Defender for Cloud

Mohammed Thahif BK 341 Reputation points


We recently enabled Microsoft defender for cloud - Standard plan as part of XDR requirement. With this I have got couple of queries.

Since this is already installs MDE agent, is it not required to install Antimalware solution?

How do ensure this works as expected? how can we test this functionality?

I know, MDE comes with its own portal ( to manage. what different kinds of policies can be set?

Is it possible to view, retrieve data collected by MDE on Azure portal itself? How?

It would be really good if someone can guide us through right direction, it seems to be lot of confusing terms and articles about these.


Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,239 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andrew Blumhardt 9,676 Reputation points Microsoft Employee

    Defender for Cloud uses the Microsoft Monitoring Agent currently (vs the new Azure Monitor Agent). The recommended deployment method for hybrid (non-Azure) is using Azure Arc. Defender for Cloud will deploy the MMA agent to all servers in the subscription (and on Azure Arc) using an extension. This will also activate Defender for Endpoint using an extension. Hybrid Windows servers onboarded using a stand-alone MMA install and Linux servers may require separate MDE activation.

    Defender for Endpoint uses the built-in Defender AV service as an agent. There is no agent to install on modern Windows OS. It is simply a matter of activation the service included in the OS. MDE also relies on policy deployed through GPO, Intune, or MECM to configure the antivirus agent settings and the OS hardening recommendations (ASR). Even though Defender for Cloud may activate MDE you will still want to configure these policies separately. MDE will also provide recommendations to improve OS hardening.

    To verify your onboarding start by using the device inventory on the Microsoft 365 Defender portal. There is an onboarding section under Settings>Endpoints to assist you with any additional onboarding if needed.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Mohammed Thahif BK 341 Reputation points

    @Andrew Blumhardt @JamesTran-MSFT - thanks. I was looking for what policies can be configured in defender portal. I come from non-secuirty background, would be good if you can shre some commonly used policies to be set in the portal.

    0 comments No comments