question

LindaRenateAndersen-6085 avatar image
0 Votes"
LindaRenateAndersen-6085 asked JamesTran-MSFT commented

Azure Defender on Azure Batch nodes

Hi,

I've enabled Azure Defender on all subscriptions and all resource types on my tenant.

Can I expect this to cover the Azure batch nodes as well?

I've tested with help from advice here https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation and by doing the EICAR-file test, and Security Center is not flagging any alerts.


The node I am testing with has windows server 2019 datacenter.

Best regards.

azure-security-centerazure-batch
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT commented

@LindaRenateAndersen-6085
Thank you for your post!

I'm not an expert within Azure Batch, but since it creates and manages a pool of compute nodes (virtual machines), installs the applications you want to run, and schedules jobs to run on the nodes. These compute nodes (VMs), won't be protected by Azure Defender, unless you install the vulnerability scanner to each VM.


Additional Links:
What are the benefits of Azure Defender for servers?
What resource types can Azure Defender secure?
Feature coverage for Azure PaaS services



If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LindaRenateAndersen-6085
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·

Hi,

Thank you for your response!

I thought the vulnerability scanner were include in Azure Defender for Servers, or am I reading the documentation wrong?

0 Votes 0 ·
JamesTran-MSFT avatar image JamesTran-MSFT LindaRenateAndersen-6085 ·

Thank you for the follow up on this and I apologize for the delayed response!

Based off our documentation, it looks like you have to Deploy the integrated scanner to your Azure and hybrid machines as an extension. However, I did find documentation for our Feature coverage for Azure PaaS services, and it looks like an Azure Batch account, isn't supported for Azure Defender. For more info - What resource types can Azure Defender secure?


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·