dranreb on Tue, 19 Jun 2018 23:52:57

I see the below info for Azure Security Center and would like to get more details on if the standard offering provides that capability for instances within a cloud service? Will Azure alert us if a malicious service is installed on one of our instances?


MohitGarg_MSFT on Wed, 20 Jun 2018 22:56:43


Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. 

Azure Security Center monitors the status of antimalware protection and reports this under the Endpoint protection issues blade. Security Center highlights issues, such as detected threats and insufficient protection, which can make your virtual machines (VMs) and computers vulnerable to antimalware threats. By using the information under Endpoint protection issues, you can identify a plan to address any issues identified.

Security Center collects data from your Azure VMs and non-Azure computers to monitor for security vulnerabilities and threats. Data is collected using the Microsoft Monitoring Agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. By default, Security Center will create a new workspace for you.

This document helps you use Azure Security Center to manage and respond to security alerts. Refer to this document to check Azure Security Center detection capabilities.