Ensure that Microsoft Defender for Endpoint integration with Azure Security Center is enabled to allow the Defender for Endpoint service to access your data in order to help prevent, detect, investigate, and respond to advanced security threats.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
To enable Azure Security Center (ASC) to integrate with other Azure security services such as Microsoft Defender for Endpoint, you must allow those services to access your data. The Microsoft Defender for Endpoint – Security Center integration brings comprehensive Endpoint Detection and Response (EDR) capabilities to Security Center. This integration helps to spot abnormalities, detect, and respond to advanced attacks on VM server endpoints monitored by Azure Security Center. Once the integration is active, Microsoft Defenders for Endpoint's sensors collect a vast array of behavioral signals from your Azure virtual machines. When the security service identifies attacker tools, techniques, and procedures, begins to generate alerts, which are highlighted in the Security Center portal.
To determine if the Microsoft Defender for Endpoint service is allowed to access your data, perform the following actions:
Remediation / Resolution
To enable the Microsoft Defender for Endpoint – Azure Security Center integration, perform the following actions:
- Azure Official Documentation
- Protect your endpoints with Security Center's integrated EDR solution: Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint
- Settings - List
- Settings - Update
- ES-1: Use Endpoint Detection and Response (EDR)
- ES-2: Use centrally managed modern anti-malware software
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Microsoft Defender for Endpoint Integration with Security Center
Risk level: Medium