Released not long ago was a set of new Microsoft Defender for Endpoint Policies within Azure Policy called [Preview]: Deploy Microsoft Defender for Endpoint agent.
These new policies are designed to deploy Microsoft Defender for Endpoint across your Azure fleet as an alternative method compared to the traditional "Microsoft Defender for Cloud" Big go button.
Some solid advantages when using these new policies that you could keep in mind.
More granular deployment using Azure Policy Exclusions
No more big bang approach when deploying MDE.Windows / MDE.Linux Extension
Another deployment approach if you are using Azure Arc / Virtual Machines
Some Disadvantages of these
They are in preview, still, some bugs to work out.
Not all versions of Windows or Linux behave nicely with this.
Watch out for the Audit.d rules if you are running any as there will be conflicts (I definitely experienced some)
Extensions can be troublesome at times.
Azure Policy and Microsoft 365 Defender Portal sometimes have inconsistent versions of MDE
Check out the latest information below for this.
In the coming weeks ill create a walkthrough of how to deploy this step by step
留言