This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 28.000000000000004%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Since last few days, I am receiving lots of requests from the users about to know when the Azure VM was connected or integrated with Microsoft Defender for Cloud.
Eg:- The VM was not connected with Defender for Cloud in Sept 2022 and now it's found connected. Tried to get information from Audit logs but didn't find a records past 30 days.
Is there any way to know the exact date when the Azure VM got connected with Defender for Cloud?
Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik
Thank you for posting your query on Microsoft Q&A. From above description I could understand that you want to know when did the VM first onboarded to Microsoft Defender for Cloud.
Please do correct me if this is not the case by responding in the comments section.
Microsoft Defender for cloud is enabled at subscription level and plans available under Cloud Workload Protection (CWP) are responsible for actions on your resources.
For example if you are trying to target VM in your environment, then CSPM plan has to be enabled, and once enabled any VM deployed in the environment will be visible under defender for cloud inventory, this should be done on very same day when VM is deployed.
If you have enabled monitoring agent for the device you may get the details from Log-analytics
If you did push Endpoint protection say via Azure policy, then device would be visible then it would be visible on defender for endpoint portal along with onboarding date, which you could consider the time when device was on boarded to defender for endpoint.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.