For those who were not too sure about moving into the cloud thinking that your VMs won’t be protected from security threats do not need to worry about with Microsoft Cloud. During TechEd Europe 2014 Microsoft has introduced Microsoft Antimalware, a cloud based security solution for your Azure tenants.
Microsoft Antimalware uses the same engine behind Microsoft Security Essentials and Forefront EndPoint Protection & Windows Defender. Some say that these not so great products but guess what? I’ve seen a POC where it caught 99% of security threats in a customer environment that was designed for security testing where all the other vendors were not able to get that far.
It’s actually a Security-as-a-Service products which will run real time and download all the heuristics and definitions directly from the cloud. And most importantly user interaction required is minimal in this as it would be running in background and intelligently protecting your workloads against security threats.
Lets see what is required to use Antimalware in Azure.
- Windows Server 2008 R2 or higher OS. Windows Server 2008 & Server Technical Preview is not yet supported.
- VM Agent – You can enable VM agent at the time on VM creation or enable it later.
- Latest Microsoft Azure PowerShell SDK Tools which contains the PowerShell cmdlets for Antimalware should be installed.
- Azure Storage account for antimalware event collection.
How it works
- By default this extension is installed in Cloud Services but has been disabled. You can enable it using PowerShell. Please refer here for complete reference of PowerShell cmdlets for Antimalware.
- For VMs you can install this via Azure Portal as below or use the PowerShell cmdlets.
- Use Visual Studio Server Explorer for Azure for installing in VMs
- Antimalware service management APIs- both VMs & Cloud services.
So remember to use Microsoft Antimalware for Azure workloads from now on if you are not too sure about the security that Microsoft has in place already.