This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 12%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Our organization is striving to adhere to the Microsoft Defender for Cloud recommended practice of 'EDR solution should be installed on Virtual Machines.' However, we are encountering difficulties as the button for exception handling is not visible. (The VM's OS is using linux.)
Could you please advise if there are alternative methods for implementing exception handling for the recommended practice? We would appreciate any guidance on steps we might be overlooking or alternative solutions available.
Additionally, upon reviewing the logs under 'Troubleshoot issues,' we discovered that Crowdstrike, a third-party EDR solution, is already installed and appears to conflict with the installation of Microsoft Defender for Endpoint. Despite the presence of the third-party EDR solution, Microsoft Defender for Cloud does not seem to recognize it.
We are curious as to why Microsoft Defender for Cloud is unable to recognize the existing third-party EDR solution and whether there are any compatibility issues with third-party EDR solutions.
If so, we would like to know if there are any steps we can take to address this.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@용현 정 Thank you for reaching out to us, regarding your ask - why Microsoft Defender for Cloud is unable to recognize the existing third-party EDR solution ?
As far I am aware you can address this scenario via Azure Policy-based extension deployment for MDE, with this you will be able to exempt a particular scope.
Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/extensions-rmpolicy-howto-cli (for linux VMs)
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/extensions-rmpolicy-howto-ps (for windows VMs)
On further checking on this, we improved the capabilities of MDC to address your concern, refer to this doc - https://learn.microsoft.com/en-us/azure/defender-for-cloud/endpoint-detection-response make sure you have required pre-reqs in place.
Let me know if you have further questions, feel free to post back.
To ensure that Microsoft Defender for Cloud's server protection features are applied alongside the discontinuation of Log Analytics Agent support, it seems that Microsoft Defender for Endpoint must be deployed on the VMs in addition to the agentless inspection method. However, if a third-party EDR solution like CrowdStrike is being utilized, it raises questions about the complete integration of the server protection features.
Interesting observation. Defender for Servers has a strong link to Microsoft's EDR solution Defender for Endpoint (MDE). D4S P1 and P2 include MDE for Servers.
This recommendation can only detect MDE in active mode. In cases where you have a 3rd party EDR as primary, the policy cannot detect the 3rd party solution. The workaround would be an exception or disabling the source policy.
As you indicated, there is no exception option displayed or call back to the source policy. I am not on the dev team and can't say for certain the reason. I suspect the reason is related to the MDE integration options that are part of MDC.
I recommend disabling the source policy directly "Endpoint protection should be installed on your machines".
