Azure features and permissions

Connect your subscription to enable cloud security features and give Trend Vision One greater visibility and protection over your cloud assets.

Connecting your Azure subscription allows Trend Vision One apps and security features to access your cloud assets and gain greater visibility over assets and check for potential threats. Each feature and permission is described in the table below.

Feature

Description

Core Features and Cyber Risk Exposure Management

The core set of features and permissions required to connect your Azure subscription.

Core features enable you to connect your Azure subscription to Trend Vision One to discover your cloud assets and identify risks such as compliance and security best practice violations on your cloud infrastructure.

Note

Core features are required to connect your Azure subscription and cannot be disabled. If you need to disconnect your subscription, see Azure subscriptions.

The core features enable the following Trend Vision One apps and features to monitor your cloud environment:

Cyber Risk Exposure Management → Attack Surface Discovery → Cloud Assets

For more information, see Cloud assets.
Cyber Risk Exposure Management → Attack Surface Discovery → APIs

For more information, see APIs.
Cyber Risk Exposure Management → Cloud Risk Management

For more information, see Cloud Security Posture.
Endpoint Security → Server & Workload Protection

You can view and manage your Azure virtual machines in Server & Workload Protection like any other computer. These instances are tree structures and are treated as computer groups.

For more information, see Computers.

Note

Your Azure assets appear in the Endpoint Inventory list. Assets without the endpoint agent installed appear as unmanaged endpoints.

Agentless Vulnerability & Threat Detection

Deploy Agentless Vulnerability & Threat Protection in your Azure subscription to discover vulnerabilities and malware in your Azure Virtual Machines, disks, and Azure Container Registry images.

Agentless Vulnerability & Threat Protection is automatically enabled across all available regions by default. To customize this setting:

Click the Deployment list to view all available regions.
Uncheck the box next to any region where you want to disable Agentless Vulnerability & Threat Protection.
Leave the boxes checked for regions where you want to maintain protection.

Microsoft Defender for Endpoint Log Collection

Deploy Microsoft Defender for Endpoint Log Collection in your environment to gain actionable insight into endpoint activities. Microsoft Defender for Endpoint Log Collection detects behaviors such as malware execution, suspicious file modifications, lateral movement attempts, and unauthorized access to sensitive data.

Microsoft Defender for Endpoint Log Collection requires that you do the following:

Select or create a log repository for the data collected from Microsoft Defender. For more information, see Log repositories.
Configure Microsoft Defender to export events to Trend Vision One.

For full instructions for setting up Microsoft Defender for Endpoint Log Collection, see Enable Microsoft Defender for Endpoint Log Collection.