What types of virtual machines are supported?
Monitoring and recommendations are available for virtual machines (VMs) created using both the classic and Resource Manager deployment models.
See Supported platforms in Microsoft Defender for Cloud for a list of supported platforms.
Why doesn't Microsoft Defender for Cloud recognize the antimalware solution running on my Azure VM?
Microsoft Defender for Cloud has visibility into antimalware installed through Azure extensions. For example, Defender for Cloud isn't able to detect antimalware that was preinstalled on an image you provided or if you installed antimalware on your virtual machines using your own processes (such as configuration management systems).
Why do I get the message "Missing Scan Data" for my VM?
This message appears when there's no scan data for a VM. It can take some time (less than an hour) for scan data to populate after Data Collection is enabled in Microsoft Defender for Cloud. After the initial population of scan data, you might receive this message because there's no scan data at all or there's no recent scan data. Scans don't populate for a VM in a stopped state. This message could also appear if scan data hasn't populated recently (in accordance with the retention policy for the Windows agent, which has a default value of 30 days).
How often does Defender for Cloud scan for operating system vulnerabilities, system updates, and endpoint protection issues?
Following are the latency times for Defender for Cloud scans of vulnerabilities, updates, and issues:
- Operating system security configurations - data is updated within 48 hours
- System updates - data is updated within 24 hours
- Endpoint Protection issues - data is updated within 8 hours
Defender for Cloud typically scans for new data every hour, and refreshes the recommendations accordingly.
Defender for Cloud uses monitoring components to collect and store data. To learn more about monitoring components.
Why do I get the message "VM Agent is Missing"?
The VM Agent must be installed on VMs to enable Data Collection. The VM Agent is installed by default for VMs that are deployed from the Azure Marketplace. For information on how to install the VM Agent on other VMs, see the blog post VM Agent and Extensions.
How are VM snapshots secured?
Agentless scanning protects disk snapshots according to Microsoft's highest security standards. To ensure VM snapshots are private and secure during the analysis process, some of the measures taken are:
- Data is encrypted at rest and in-transit.
- Snapshots are immediately deleted when the analysis process is complete.
- Snapshots remain within their original AWS or Azure region. EC2 snapshots aren't copied to Azure.
- Isolation of environments per customer account/subscription.
- Only metadata containing scan results is sent outside the isolated scanning environment.
- All operations are audited.
What is the auto-provisioning feature for Bring Your Own License (BYOL), and can it be applied on multiple solutions?
The Defender for Cloud BYOL integration only allows one solution to have auto-provisioning enabled per subscription. The BYOL feature scans all unhealthy machines on the subscription. Unhealthy refers to any machine that doesn't have a VA solution installed, and automatically remediates them by installing the selected VA solution.
Auto-provisioning will use the single selected BYOL solution for remediation. If no solution is selected, or if multiple solutions have auto-provisioning enabled, the system will not perform an auto-remediation process since it can't decide which solution to prioritize on its own.