Install endpoint protection solution on virtual machines

JKFrancis 76 Reputation points
2022-01-28T18:17:45.96+00:00

We have defender as the antivirus software which is already installed on the virtual machines, but why does Azure Advisor - Security states that we need to "Install endpoint protection solution on virtual machines " ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,296 questions
{count} votes

6 answers

Sort by: Most helpful
  1. Olumide Oluyisola 16 Reputation points
    2023-01-14T19:51:06.7033333+00:00

    Hi,

    This problem persists. I have a subscription where this ("Install endpoint protection solution on virtual machines") is currently highlighted as an issue in the Microsoft Defender for Cloud Recommendations.

    When you try to investigate, it tells you that it has been replaced by the new policy "Endpoint Protection not installed on Azure VMs" but this one policy still remains.

    It is also not possible to disable it from the security policy-initiative parameters.

    Has anyone been able to resolve this issue?

    3 people found this answer helpful.

  2. Aneesh Nicola J 10 Reputation points
    2023-06-05T10:22:18.2666667+00:00

    Facing same issue even though the devices have defender installed in them .Is this known Bug ?

    2 people found this answer helpful.

  3. Givary-MSFT 27,411 Reputation points Microsoft Employee
    2022-01-31T07:52:48.89+00:00

    @JKFrancis

    Apologies for the delay in responding to your query. Do you see this alert for all the machines where defender is installed ?

    Following are the settings checked when Azure security advisor reports this alert.

    Defender for Cloud recommends Endpoint protection should be installed on your machines when Get-MpComputerStatus runs and the result is AMServiceEnabled: False

    Defender for Cloud recommends Endpoint protection health issues should be resolved on your machines when Get-MpComputerStatus runs and any of the following occurs:

    Any of the following properties are false:

    AMServiceEnabled
    AntispywareEnabled
    RealTimeProtectionEnabled
    BehaviorMonitorEnabled
    IoavProtectionEnabled
    OnAccessProtectionEnabled

    If one or both of the following properties are 7 or more:

    AntispywareSignatureAge
    AntivirusSignatureAge

    Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/endpoint-protection-recommendations-technical?wt.mc_id=defenderforcloud_inproduct_portal_recoremediation&WT.mc_id=Portal-Microsoft_Azure_Security

    Deployment Guide for Microsoft Defender for Endpoint - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide

    If you have any other questions, please let me know.

    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if my answer helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

  4. Ilkin Jamalli 5 Reputation points
    2024-01-29T13:50:47.82+00:00

    Advisor says "Install endpoint protection solution on virtual machines" however there is a following Note: There’s an updated version of this recommendation. See ‘Endpoint protection should be installed on your machines’. When I click on updated version of the recommendation it doesn't show a single VM.
    So, if this genuine recommendation why the new version doesn't show a single machine. If this is not false positive, why this is not fixed?

    1 person found this answer helpful.
    0 comments No comments

  5. Andrew Kendall 0 Reputation points
    2024-02-01T12:48:15.4033333+00:00

    User's image