In the previous blog post of this series we looked at how to onboard your AWS environment.
This post details methods that can be used to onboard your on-premises environments into Defender for Cloud.
Log Analytics Workspace
In the second blog post of this series a dedicated log analytics workspace for the Defender for Cloud Environment was created. Log Analytics workspaces can be configured to receive telemetry from your on-premises servers.
In the Log Analytics workspace under Settings > Agents you have the option to download and install Windows or Linux agents for data collection on your on-premises servers,
To complete the agent install you will need,
- Workspace ID
- Workspace Key
Once installed, server telemetry will be assessed by Defender for Cloud and you will receive recommendations for your onboarded on-premises servers.
Detailed steps from Microsoft for installing the Log Analytics agent can be found here.
Azure Arc
Alternatively, you can add your on-premises servers to Azure Arc. Azure Arc enabled server can be managed through Azure and on-boarded to Defender for Cloud.
Navigate to Azure Arc > Infrastructure > Servers and select + Add
The servers you are provided options to onboard,
- A single sever
- Multiple Servers
- Servers from Update Manager
Generate the script for one that is most appropriate for your environment.
In this example we look at generating a script for on-boarding a single server.
The prerequisite page details information required to help you onboard your on-premises server into Azure arc,
On the resource details page complete the following sections,
- Subscription
- Resource group
- Region
- Operating System
- Connectivity method
- Automanage
If you enable automanage, select your configuration profile
- Azure best practice: Production
- Azure best practice: Dev / Test
In this example we enable automange with the profile for Azure Best practice: production selected
On the following page define and required tags,
When you are ready download and run the script on your on-premises server,
Once the server has been onboarded to Azure Arc the server can be on-boarded to Defender for Cloud. You can use the Defender for Cloud recommendations to install agents to servers running Azure Arc.
The next blog post in this series will look at recommendations provided by Defender for Cloud.