Exam SC-200 topic 2 question 29 discussion

Wrong answer. it should be A. A machine with Azure Arc-enabled servers becomes an Azure resource and - when you've installed the Log Analytics agent on it - appears in Defender for Cloud with recommendations like your other Azure resources.

The question has few traps. 1. You have Linux machines on AWS. (don't specify if already onboarded) 2. You deploy a solution (Azure defender and enable auto provisioning) This doesn't mean any interaction with the previous Linux Machines. HERE: YOU NEED TO MONITOR THOSE VM WITH AZURE DEFENDER. meaning first we need to do the first step to monitor them, and that first step is not install the Log analytics agent. First we should enable Azure Arc on them. So I think answer is no B

Direct Agent Installation: You can directly install the Azure Monitor Agent (or the older Log Analytics agent) on a Linux VM running in AWS. This agent is the core component that collects logs and metrics. It's configured to send this data to your Azure Monitor workspace. This setup works independently of Azure Arc. The agent simply needs network connectivity to Azure.

I would say A, and this is from chatgpt: zure Defender requires the Log Analytics agent to monitor virtual machines. If you manually install the Log Analytics agent on the AWS Linux virtual machines and configure it to connect to an Azure Monitor Log Analytics workspace, Azure Defender can collect and analyze data from these machines. Key Details: Azure Arc is not required: Azure Arc simplifies management by onboarding non-Azure VMs as Azure resources, but it is not mandatory for Azure Defender to monitor AWS VMs. Auto-provisioning: When auto-provisioning is enabled, Azure Defender attempts to automatically install the Log Analytics agent on supported Azure VMs or Arc-enabled servers. If Azure Arc is not used, manual installation of the Log Analytics agent is a valid alternative.

OK so few things: 1. When auto-provisiong worked it worked with MMA agent (Log Analytcis Agent) which is not reliant on Azure Arc. Azure Arc works with AMA & could potentialy be auto-provisioned when ARC was installed (for instance by policy) which is current approach. Note there is also Multicloud connectors in preview on Azure Arc dashboard. 2. According to this link & checkup there is no auto-provisioning anymore therfore this question is outdated & broken. https://learn.microsoft.com/en-us/azure/defender-for-cloud/prepare-deprecation-log-analytics-mma-agent?WT.mc_id=Portal-Microsoft_Azure_Security#log-analytics-agent-autoprovisioning-experience---deprecation-plan

https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-data-collection-agents

B. No Enabling auto-provisioning for Azure Defender means that the required monitoring agents, including the Log Analytics agent, will be automatically installed on the virtual machines. Therefore, there is no need to manually install the Log Analytics agent if auto-provisioning is enabled. The correct answer is "B. No."

Correct

Guys, I am now on MS Defender for Cloud (Getting started) and there is one option here called "Add non-Azure servers" with the following description: "Use the Log Analytics agent to extend Microsoft Defender for Cloud capabilities to servers running outside of Azure, including resources running on-premises and in other clouds." What are some of the MS Defender for Cloud extended capabilities? 1. Secure cloud application 2. Improve your security posture 3. Protect cloud workloads Please check also what the Log Analytics agent/extension is capable of, search on the web. "Azure Monitor Logs provides monitoring, alerting, and alert remediation capabilities across cloud and on-premises assets. [..] The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace." So even if it will be deprecated at some point in 2024, it is still a valid solution in the present.

No es necesario instalar Log Analytics para monitorear, con Azure Arc es suficiente, respuesta B es la correcta.

B is correct .. Explanation form ChatGPT No, manually installing the Log Analytics agent on the virtual machines is not the correct solution for monitoring the virtual machines using Azure Defender after enabling auto-provisioning. When Azure Defender is enabled with auto-provisioning, it automatically deploys the necessary monitoring agents on the virtual machines. In this case, since you have deployed Linux virtual machines on AWS, you would need to configure the Azure Defender for servers (Linux) solution to monitor these virtual machines. Once enabled, Azure Defender for servers (Linux) will automatically deploy the necessary monitoring agents on the virtual machines without the need for manual installation.

B is correct. In order to monitor Linux virtual machines on AWS with Azure Defender, you need to install the Log Analytics agent manually on the virtual machines.

These are non-Azure, AWS PCs. You need to link the AWS environment using Azure Arc first.

B is Correct. The full correct answer should be "You enable Azure Arc to onboard the virtual machines to Azure Arc, then you enable auto-provisioning to install the Log Analytics agent on the virtual machines automatically."

https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-portal There is a manual process for adding VMs

https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-loganalytic