Constraints when using Microsoft Defender for Cloud and Azure Sentinel and Azure Arc against on-premises outside of Azure

Question

I would like to use Microsoft Defender for Cloud and Azure Sentinel and Azure Arc to protect on-premises servers that exist outside of Azure.

Microsoft Defender for Cloud and Azure Sentinel and Azure Arc features fall into which of the following categories?

・A function that can be used for on-premises servers that exist outside of Azure

・Functions that cannot be used

・For on-premises use, VPN Gateway or Azure ExpressRoute to connect on-premises to the Azure virtual network

I have been unable to understand what features of Microsoft Defender for Cloud and Azure Sentinel and Azure Arc are available for on-premises servers that reside outside of Azure.

Can you please tell me in detail.🥺

Answer 1

Arc and the agents (extensions) installed send data to public endpoints. The data is encrypted in transit and at rest using TLS 1.2. Special steps are required to us VPN or ExpressRoute (neither is required). TO force this communication over the VPN/ER you need AMPLS. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security

Answer 2

@杉田 世紀 Thank you for reaching out to us, As I understand you would like to understand Microsoft Defender for cloud/Azure sentinel/Azure Arc for on-premise servers.

Microsoft Defender for Cloud monitors the security posture of your Azure resources

Microsoft Defender for Cloud allows you to protect non-Azure resources located on-premises or on other cloud providers, from virtual machines, Kubernetes services and SQL resources.

To do so, those resources need to be connected to Azure by leveraging Azure Arc service – meaning that you can now manage and operate all your existing IT resources consistently and at-scale, wherever they reside, from Azure. You can also run Azure services anywhere, on-premises or in other public clouds, and take advantage of cloud benefits everywhere, such as scalability, fast deployment, and always up-to-date cloud innovation. 

Microsoft Defender for Cloud overview

• Strengthen your cloud security posture
• Protect your multicloud and hybrid workloads by leveraging Azure ARC.

What is Azure ARC - https://www.youtube.com/watch?v=HwmRsDRuskk

Connect Azure Arc-enabled servers to Microsoft Sentinel - https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-azure-sentinel#:~:text=Connect%20Azure%20Arc%2Denabled%20servers%20to%20Microsoft%20Sentinel

Let me know if you have any further questions, feel free to post back.

Answer 3

thank you.

I have read the provided documentation and have some questions.

Condition A

Install the Log Analytics agent on the on-premises Smith server you want to protect and register the on-premises Smith server with Azure Arc.

Condition B

The on-premises Smith server communicates with the Internet without going through Azure for communications other than the Log Analytics agent.

Condition C.

All communication performed by the on-premises Smith server is communicated with the outside via the Azure network.

I understand that condition A must be met in order to protect on-premises Smith servers with Microsoft Defender for Cloud and Azure Sentinel.

However, I wasn't sure if condition C must also be met or if condition B can also use Microsoft Defender for Cloud and Azure Sentinel.

I cannot meet condition C.

Answer 4

I'm sorry, I didn't convey my intentions correctly to you because my explanation was insufficient.

I don't want to meet condition C.

I want to continue to use the on-premises server network without changing it.

Can I use all features of Microsoft Defender for Cloud and Azure Sentinel even if I only meet condition A and condition B?

Answer 5

Thank you for your detailed explanation.