Install endpoint protection solution on virtual machines

JKFrancis 31 Reputation points
2022-01-28T18:17:45.96+00:00

We have defender as the antivirus software which is already installed on the virtual machines, but why does Azure Advisor - Security states that we need to "Install endpoint protection solution on virtual machines " ?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,544 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olumide Oluyisola 11 Reputation points
    2023-01-14T19:51:06.7033333+00:00

    Hi,

    This problem persists. I have a subscription where this ("Install endpoint protection solution on virtual machines") is currently highlighted as an issue in the Microsoft Defender for Cloud Recommendations.

    When you try to investigate, it tells you that it has been replaced by the new policy "Endpoint Protection not installed on Azure VMs" but this one policy still remains.

    It is also not possible to disable it from the security policy-initiative parameters.

    Has anyone been able to resolve this issue?

    2 people found this answer helpful.
  2. Givary-MSFT 13,316 Reputation points Microsoft Employee
    2022-01-31T07:52:48.89+00:00

    @JKFrancis

    Apologies for the delay in responding to your query. Do you see this alert for all the machines where defender is installed ?

    Following are the settings checked when Azure security advisor reports this alert.

    Defender for Cloud recommends Endpoint protection should be installed on your machines when Get-MpComputerStatus runs and the result is AMServiceEnabled: False

    Defender for Cloud recommends Endpoint protection health issues should be resolved on your machines when Get-MpComputerStatus runs and any of the following occurs:

    Any of the following properties are false:

    AMServiceEnabled
    AntispywareEnabled
    RealTimeProtectionEnabled
    BehaviorMonitorEnabled
    IoavProtectionEnabled
    OnAccessProtectionEnabled
    If one or both of the following properties are 7 or more:

    AntispywareSignatureAge
    AntivirusSignatureAge

    Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/endpoint-protection-recommendations-technical?wt.mc_id=defenderforcloud_inproduct_portal_recoremediation&WT.mc_id=Portal-Microsoft_Azure_Security

    Deployment Guide for Microsoft Defender for Endpoint - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide

    If you have any other questions, please let me know.

    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if my answer helped, so that others in the community facing similar issues can easily find the solution.