Recommendation to install Microsoft Defender for Cloud Log Analytics agent on Linux-based Azure Arc-enabled machines appearing never-ending after AWS integration

Pablo Fuenzalida 0 Reputation points
2024-04-09T12:47:20.4666667+00:00

After integrating my AWS environment, I keep seeing the recommendation to install Microsoft Defender for Cloud Log Analytics agent on Linux-based Azure Arc-enabled machines. It seems to be never-ending. How can I resolve this issue?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Claudia Dos Santos Haz (CONCENTRIX CORPORATION) 935 Reputation points Microsoft Vendor
    2024-04-11T09:56:33.05+00:00

    Hello Pablo Fuenzalida,

    Thank you for reaching out to Microsoft Q&A forum!

    1. Log Analytics Agent Integration: The Log Analytics agent is essential for collecting data from your workloads and enabling robust security monitoring. When it’s active, Defender for Cloud automatically deploys the agent on all supported Azure VMs and any new ones created. To configure integration with the Log Analytics agent, follow these steps: From Defender for Cloud’s menu, navigate to Environment settings. Select the relevant subscription. In the Monitoring Coverage column of the Defender plans, click Settings. In the configuration options pane, define the workspace to use: 
      **Connect Azure VMs to the default workspaces** created by **Defender for Cloud**. These workspaces are automatically generated in the same geolocation as your resources. If your subscription contains VMs from multiple geolocations, **Defender for Cloud** creates separate workspaces to comply with data privacy requirements.

  Workspace Naming Convention:

    Workspace: **`DefaultWorkspace-[subscription-ID]-[geo]`**

    Resource Group: **`DefaultResourceGroup-[geo]`**

Alternatively, you can **connect Azure VMs to a different workspace**. Choose an existing workspace or create a new one. This option is useful if you’re using a centralized workspace for security data collection.

  If your selected workspace already has a **Security** or **SecurityCenterFree** solution enabled, pricing will be set automatically. Otherwise, install a **Defender for Cloud solution** on the workspace.
      Adjust the Windows security events configuration to store the desired amount of raw event data1.
    2. Azure Arc Integration: When connecting your machines using Azure Arc, ensure that the Log Analytics agent is installed on your Linux-based Azure Arc machines. This step allows you to benefit from the full range of protections offered by Defender for Cloud2.
    3. Updated Strategy: As part of the Defender for Cloud updated strategy, the Azure Monitor Agent will no longer be required for the Defender for Servers offering. However, it remains necessary for Defender for SQL Server on machines. Be aware of this adjustment in the autoprovisioning process for both agents3.

    Best regards,

    0 comments