Exam SC-200 topic 2 question 45 discussion

To onboard an Amazon Elastic Compute Cloud (EC2) instance to Microsoft Defender for Cloud, you should install the Azure Connected Machine agent on the instance. Therefore, the correct answer is B.

Azure Connected Machine agent is the first step to onboard any non-azure device to azure. The ACM agent can be used to deploy LA agent & other extensions. Ref: https://learn.microsoft.com/en-us/training/modules/connect-non-azure-machines-to-azure-defender/3-connect-non-azure-machines Ref: https://learn.microsoft.com/en-us/training/modules/connect-non-azure-machines-to-azure-defender/4-connect-aws-accounts

Just to throw more confusion into this question you can also connect non-Azure machines to Defender for Cloud directly using the Defender for Endpoint Agent which offers a single unified solution. Sounds like answer C to anyone else? https://learn.microsoft.com/en-us/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint D is definitely not correct, but I think there is an argument for A, B and C. I agree B is probably the most obvious answer, but who knows what's in the head of the Microsoft Examiners!!

Selected Answer: A (after installing Arc to onboard the vm from another cloud or on-premise) you should install the Log Analytics agent( to be replaced with Azure Monitoring Agent this year, id recommend install AMA for obvious reason but to answer this question, the answer should be A)

Outdated but B

To onboard AWS EC2 you would need the B. the Azure connected Machine agent.

Incorrect, option B, he Azure Connected Machine agent is used to connect and manage non-Azure machines (in this case, the EC2 instance) with Microsoft Defender for Cloud. It allows you to monitor and protect non-Azure resources in your environment.

Well... if the question would have mentioned ARC anywhere, I would have totally agreed with B: Connected Machine agent https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm#install-the-agent-using-the-script BUT... there is an option without ARC and as the question is neutral about the onboarding flavor, it makes the answer to be A: Log Analytics in my opinion. https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines#connect-on-premises-machines-by-using-the-azure-portal

The answer corret is letter ---> C Microsoft Defender for Endpoint integrates seamlessly with Microsoft Defender for Servers. You can onboard servers automatically, have servers monitored by Microsoft Defender for Cloud appear in Defender for Endpoint, and conduct detailed investigations as a Microsoft Defender for Cloud customer. For more information please go to Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide

https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-overview The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.

A & D are the same thing, C is out of context, while Azure Connected Machine agent = Azure Arc "We recommend that you use the auto-provisioning process to install Azure Arc on all of your existing and future EC2 instances. To enable the Azure Arc auto-provisioning, you need Owner permission on the relevant Azure subscription." Source: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws

ARC it up

You're going to need defender for servers which needs ARC. So choice B makes the most sense. Also A and D are the same thing, and yes they are "legacy". The log analytics agent has been called OMS (the code came from it) and also the Microsoft Monitoring agent. This is different than the Azure monitor agent, which has a whole new code base and features. Link for choosing B: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws#defender-for-servers Hope this helps.

Answer is B Please check the video below at 04:15 As you can see, server is already onboarded using Azure Arc agent and there is a recommendation to also install Log Analytics agent. So FIRST you need to install Arc agent https://www.youtube.com/watch?v=uogTZe6p7nc

Answer is D, you should install MMA on EC2

The answer is D. Log analytics agent is legacy. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-migration

Forgot to vote :)