Hi All.
Thanks for joining me again in a new blog post. In the previous ones we covered how to integrate Defender for Cloud with different Azure resources. In this post we are going to take look at what it takes to have our on prem server protected with Defender for Cloud.
To enable our on prem server we need one extra Azure component to extent our management surface from Azure to the on prem environment and that is Azure Arc.
Also take a look at all the supported operations from Azure Arc here: Azure Arc-enabled servers Overview - Azure Arc | Microsoft Docs
For this setup I have a basic site to site VPN setup with a Server 2019 running in the cloud and on prem. This to mimic the most common hybride scenario's.
More information for site to site VPN, and DNS forwarders that are needed to handle the DNS request for the private endpoint from our on prem VM can be found here.
Azure Private Endpoint DNS configuration | Microsoft Docs
If you don't have this in place, don't worry, you can still use Azure Arc with a public endpoint.
First lets create the Azure Arc Private Link Scope, we are going to need this in the next steps.
The private link scope enables u to make the connection between on prem Arc enabled resources and Azure Resources like Log Analytics Workspace, KeyVaults, Automation accounts etc.
Microsoft docs can be found here: Use Azure Private Link to securely connect servers to Azure Arc - Azure Arc | Microsoft Docs
Now lets create the private endpoint it self for Azure Arc
Now our on prem network can connect directly to Azure Arc in our subscription, its time we are going to enable the on prem VM to Azure Arc.
On the left hand side under Infrastructure you will the different types of infra we can add and the possibility to add servers on larger scale.
We are going to add just one server based on script.
Before you we can download the script, we have to provide some information, note that you can select the connectivity type how your VM should connect to Azure Arc.
Once downloaded we have the run the powershell script on our on prem VM.
This script will provide you with a link and a device code to sign in to in your browser, after this to add the vm, you also have to provide global admin credentials.
Here we go, a VM live in Azure Arc, part 1 completed
Part 2, lets make sure our Azure Arc machines are enrolled in Defender for Cloud.
First we have to make sure Auto Provisioning is enabled for Azure Arc.
And our Log analytics workspace is upgraded for the solutions
Now get some coffee, and lets see if our Arc Enabled on prem VM is reporting to Defender for Cloud
That's good looking if i can say so, not only our Azure Resources but also the On Prem VM is protected with Defender for Cloud!
Be sure to check in after a while, the recommendations will fill up over the time span of some hours.
Thanks for reading my blog on how to connect your on prem server to Defender for Cloud. If you want to protect more resources with Defender for Cloud, please check my other blogs.
