Get Started

Cloud Capabilities

Collectors

Automation

Cloud Configuration Assessment

Sites

Scan Engines

Scan Templates

Scan Credentials

Scan Assistant

Alerts and Schedule

Dynamic Discovery

Other Scanning Resources

Assess

Act

Report

SQL Query Export

Tune

Users and Authentication

Integrations

Resources

Release Notes

Support

End-of-life Announcements

Microsoft Defender for Cloud

Microsoft Defender for Cloud features an integration with the Rapid7 Insight Agent. Configure this integration to make use of the following benefits:

Automate the mass deployment of the Insight Agent across all your Azure virtual machines
Assess the risk of these virtual machines with InsightVM
View resulting assessment data from both Microsoft Defender for Cloud and your InsightVM dashboards

Before You Start

First, ensure that you meet the system requirements for the Insight Agent. Next, have the following resources open and available:

Your Dashboard screen in InsightVM
Your Microsoft Azure portal

Download the Configuration Package and Copy the Public Key in InsightVM

The configuration package contains the necessary Insight Agent configuration files and certificates required for deployment:

On the Dashboard screen of InsightVM, browse to (or add) either of the following cards:
- “Assets with Agents by Operating System”
- “Number of Assets with an Agent”
Once added, click Manage Agents on the card you’ve chosen.
In the upper-right corner of the card’s expanded view, click the Download Agent button.
Browse to the “Deploy Insight Agent from Microsoft Azure” section and click the Get Package button.

The azure-config.zip file downloads to your system.

IMPORTANT

Do not extract the azure-config.zip file. You will upload this file in ZIP form later.

From this same screen, click Get the Public Key.
The “Microsoft Defender for Cloud Encoded Public Key” window displays. Copy the key at this time.

What is the public key used for?

The public key generated here allows Azure to encrypt the data transmitted to InsightVM.

Configure a New Vulnerability Assessment Solution in Microsoft Defender for Cloud

Use the package and public key saved previously to complete the security solution configuration in Azure.

To configure Microsoft Defender for Cloud:

Refer to Microsoft's Defender for Cloud documentation for instructions: https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-byol-vm
Complete the Rapid7-specific fields with this information:
- Location - Specify the InsightVM geographic region.
- Rapid7 Configuration File - Upload the azure-config.zip file that you downloaded previously.
- Public key - Paste the key value that you copied from InsightVM.

View Assessment Data

In addition to your InsightVM dashboards, you can now view resulting vulnerability assessment data in Microsoft Defender for Cloud:

In your Azure portal, click Security Center on the left navigation menu.
Browse to the additional menu items under “Overview”. Click Recommendations under “Resource Security Hygiene”. You will be alerted to new vulnerabilities detected by the Rapid7 solution that are affecting your virtual machines.
Click Remediate Vulnerabilities - by a Vulnerability Assessment solution. A new window displays containing individual vulnerabilities organized by their severity.

Severity categorization

Although the terminology is different, Microsoft Defender for Cloud follows the same vulnerability risk metrics as InsightVM.

Click any of the listed vulnerability records to see additional details, remediation solutions, and affected virtual machines.

Support

If you need assistance setting up the Microsoft Defender for Cloud integration, visit our Support Portal or reach us via our Contact page.

Did this page help you?

Integrations

AWS Security Hub

Integrations

Integrate InsightVM with ServiceNow Security Operations