How to Onboard Windows servers to Microsoft Defender for Endpoint using Defender for Cloud

Mahavir Saroj 201 Reputation points

We have configured Microsoft Defender for Server Plan 1 in our environment.

How to Onboard windows server automatically in Microsoft defender for endpoint using Defender for cloud. Where we can see the device reporting and logs. What are the RBAC permission are required for Defender for endpoint portal.

As we know Log Analatics agent is going to be depreciated. Then what is the use of Log analytics agent component option in settings. (Snapshot is attached)

We are using AMA agent and AMA agent (extension) pushed from Data collection Rules (monitor) How we can use AMA agent with Defender for cloud for saving the events and logs

If we remove the Log Analytics extension, Defender for Cloud can't collect security data and recommendations, resulting in missing alerts. Within 24 hours, Defender for Cloud determines that the extension is missing and reinstalls it.

User's image

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,238 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,676 Reputation points Microsoft Employee

    I think your main question is what happens when the MMA agent is depreciated later this year, correct?

    The 'Learn More" link in the portal will explain this in greater detail. MDC is moving to an agentless model that uses a combination of agentless scans and collaboration with MDE features.

    While Agent onboarding is enabled, and Azure policy will redeploy the extension every 12-24 hours.

    Defender for Severs P1 and P2 will continue to use the MDE extension to enable MDE.