The solution is built on the same antimalware platform as Microsoft Security Essentials [MSE], MicrosoftForefront Endpoint Protection, Microsoft System Center Endpoint Protection and Windows Defender for Windows 8.0 and higher. Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. You can deploy protection based on the needs of your application workloads, with either basic secure-by-default or advanced custom configuration, including antimalware monitoring. When you deploy and enable Microsoft Antimalware for Azure for your applications, the following core
features are available:
Real-time protection – monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution.
Scheduled scanning – periodically performs targeted scanning to detect malware, including actively running programs.
Malware remediation – automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries.
Signature updates – automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.
Antimalware Engine updates – automatically updates the Microsoft Antimalware engine.
Antimalware Platform updates – automatically updates the Microsoft Antimalware platform.
Active protection – reports telemetry metadata about detected threats and suspicious resources to Microsoft Azure to ensure rapid response to the evolving threat landscape, as well as enabling real-time synchronous signature delivery through the Microsoft Active Protection System (MAPS).
Samples reporting – provides and reports samples to the Microsoft Antimalware service to help refine the service and enable troubleshooting.
Exclusions – allows application and service administrators to configure certain files, processes, and drives to exclude them from protection and scanning for performance and/or other reasons.
Antimalware event collection – records the antimalware service health, suspicious activities, and remediation actions taken in the operating system event log and collects them into the customer’s Azure Storage account.
Microsoft Antimalware in Azure workflow – enable, configure, and monitor
How to enable and configure Microsoft Antimalware for Azure virtual machines?
There are multiple ways to do this, in this section I’m will let you know how to enable it using Azure management portal while provisioning a virtual machine.
-
logon to Azure management portal at https://manage.windowsazure.com
-
To create a new virtual machine, click New, Compute, Virtual Machine, From Gallery, as shown below.
- Select the Microsoft Windows Server image on the choose an image page.
- Click the right arrow and input the Virtual Machine configuration.
- Check the Microsoft Antimalware checkbox under Security Extensions on the Virtual Machine configuration page.
- Click the Submit button to enable and configure Microsoft Antimalware for Azure Virtual Machines with the default configuration settings.