Azure Defender for Cloud Portal vs Microsoft Defender Portal

Sibba Sailor 80 Reputation points
2024-07-29T11:12:39.9633333+00:00

Hi All,

I have enabled Defender for Cloud (on Azure Portal) on few of the Windows 10 and 11 VMs in Azure, but the security recommendation that I see under Microsoft Defender Portal (security.microsoft.com) for these VMs does not appear under Defender for Cloud page on Azure Portal (portal.azure.com). Is this how it's expected to work?

I wanted to have a single pane of glass to view both Defender for Cloud and Defender for Endpoint security recommendations. Do I have to jump between Microsoft Defender Portal (security.microsoft.com) and Defender for Cloud (Azure Portal) to gather all the security recommendations.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 51,365 Reputation points MVP Volunteer Moderator
    2024-07-29T11:54:51.9833333+00:00

    Defender for Servers is available only for Windows 11 multi-session VMs - as per https://learn.microsoft.com/en-us/azure/defender-for-cloud/support-matrix-defender-for-servers

    As per https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-overview#windows , you also cannot use Azure Monitor Agent support for Windows client OS in this case

    Services and features supported
    Services and features supported
    Microsoft Sentinel ✓ (View scope)
    VM Insights
    Microsoft Defender for Cloud - Only uses MDE agent
    Automation Update Management - Moved to Azure Update Manager
    Azure Stack HCI
    Update Manager - no longer uses agents
    Change Tracking
    SQL Best Practices Assessment

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


  2. Andrew Blumhardt 10,051 Reputation points Microsoft Employee
    2024-07-31T12:27:48.0433333+00:00

    Defender for Cloud (or in this case Defender for Servers) as the name implies, is really more for servers or VMs acting in a server capacity. Defender for Servers collaborates with MDE and includes an MDE license. An increasing number of OS-level features are moving to MDE like assessments and FIM.

    Consider that your average Windows desktop OS is intended for end-users. Non-server devices in MDE are covered by the user's E5 license. MDE protects the device and OS. Point being that MDC_D4S and MDE and really two unique services than are complimentary.

    It may also help to consider that these were at one time completely separate solutions and developers could not assume that customers would have both, leading to a degree of overlap. The recommendations on both sides remain different. For MDC they are mostly about cloud security posture and in MDE they focus application and OS hardening.

    Ideally you will use MDE for common security posture management across all devices and MDC for those recommendations unique to a cloud-hosted VMs and Servers. I agree that a combined view would be more convenient but I can't say if that is on the roadmap.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.