Determine Multicloud Dependencies
Implementation Effort: Medium
Security and IT teams must onboard AWS and GCP environments, configure connectors, and choose the right Defender for Servers plan and deployment method (agent-based or agentless).
User Impact: Low
Multicloud dependency setup is handled by administrators and security teams; end users are not directly involved.
Overview
When planning to protect server workloads across Azure, AWS, and GCP, it's essential to understand the multicloud dependencies required by Microsoft Defender for Servers. This process ensures that all workloads are properly onboarded and protected using the right tools and configurations.
Key components include:
- Cloud Security Posture Management (CSPM): Automatically enabled for AWS and GCP once connectors are onboarded. It provides agentless posture assessments and compliance reporting.
- Cloud Workload Protection Platform (CWPP): Requires enabling Defender for Servers to protect EC2 and GCE instances. This can be done using:
- Microsoft Defender for Endpoint (MDE) integration
- Agentless scanning
- Azure Arc agent for hybrid/on-premises workloads
As of August 2024, the Log Analytics agent (MMA) and Azure Monitor Agent (AMA) are being phased out. Defender for Servers will rely on MDE and agentless methods going forward 1.
Failing to identify and configure these dependencies can result in incomplete protection, missed threat detections, and compliance gaps. This capability supports the "Assume Breach" principle of Zero Trust by ensuring all server workloads across clouds are continuously monitored and secured.