To protect on-premises computers using Microsoft Defender for Cloud, you must first connect those machines to Azure so that Defender for Cloud can assess their security posture, collect telemetry, and provide threat protection. According to Microsoft’s Defender for Cloud documentation, on-premises and non-Azure machines can be onboarded using the Log Analytics agent (also called the Microsoft Monitoring Agent - MMA). This agent enables the machine to communicate with a Log Analytics workspace, which Defender for Cloud uses to store and analyze security data.
When you enable Defender for Cloud on an Azure subscription, it automatically protects Azure resources. However, to extend protection to on-premises or other-cloud environments, you must manually install the Log Analytics agent on each server or via automation. The agent sends the required telemetry (such as security events, performance counters, and configuration data) to Defender for Cloud. Once data begins flowing, Defender for Cloud evaluates it against its threat intelligence and security recommendations to detect vulnerabilities and threats.
Other options are not applicable:
A. Hybrid Runbook Worker is used for Azure Automation, not Defender for Cloud onboarding.
B. Connected Machine agent (Azure Arc agent) connects machines to Azure for governance and management, but Defender for Cloud specifically relies on the Log Analytics agent (or Azure Monitor agent in newer implementations).
D. Dependency agent is used for map visualizations in Service Map, not for Defender for Cloud protection.
Thus, the verified answer is C. Install the Log Analytics agent.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit