Cloud can monitor the security posture of your non-Azure computers, but first you need to connect them to Azure.

You can connect your non-Azure computers in any of the following ways:

  • Using Azure Arc-enabled servers (recommended)
  • From Defender for Cloud's pages in the Azure portal (Getting started and Inventory)

Each of these is described on this page.

Tip

If you're connecting machines from other cloud providers, see Connect your AWS accounts or Connect your GCP projects. Defender for Cloud's multicloud connectors for AWS and GCP transparently handles the Azure Arc deployment for you.

Add non-Azure machines with Azure Arc

The preferred way of adding your non-Azure machines to Microsoft Defender for Cloud is with Azure Arc-enabled servers.

A machine with Azure Arc-enabled servers becomes an Azure resource and - when you've installed the Log Analytics agent on it - appears in Defender for Cloud with recommendations like your other Azure resources.

In addition, Azure Arc-enabled servers provides enhanced capabilities such as the option to enable guest configuration policies on the machine, simplify deployment with other Azure services, and more. For an overview of the benefits, see Supported cloud operations.

Note

Defender for Cloud's auto-deploy tools for deploying the Log Analytics agent works with machines running Azure Arc however this capability is currently in preview . When you've connected your machines using Azure Arc, use the relevant Defender for Cloud recommendation to deploy the agent and benefit from the full range of protections offered by Defender for Cloud:

Learn more about Azure Arc-enabled servers.

To deploy Azure Arc:

Add non-Azure machines from the Azure portal

  1. From Defender for Cloud's menu, open the Getting started page.

  2. Select the Get started tab.

  3. Below Add non-Azure servers, select Configure .

    Get Started tab in the Getting started page.

    Tip

    You can also open add machines from the inventory page's Add non-Azure servers button.

    Adding non-Azure machines from the asset inventory page.

    A list of your Log Analytics workspaces is shown. The list includes, if applicable, the default workspace created for you by Defender for Cloud when automatic provisioning was enabled. Select this workspace or another workspace you want to use.

    You can add computers to an existing workspace or create a new workspace.

  4. Optionally, to create a new workspace, select Create new workspace.

  5. From the list of workspaces, select Add Servers for the relevant workspace.

    The Agents management page appears.

    From here, choose the relevant procedure below depending on the type of machines you're onboarding:

Onboard your Linux machines

To add Linux machines, you need the WGET command from the Agents management page.

  1. From the Agents management page, copy the WGET command into Notepad. Save this file to a location that can be accessible from your Linux computer.

  2. On your Linux computer, open the file with the WGET command. Select the entire content and copy and paste it into a terminal console.

  3. When the installation completes, you can validate that the omsagent is installed by running the pgrep command. The command will return the omsagent PID.

    The logs for the Agent can be found at: /var/opt/microsoft/omsagent/\<workspace id>/log/. It might take up to 30 minutes for the new Linux machine to appear in Defender for Cloud.

Onboard your Windows machines

To add Windows machines, you need the information on the Agents management page and to download the appropriate agent file (32/64-bit).

  1. Select the Download Windows Agent link applicable to your computer processor type to download the setup file.
  2. From the Agents management page, copy the Workspace ID and Primary Key into Notepad.
  3. Copy the downloaded setup file to the target computer and run it.
  4. Follow the installation wizard (Next, I Agree, Next, Next).
    1. On the Azure Log Analytics page, paste the Workspace ID and Workspace Key (Primary Key) that you copied into Notepad.
    2. If the computer should report to a Log Analytics workspace in Azure Government cloud, select Azure US Government from the Azure Cloud dropdown list.
    3. If the computer needs to communicate through a proxy server to the Log Analytics service, select Advanced and provide the URL and port number of the proxy server.
    4. When you've entered all of the configuration settings, select Next.
    5. From the Ready to Install page, review the settings to be applied and select Install.
    6. On the Configuration completed successfully page, select Finish.

When complete, the Microsoft Monitoring agent appears in Control Panel. You can review your configuration there and verify that the agent is connected.

For further information on installing and configuring the agent, see Connect Windows machines.

Verifying

Congratulations! Now you can see your Azure and non-Azure machines together in one place. Open the asset inventory page and filter to the relevant resource types. These icons distinguish the types:

Defender for Cloud icon for non-Azure machine. Non-Azure machine

Defender for Cloud icon for Azure machine. Azure VM

Defender for Cloud icon for Azure Arc server. Azure Arc-enabled server

Next steps

This page showed you how to add your non-Azure machines to Microsoft Defender for Cloud. To monitor their status, use the inventory tools as explained in the following page: