Microsoft Defender for Cloud

Microsoft Defender for Cloud features an integration with the Rapid7 Insight Agent. Configure this integration to make use of the following benefits:

  • Automate the mass deployment of the Insight Agent across all your Azure virtual machines
  • Assess the risk of these virtual machines with InsightVM
  • View resulting assessment data from both Microsoft Defender for Cloud and your InsightVM dashboards

Before You Start

First, ensure that you meet the system requirements for the Insight Agent. Next, have the following resources open and available:

  • Your Dashboard screen in InsightVM
  • Your Microsoft Azure portal

Download the Configuration Package and Copy the Public Key in InsightVM

The configuration package contains the necessary Insight Agent configuration files and certificates required for deployment:

  1. On the Dashboard screen of InsightVM, browse to (or add) either of the following cards:
    • “Assets with Agents by Operating System”
    • “Number of Assets with an Agent”
  2. Once added, click Manage Agents on the card you’ve chosen.
  3. In the upper-right corner of the card’s expanded view, click the Download Agent button.
  4. Browse to the “Deploy Insight Agent from Microsoft Azure” section and click the Get Package button.

The azure-config.zip file downloads to your system.

IMPORTANT

Do not extract the azure-config.zip file. You will upload this file in ZIP form later.

  1. From this same screen, click Get the Public Key.
  2. The “Microsoft Defender for Cloud Encoded Public Key” window displays. Copy the key at this time.

What is the public key used for?

The public key generated here allows Azure to encrypt the data transmitted to InsightVM.

Configure a New Vulnerability Assessment Solution in Microsoft Defender for Cloud

Use the package and public key saved previously to complete the security solution configuration in Azure:

  1. In your Azure portal, click Microsoft Defender for Cloud on the left navigation menu.
  2. Browse the additional menu items under “Microsoft Defender for Cloud Overview” and click Recommendations under “Resource Security Hygiene”.

Microsoft Defender for Cloud Overview screenshot

  1. In your listed recommendations, click Add a vulnerability assessment solution.
  2. Specify which of your existing virtual machines will have the solution installed. Click Install on # VMs when ready.
  1. On the “Add a Vulnerability Assessment” window, click Create New.
  2. Select Rapid7 as the solution partner. A vulnerability management configuration page displays.
  1. Under “Resource group”, select Use existing. Specify the resource group from the dropdown list.
  2. Under “Location”, specify your InsightVM region.
  3. Under “Rapid7 Configuration File”, upload the azure-config.zip file you downloaded previously.
  4. Under “Public key”, paste the key value you copied from InsightVM.
  5. Specify “Auto deploy” as either On or Off.

TIP

If you choose to enable auto deployment, Microsoft Defender for Cloud will automatically deploy the Insight Agent to any newly discovered virtual machines that are not yet protected.

  1. Click OK when finished.

Your newly configured vulnerability assessment solution will now be installed on your target virtual machines, followed by data collection and assessment.

View Assessment Data

In addition to your InsightVM dashboards, you can now view resulting vulnerability assessment data in Microsoft Defender for Cloud:

  1. In your Azure portal, click Security Center on the left navigation menu.
  2. Browse to the additional menu items under “Overview”. Click Recommendations under “Resource Security Hygiene”. You will be alerted to new vulnerabilities detected by the Rapid7 solution that are affecting your virtual machines.
  3. Click Remediate Vulnerabilities - by a Vulnerability Assessment solution. A new window displays containing individual vulnerabilities organized by their severity.

Severity categorization

Although the terminology is different, Microsoft Defender for Cloud follows the same vulnerability risk metrics as InsightVM.

  1. Click any of the listed vulnerability records to see additional details, remediation solutions, and affected virtual machines.

Support

If you need assistance setting up the Microsoft Defender for Cloud integration, visit our Support Portal or reach us via our Contact page.