Microsoft Defender for Cloud Gets New Agentless Malware Scanning Capabilities for VMs

Security

Key Takeaways:

  • Microsoft Defender for Cloud has added support for agentless malware scanning for servers hosting virtual machines, extending vulnerability assessment coverage without the need for a dedicated assessment agent.
  • The new capability works seamlessly across virtual machines hosted on AWS, Azure, and GCP.
  • The agentless malware scanning capability is enabled by default for organizations with Microsoft Defender for Servers Plan 2 subscriptions.

Microsoft Defender for Cloud has introduced support for agentless malware scanning for servers hosting virtual machines. The new feature is designed to help organizations assess software vulnerabilities on VMs without requiring the installation of Defender for Endpoint.

Microsoft Defender for Cloud already supports various agent-based vulnerability assessment solutions, such as Qualys, BYOL, and Microsoft Defender Vulnerability Management (MDVM). Agent-based vulnerability scanning is a technique that allows users to install an agent on the target machine. The agent collects data about the machine and sends it the scanning tool for further analysis.

How does agentless malware scanning work?

Agentless scanning extends the vulnerability assessment coverage to server workloads. It uses the Microsoft Defender Vulnerability Management engine to analyze security flaws in the software installed on their virtual machines. For example, organizations may have misconfigurations and security issues in older or new virtual machine setups.

“While traditional Endpoint Detection & Response security agent (EDR) offers unparalleled depth in threat prevention, detection and response, agentless scanning for cloud VMs stands out as a flexible, lightweight option, particularly effective for rapid deployment in new environments, temporary workloads, or for providing initial security coverage before EDR deployment,” Microsoft explained.

Microsoft Defender for Cloud Gets New Agentless Malware Scanning Capabilities for VMs
Defender for Cloud’s agentless scanning platform

Microsoft’s new agentless malware scanning capability works across virtual machines hosted on AWS, Azure, and GCP environments. The feature uses the Microsoft Defender Antivirus service to detect malware on vulnerable virtual machines.

The new agentless malware scanning feature is currently enabled by default for organizations with Microsoft Defender for Servers Plan 2 subscriptions. However, existing customers will be able to activate it by following the steps mentioned on this support page.