Description:

Microsoft Defender for Cloud can integrate with Microsoft Defender for Endpoint to provide advanced threat detection, endpoint protection, and vulnerability management for Azure and hybrid workloads. When integration is enabled, Defender for Cloud pushes its security recommendations, alerts, and telemetry to Defender for Endpoint, improving endpoint security posture and centralizing investigation workflows. Ensuring this integration is selected provides unified visibility and strengthens endpoint monitoring.


Rationale:

Enabling Defender for Endpoint integration ensures endpoints receive advanced behavioral sensors, automated investigation capabilities, and enhanced threat intelligence. Without integration, Defender for Cloud cannot forward threat data to Defender for Endpoint, reducing detection effectiveness and creating monitoring gaps across servers and virtual machines.


Impact:

Positive impacts include improved endpoint security, centralized monitoring, and expanded threat detection. Enabling integration may require appropriate licensing for Defender for Endpoint.


Default Value:

Integration is not enabled by default and must be manually configured.


Pre-Requisites:

  • Microsoft Defender for Endpoint Plan 1 or Plan 2 license

  • Required permissions: Security Admin or Owner, Ability to configure workload protection settings


Test Plan:

  1. Sign in to the Azure portal https://portal.azure.com

  2. Search for "Microsoft Defender for Cloud"

  3. Under the management section, click Environment Settings. 

  4. Select the subscription, click on Defender Plans 

  5. Click Settings & monitoring,

  6. Locate Endpoint protection

  7. Verify Endpoint protection is set to On

  8. If Endpoint protection is not set to On, follow the implementation steps

                       


Implementation Steps:

  1. Sign in to the Azure portal https://portal.azure.com

  2. Search for "Microsoft Defender for Cloud"

  3. Under the management section, select Environment Settings

  4. Select the subscription 

       

  1. Under the settings, click on Defender Plans

  2. Click Settings & monitoring

    

  1. Set Endpoint protection to On to enable Microsoft Defender for Endpoint integration

  1. Continue to save the configuration

Backout Plan:

  1. Sign in to the Azure Portal https://portal.azure.com

  2. Search for and open Microsoft Defender for Cloud

  3. Under the Management section, select Environment settings

  4. Select the relevant subscription

  5. Open Defender plans or the page showing Endpoint protection

  6. Set Endpoint protection to Off

  7. Save the changes


Reference: