-
Notifications
You must be signed in to change notification settings - Fork 21.1k
/
how-to-transition-to-built-in.yml
169 lines (147 loc) · 7.77 KB
/
how-to-transition-to-built-in.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
### YamlMime:HowTo
metadata:
title: Transition to Microsoft Defender Vulnerability Management for servers
description: Learn how to transition to the Microsoft Defender Vulnerability Management solution in Microsoft Defender for Cloud
ms.date: 01/09/2024
ms.service: defender-for-cloud
ms.topic: how-to
ms.custom:
- ge-structured-content-pilot
title: |
Transition to Microsoft Defender Vulnerability Management for servers
introduction: |
With the Defender for Servers plan in Microsoft Defender for Cloud, you can scan compute assets for vulnerabilities. If you're currently using a vulnerability assessment solution other than the Microsoft Defender Vulnerability Management vulnerability assessment solution, this article provides instructions on transitioning to the integrated Defender Vulnerability Management solution.
To transition to the integrated Defender Vulnerability Management solution, you can use the Azure portal, use an Azure policy definition (for Azure VMs), or use REST APIs.
- [Transition with Azure policy for Azure VMs](#transition-with-azure-policy-for-azure-vms)
- [Transition with Defender for Cloud's portal](#transition-with-defender-for-clouds-portal)
- [Transition with REST API](#transition-with-rest-api)
prerequisites:
summary: |
For prerequisites and other requirements, see [Support for the Defender for Servers plan](support-matrix-defender-for-servers.md).
procedureSection:
- title: |
Transition with Azure policy for Azure VMs
summary: |
Follow these steps:
steps:
- |
Sign in to the [Azure portal](https://portal.azure.com/).
- |
Navigate to **Policy** > **Definitions**.
- |
Search for `Setup subscriptions to transition to an alternative vulnerability assessment solution`.
- |
Select **Assign**.
- |
Select a scope and enter an assignment name.
- |
Select **Review + create**.
- |
Review the information you entered and select **Create**.
This policy ensures that all Virtual Machines (VM) within a selected subscription are safeguarded with the built-in Defender Vulnerability Management solution.
Once you complete the transition to the Defender Vulnerability Management solution, you need to [Remove the old vulnerability assessment solution](#remove-the-old-vulnerability-assessment-solution)
- title: |
Transition with Defender for Cloud's portal
summary: |
In the Defender for Cloud portal, you have the ability to change the vulnerability assessment solution to the built-in Defender Vulnerability Management solution.
steps:
- |
Sign in to the [Azure portal](https://portal.azure.com/).
- |
Navigate to **Microsoft Defender for Cloud** > **Environment settings**
- |
Select the relevant subscription.
- |
Locate the Defender for Servers plan and select **Settings**.
:::image type="content" source="media/how-to-migrate-to-built-in/settings-server.png" alt-text="Screenshot of the Defender for Cloud plan page that shows where to locate and select the settings button under the servers plan." lightbox="media/how-to-migrate-to-built-in/settings-server.png":::
- |
Toggle `Vulnerability assessment for machines` to **On**.
If `Vulnerability assessment for machines` was already set to on, select **Edit configuration**
:::image type="content" source="media/how-to-migrate-to-built-in/edit-configuration.png" alt-text="Screenshot of the servers plan that shows where the edit configuration button is located." lightbox="media/how-to-migrate-to-built-in/edit-configuration.png":::
- |
Select **Microsoft Defender Vulnerability Management**.
- |
Select **Apply**.
- |
Ensure that `Endpoint protection` or `Agentless scanning for machines` are toggled to **On**.
:::image type="content" source="media/how-to-migrate-to-built-in/two-to-one.png" alt-text="Screenshot that shows where to turn on endpoint protection and agentless scanning for machines is located." lightbox="media/how-to-migrate-to-built-in/two-to-one.png":::
- |
Select **Continue**.
- |
Select **Save**.
Once you complete the transition to the Defender Vulnerability Management solution, you need to [Remove the old vulnerability assessment solution](#remove-the-old-vulnerability-assessment-solution)
- title: |
Transition with REST API
summary: |
### REST API for Azure VMs
Using this REST API, you can easily migrate your subscription, at scale, from any vulnerability assessment solution to the Defender Vulnerability Management solution.
`PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/serverVulnerabilityAssessmentsSettings/AzureServersSetting?api-version=2022-01-01-preview`
code: |
```json
{
"kind": "AzureServersSetting",
"properties": {
"selectedProvider": "MdeTvm"
}
}
```
Once you complete the transition to the Defender Vulnerability Management solution, you need to [remove the old vulnerability assessment solution](#remove-the-old-vulnerability-assessment-solution).
### REST API for multicloud VMs
Using this REST API, you can easily migrate your subscription, at scale, from any vulnerability assessment solution to the Defender Vulnerability Management solution.
`PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Security/securityconnectors/{connectorName}?api-version=2022-08-01-preview`
```json
{
"properties": {
"hierarchyIdentifier": "{GcpProjectNumber}",
"environmentName": "GCP",
"offerings": [
{
"offeringType": "CspmMonitorGcp",
"nativeCloudConnection": {
"workloadIdentityProviderId": "{cspm}",
"serviceAccountEmailAddress": "{emailAddressRemainsAsIs}"
}
},
{
"offeringType": "DefenderCspmGcp"
},
{
"offeringType": "DefenderForServersGcp",
"defenderForServers": {
"workloadIdentityProviderId": "{defender-for-servers}",
"serviceAccountEmailAddress": "{emailAddressRemainsAsIs}"
},
"arcAutoProvisioning": {
"enabled": true,
"configuration": {}
},
"mdeAutoProvisioning": {
"enabled": true,
"configuration": {}
},
"vaAutoProvisioning": {
"enabled": true,
"configuration": {
"type": "TVM"
}
},
"subPlan": "{P1/P2}"
}
],
"environmentData": {
"environmentType": "GcpProject",
"projectDetails": {
"projectId": "{GcpProjectId}",
"projectNumber": "{GcpProjectNumber}",
"workloadIdentityPoolId": "{identityPoolIdRemainsTheSame}"
}
}
},
"location": "{connectorRegion}"
}
```
## Remove the old vulnerability assessment solution
After migrating to the built-in Defender Vulnerability Management solution in Defender for Cloud, offboard each VM from their old vulnerability assessment solution. To delete the VM extension, you can use the [Remove-AzVMExtension PowerShell cmdlet](/powershell/module/az.compute/remove-azvmextension) or a [REST API Delete request](/rest/api/compute/virtual-machine-extensions/delete?tabs=HTTP).
nextStep:
text: Common questions about vulnerability scanning questions
url: faq-scanner-detection.yml