Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is enabled to allow the Defender for Endpoint security service to access your data in order to help prevent, detect, investigate, and respond to advanced security threats.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
To allow Microsoft Defender for Cloud to integrate with other cloud services such as Defender for Endpoint, you must allow those services to access your data. The Defender for Endpoint – Defender for Cloud integration brings comprehensive Endpoint Detection and Response (EDR) capabilities to Microsoft Defender for Cloud. This integration helps to spot abnormalities, detect, and respond to advanced attacks on VM server endpoints monitored by Defender for Cloud. Once the integration is active, Defender for Endpoint's sensors collect a vast array of behavioral signals from your Azure virtual machines. The security service begins to generate alerts when the built-in sensors identify attacker tools, techniques, and procedures.
Audit
To determine if the Microsoft Defender for Endpoint security service is allowed to access your data, perform the following actions:
Remediation / Resolution
To enable the Microsoft Defender for Endpoint – Microsoft Defender for Cloud integration, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Configure email notifications for security alerts
- Security Control V2: Incident Response
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token