Prerequisites Check
Implementation Effort: Medium
Security and IT teams must validate environment readiness, permissions, and onboarding methods across Azure, AWS, GCP, and on-premises before enabling Defender for Servers.
User Impact: Low
Prerequisite checks are performed by administrators and security teams; end users are not directly involved.
Overview
Before deploying Defender for Servers in Microsoft Defender for Cloud, organizations must complete several prerequisite checks to ensure a successful and secure rollout. These checks help validate that the environment, permissions, and infrastructure are ready for onboarding and protection.
Key Prerequisites
- Azure Subscription: Required to enable Defender for Cloud. A free subscription can be created if needed.
- Defender for Cloud Enabled: Must be active in the subscription where Defender for Servers will be deployed.
- Permissions: Ensure the user has the necessary roles (e.g., Security Admin, Contributor) to enable plans and onboard resources.
- Plan Selection: Choose between Plan 1 and Plan 2 based on security needs. Plan 2 includes advanced features like file integrity monitoring and just-in-time access.
- Deployment Scope: Decide whether to enable at the subscription or resource level. Plan 1 can be enabled at the resource level; Plan 2 must be enabled at the subscription level.
- Onboarding Non-Azure Machines:
- AWS/GCP: Connect accounts/projects to Defender for Cloud. Machines are onboarded as Azure Arc-enabled VMs.
- On-premises: Use Azure Arc for full functionality. Direct Defender for Endpoint agent installation only supports Plan 1.
- Data Ingestion: Plan 2 includes 500 MB/day of free data ingestion for specific data types.
- Integration Consent: Enabling Defender for Servers grants access to Defender for Endpoint data (vulnerabilities, alerts, software inventory).
Failing to complete these checks can result in incomplete protection, onboarding errors, or limited feature availability. This step supports the "Verify Explicitly" principle of Zero Trust by ensuring all systems and identities are validated before protection is applied.