Learn how to enable Microsoft Defender for Servers in Azure at both the subscription and virtual machine level. Discover the steps to secure your Azure environment using Microsoft’s built-in security features.
Table of Contents
Question
You have a management group named MG1 that contains an Azure subscription named Sub1. Sub1 contains the resources shown in the following table.
| Name | Description |
|---|---|
| RG1 | Resource group |
| VM1 | Virtual machine |
| VNet1 | Virtual network |
| Workspace1 | Log Analytics workspace |
You need to enable Microsoft Defender for Servers.
From the Azure portal, on which two resources can you enable Defender for Servers? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. RG1
B. Workspace1
C. Sub1
D. MG1
E. VNet1
F. VM1
Answer
C. Sub1
F. VM1
Explanation
To enable Microsoft Defender for Servers in Azure, you can do so at two different resource levels:
Subscription Level (C. Sub1):
- Navigate to the Azure portal and select the subscription (Sub1) where you want to enable Defender for Servers.
- Go to the “Security Center” or “Microsoft Defender for Cloud” blade.
- Click on the “Environment settings” or “Settings” option.
- Select the subscription (Sub1) and click on the “Defender plans” tab.
- Locate the “Servers” plan and set the toggle to “On” to enable Defender for Servers at the subscription level.
- This will enable Defender for Servers for all virtual machines within the subscription.
Virtual Machine Level (F. VM1):
- Open the Azure portal and navigate to the virtual machine (VM1) for which you want to enable Defender for Servers.
- Go to the “Security” or “Microsoft Defender for Cloud” blade within the virtual machine’s settings.
- Click on the “Defender plans” or “Security features” option.
- Locate the “Defender for Servers” plan and set the toggle to “On” to enable it specifically for the virtual machine (VM1).
- This allows you to selectively enable Defender for Servers on individual virtual machines within a subscription.
It’s important to note that enabling Defender for Servers at the subscription level (Sub1) will automatically enable it for all virtual machines within that subscription, including VM1. However, enabling it at the virtual machine level (VM1) gives you more granular control over which specific virtual machines have Defender for Servers enabled.
The other resources mentioned in the question, such as the resource group (RG1), virtual network (VNet1), and Log Analytics workspace (Workspace1), do not directly support enabling Defender for Servers. The protection is applied at the subscription and virtual machine levels.
By enabling Microsoft Defender for Servers, you enhance the security of your Azure environment by leveraging advanced threat protection, vulnerability assessments, and security recommendations provided by Microsoft’s security services.
Microsoft AZ-801 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-801 exam and earn Microsoft AZ-801 certification.