Azure Defender Getting Linux Server Protection Capability

Azure Defender will be able to protect Linux servers via a capability at the preview stage arriving on June 14, Microsoft announced on Thursday.

Last month, Microsoft had announced support in its Microsoft Defender for Endpoint security solution for protecting Linux devices and conducting post-breach analyses. Azure Defender, though, is a different product. Azure Defender is actually gaining the ability to protect Linux servers because it is integrated with Microsoft Defender for Endpoint, Microsoft explained in its announcement.

Linux Server Support
The following Linux server distros will be supported by the coming preview for Azure Defender, per this Microsoft document:

  • Red Hat Enterprise Linux 7.2 or higher
  • CentOS 7.2 or higher
  • Ubuntu 16.04 LTS or higher LTS
  • Debian 9 or higher
  • SUSE Linux Enterprise Server 12 or higher
  • Oracle Linux 7.2 or higher

Organizations will be able to protect Linux servers hosted in virtual machines on Azure datacenters, but they'll also be able to protect Linux servers in their own datacenters. They'll have that option because Azure Defender works with so-called "hybrid" environments (the use of cloud services plus on-premises servers).

Azure Defender protection on non-Azure servers, though, is just supported through the use of the Azure Arc agent, a FAQ in Microsoft's announcement clarified. Microsoft defines Azure Arc as its "multi-cloud and on-premises management platform," per this overview document. It's not clear from the announcement and related documents if Azure Arc product licensing is required just to use the Azure Arc agent.

IT pros won't need to install anything to use the preview of Linux Server support if they use both Azure Defender and Microsoft Defender for Endpoint, according to the FAQ. In such cases, the preview "will automatically deploy."

Product Definitions
Azure Defender essentially is the new name for the Azure Security Center's Standard tier product offering, according to an explanation by Sonia Cuff in this 2020 Microsoft announcement. Azure Defender offers a dashboard view for managing "different workload types" within Azure Security Center. It shows stats on coverage and protection, plus security alerts.

There's a distinction between Azure Defender and Microsoft 365 Defender, which are two separate products. Microsoft 365 Defender is used to protect e-mail, client endpoints, identity and apps, while Azure Defender is used to protect server endpoints, containers, networks, managed apps and SQL Server.

To add to the confusion, Microsoft last year announced a product rebranding change for all of its enterprise security products, stamping them with the "Microsoft Defender" label. Essentially, Microsoft Defender is the basic brand, and it has two product branches: Azure Defender and Microsoft 365 Defender.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube