[Reference:, To meet the requirement “Receive alerts if an Azure virtual machine is under brute force attack,” you should enable Azure Defender (now Microsoft Defender for Cloud plans for Servers). Defender continuously collects and analyzes security telemetry from your VMs (RDP/SSH sign-in attempts, process and network signals, and OS logs) and raises security alerts for patterns that indicate attacks such as RDP/SSH brute force. These alerts include rich context (attacked host, source IPs, timeframe, and recommended remediation) and natively integrate with Microsoft Sentinel, allowing incidents, automation rules, and playbooks to be triggered with minimal administration., While Just-in-Time (JIT) VM access is an important hardening control—also provided through Defender for Cloud—it primarily reduces exposure by closing management ports and opening them only on request; it does not itself generate analytics-based brute-force alerts. Azure Firewall and Azure Application Gateway are perimeter controls (L3–L7 filtering and web application firewall, respectively) and do not provide host-level brute-force detection on VM sign-ins., Therefore, the solution that directly satisfies the technical requirement to detect and alert on brute-force activity against Azure VMs—and integrates seamlessly with Sentinel for rapid remediation—is Azure Defender (Microsoft Defender for Cloud)., Reference: Microsoft Defender for Cloud documentation on VM threat protection and brute-force (RDP/SSH) detection and alerting, and integration with Microsoft Sentinel for incident creation and response., ]