| Plugin Title | Monitor Endpoint Protection |
| Cloud | AZURE |
| Category | Defender |
| Description | Ensures Endpoint Protection monitoring is enabled in Microsoft Defender. |
| More Info | When this setting is enabled, Microsoft Defender for Cloud audits the Endpoint Protection setting for all virtual machines for malware protection. |
| AZURE Link | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
| Recommended Action | Enable Adaptive Application Controls for Endpoint Protection from the Microsoft Defender by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud".
- Scroll down the left navigation panel and select "Environment Settings" under "Management".
- On the "Microsoft Defender for Cloud | Environment settings" page, under the "Name" column, select the "Subscription Name" that needs to be verified by clicking on its Name.
- On the "Settings" page, Defender Plans. Select the "Settings & Monitoring" Tab on the top.
- On the "Settings | Defender plans" page, Navigate to the "Guest Configuration agent" plan.
- Enable the "Guest Configuration agent" by toggling its Status to "On".
- On the "Settings & Monitoring" Page, click on the "Continue" Button at the top.
- On the "Settings | Defender plans" Page, click on the "Save" Button at the top.
- Repeat steps 3 - 9 to ensure "Endpoint Protection Monitoring" is configured from Microsoft Defender for Cloud.
