Do I Need Antivirus on Azure Stack HCI?

Datacenter networking servers

As Azure Stack HCI becomes more common in datacenters and at the network edge, I would like to highlight some frequently asked questions I have encountered during the last few months about software and Azure Stack HCI antivirus.

Does Microsoft support third-party software on Azure Stack HCI?

In general, you can say “Microsoft does not support any 3rd party software” on Azure Stack HCI. But that’s common, as a vendor, Microsoft cannot support applications developed by another company.

Microsoft only supports their own product, which is in the case of Azure Stack HCI for example:

Every other third party must be supported by the software vendor and they need to support the software on the platform, i.e. Azure Stack HCI. Microsoft Partners like Datadog and Veeam support their products on Azure Stack HCI.

Not every partner is listed by Microsoft, in fact it’s rarely documented who supports a platform. So, your research normally should start with your third-party software vendor. Most of them are very open which platforms they support, like Altaro and Dell, who are not shy to state they support Azure Stack HCI.

For other partners, you may need to search more or contact a technical representative.

Azure Stack HCI antivirus: Do I need additional antivirus solutions for Azure Stack HCI? And which ones are supported?

As already explained, Microsoft does not support or recommend any third-party antivirus solutions. They can harm your system.

Here is an example from Sophos:

Sophos statement on support for Azure Stack HCI antivirus
Figure 1- Sophos statement on support for Azure Stack HCI antivirus (Image Source: Sophos)

As Microsoft Defender for Endpoint is one of the top antivirus solutions, it is also an important factor to take into consideration when thinking about Azure Stack HCI. Windows Defender is a system integrated service, it knows if a system is a regular “regular Windows Server” or if it is running virtualization like with Azure Stack HCI and Windows Server Hyper-V. It then adjusts its protection parameters according to the server use.

Third-party antivirus applications often need to be adjusted or you must configure exclusions to run your workload normally, prevent bringing down your virtual machines (VMs), or to ensure there is no unexpected behavior. 

Even if you are using third-party antivirus protection that is supported by the vendor on Azure Stack HCI and Hyper-V, you will still face one important issue and security vulnerability.

The exclusion you need to configure to run third-party antivirus solutions are often targeted by malware and used as entry points to your environment. So, most antivirus security experts compare antivirus solutions to digital snake oil and no longer as a complete security solution.

Software vendor responsibility

Even if you expect Microsoft to support third-party software on Azure Stack HCI, it is not Microsoft who needs to support the software. It is the software vendor’s responsibility to support the operating system platform. And not only for a Microsoft operating system, that includes other operating systems like MacOS and Linux.

Always speak to the software vendor to determine whether they support the platform where you want to run their software.