Skytap on Azure with Microsoft 365 Defender for Endpoint extends cloud-native monitoring and management tools to your legacy Skytap on Azure x86-64 (64-bit) virtual machines
As a former Microsoft contract Security Engineer, I can appreciate how anyone managing infrastructure is constantly thinking about ways to ensure it is secure, and as an IT Pro, I can also appreciate that you want that solution to be simple to implement, as well as easy to maintain.
80% of all migrated Power Applications have either an x86-64 (64-bit) infrastructure component that must run in the same environment and these workloads had to migrate along with the application – Many of these x86-64 (64-bit) workloads are Legacy x86-64 Windows or Linux machines. These workloads are typically things Azure doesn’t support or have templates for anymore, as many of them are End of Life (EOL) for support – When this is the case one of the ways to extend support and protect these Skytap on Azure-hosted x86-64 (64 bit) workloads is via Microsoft 365 Defender for Endpoint and the M365 Defender Security Center.
Since we’re talking about Power – it’s important to note upfront that currently PPC64LE based Distros\Repositories are not supported, but there are many x86-64 (64-bit) virtual machines that are part of an organization’s migration, and enabling these machines is a great step forward in enhancing your security posture for these legacy workloads.
Skytap on Azure x86-64 (64-bit) virtual machines enabled with Microsoft 365 Defender for Endpoint help stitch together the threat signals from your legacy systems, as well as the threat signals from the rest of your organization that the suite of M365 Defender products receive to determine the full scope and impact of a given threat including how it entered the environment, what it has affected, and how it’s currently impacting your organization. This ensures that your organization’s security posture is monitored holistically through a single pane of glass, making it easy to see security events across all assets.
You can protect Skytap on Azure x86-64 (64-bit) Windows and Linux virtual machines with Microsoft Defender for Endpoint by installing the M365 Defender for Endpoint agent on your x86-64 (64 Bit) devices within your Skytap environments – although it’s worth noting that to enable this service, you’ll need either an active Microsoft Defender for Business, Microsoft 365 Business Premium, or M356 E5 License as well as an active Azure subscription.
Installation is quick and easy with options including PowerShell or Bash scripts, Group Policies, and ARM templates.
These agents send data to the M365 Defender Security Center where it correlates this data into events giving you contextual threat detection of any alerts and incidents, making it a detailed vulnerability management tool. You can review the status of any alert on your Skytap on Azure x86-64 (64-bit) virtual machine and get detailed information on these alerts by clicking on them. You can also see how an alert has affected the entire organization, including what users and machines were involved.
Microsoft 365 Defender presents the alerts and remediation suggestions from the threats detected, or you can allow Microsoft 365 Defender to take automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
The M365 Defender for Endpoint device page is enriched with Threat & Vulnerability Management (TVM) data, supplying full vulnerability context for the machine entity – security recommendations, software vulnerabilities, software inventory, missing security updates (KBs), and overall exposure level.
This enrichment serves your SecOps team, as well as end users, who can now easily see any gaps in a device’s defences while investigating an alert and gaining insights into possible weaknesses the attacker exploited.
You can review the security recommendations for your Skytap on Azure x86-64 (64-bit) virtual machine which lists all TVM security recommendations related to your device, including the number of vulnerabilities affecting the device and the Common Vulnerabilities and Exposures (CVE) addressed by following the provided recommendations.
Microsoft 365 Defender for Endpoint software inventory lists all software products identified on your Skytap on Azure x86-64 (64-bit) Windows and Linux virtual machines, including vulnerability-related information. By selecting an application, you can get more information about that application, including the number of devices the app is installed on and any devices exposed due to a software patch missing.
The Discovered vulnerabilities tool provides you with all the known vulnerabilities (CVEs) discovered on a given device. You can get details on the vulnerability, including its severity, when the vulnerability was introduced, and when it was first detected in your environment, and you can even get security recommendations on how to resolve the vulnerability.
Skytap on Azure with Microsoft 365 Defender for Endpoint extends cloud-native monitoring and management tools to your legacy Skytap on Azure x86-64 (64-bit) virtual machines as if they were Azure native devices, strengthening your organization’s overall security posture, and providing you with a single pane of glass for your entire x86-64 (64bit) virtual estate. You can learn more about Microsoft 365 Defender for Endpoint here.
Skytap team members that contributed to this blog:
Matthew Romero – Technical Product Marketing Manager at Skytap
Kim Claditis – Vice President of Global Marketing at Skytap
Michael Neil – Vice President, Technical Field Operations at Skytap