Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to check whether machines are connected to a supported endpoint detection and response (EDR) solution in Microsoft Defender for Cloud.
Microsoft Defender for Cloud includes endpoint detection and response (EDR) capabilities for supported machines. Defender for Cloud:
- Detects whether a machine connects to a supported EDR solution.
- Integrates natively with Microsoft Defender for Endpoint as an EDR solution.
Check for an EDR solution
Defender for Cloud uses agentless scanning to assess whether Azure VMs and AWS/GCP machines are connected to an EDR solution.
Agentless scanning for EDR solution settings is available when Defender for Cloud is running in your Azure subscription and either Defender for Servers Plan 2 or the Defender cloud security posture management (Defender CSPM) plan is enabled.
Based on EDR solution findings, Defender for Cloud provides the following recommendations to help you identify and remediate machines that don't have an EDR solution running. EDR solution recommendations are as follows:
EDR solution should be installed on virtual machinesEDR solution should be installed on EC2 instancesEDR solution should be installed on virtual machines in GCP
Supported EDR solutions
The following table lists the EDR solutions supported by Defender for Cloud:
|Solution | Supported platform|
Next step
Enable Defender for Servers Plan 2 |--- | ---| |Microsoft Defender for Endpoint | Windows| |Microsoft Defender for Endpoint | Linux| |Microsoft Defender for Endpoint Unified Solution | Windows Server 2012/2012 R2| |CrowdStrike (Falcon) | Windows and Linux| |Trellix | Windows and Linux| |Symantec | Windows and Linux| |Sophos | Windows and Linux| |Singularity Platform by SentinelOne | Windows and Linux| |Cortex XDR | Windows and Linux (Supported only when installed via package manager on Linux)|