AzureMonitorLinuxAgent vs. AzureSecurityLinuxAgent vs. AzureDefenderForServers.MDE.Linux

MartinMacko-9882 10 Reputation points


Can somebody help me to understand the difference between these 3 agents?

  1. Microsoft.Azure.Monitor.AzureMonitorLinuxAgent
  2. Microsoft.Azure.Security.Monitoring.AzureSecurityLinuxAgent (or AzureSecurityWindowsAgent)
  3. Microsoft.Azure.AzureDefenderForServers.MDE.Linux

We want to enable defender for servers and enable vulnerability scanning.

I thought that MDE.Linux agent is the one which is doing vulnerability scanning, but what is then role of AzureSecurityLinuxAgent ?

If AzureSecurityLinuxAgent is only for logging some data to feed defender for cloud, then what is the purpose of AzureMonitorLinuxAgent?

The worst thing is there is almost no documentation about what actually these agents do. I understand that AzureMonitorLinuxAgent is basically Azure Monitor agent which is used to log specific OS logs and send them to log analytics workspace but what is its role when it comes to defender for cloud?

What I want to know is what is the difference between them, and which agent should we deploy in order to have vulnerability scanning for Azure VMs enabled + what agent to deploy so defender for cloud has all the necessary info from the VM?


Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
828 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. David Broggy 4,771 Reputation points MVP

    Hi Martin,

    You shouldn't need any agents aside from the initial deployment of defender for server:
    "When you enable Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2, agentless scanning is enabled on by default."

    As for the 3 agents you mentioned:
    #1 is old, #2 (AMA) is new, and #3 is the Defender for Server agent.

    At least that's my understanding.


  2. Andrew Blumhardt 8,346 Reputation points Microsoft Employee
    1. Microsoft.Azure.Monitor.AzureMonitorLinuxAgent - New AMA for Linux
    2. AzureSecurityWindowsAgent - I assume this is something related to Defender for Servers
    3. Microsoft.Azure.AzureDefenderForServers.MDE.Linux - This is the MDE client for Linux
    0 comments No comments