Given Azure Cloud Services (Classic, not Extended Support) using Family 6 (Windows 2019). Windows Defender is enabled and scanning files.
How can the logs and scan results be surfaced to the Azure Portal, ideally Security Centre / Monitor.
“The Microsoft Antimalware Client and Service is installed by default in a disabled state in all supported Azure guest operating system families in the Cloud Services platform.” https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware#architecture
Defender is enabled, but the client and extensions are not. https://docs.microsoft.com/en-us/archive/blogs/azuresecurity/update-to-azure-antimalware-extension-for-cloud-services
Note, enabling Antimalware within the Portal for the CS roles doesn’t appear to help.
Do we need to install Microsoft Monitoring Agent / Log Analytics? https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#log-analytics-agent
Answer
The log analytics agent is required to be installed for a VM to send data to security centre. See here.
Attribution
Source : Link , Question Author : Michael Blake , Answer Author : Sam Cogan