1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure VM and Container Security

Configuring and Monitoring Antimalmare for VMs

Start course

This course focuses on implementing security controls, maintaining the security posture of an Azure environment, and protecting data, applications, and networks, showing you how to configure security for your containers and virtual machines.

The content of this course is ideally suited to those looking to become certified Azure security engineers.

For any feedback, queries, or suggestions relating to this course, please contact us at support@cloudacademy.com.

Learning Objectives

  • Understand how to configure VM security including VM endpoints and system updates
  • Configure baselines
  • Understand key Azure networking components
  • Configure AKS security
  • Obtain a basic understanding of Azure Container Registry and how to create registries in Azure
  • Manage vulnerabilities in Azure

Intended Audience

This course is intended for people who want to become Microsoft certified Azure security engineers, or those who are tasked with implementing security controls, maintaining the security posture of an Azure environment, or protecting data, applications, and networks.


To get the most from this course, you should have a moderate understanding of Microsoft Azure and of basic security principles.


In this demonstration, I'm going to show you how to enable and configure Microsoft Antimalware while provisioning a new VM in the Azure portal.

On the screen here, you can see I'm in the Azure portal. So what I'm going to do is deploy a new VM. Now, we're not gonna do step by step on VM deployment because I'm going to assume you know how to do that already. I just want to show you where you'd go to deploy the Microsoft Antimalware during this process.

So what we're going to do is select virtual machines here. And then we're going to click add to deploy a new VM. And what we'll do here is we'll just select one of my test resource groups here. And we'll give our new VM a name, not doing anything specific here. And we'll leave our region and information here at their defaults. We will select our Windows Server OS image here, since we are installing the Microsoft Antimalware. And we'll specify a username here. Okay, and we'll leave everything else here at its default.

We'll move on to disks. Again, we'll leave everything at its default. What we're going to do is get over here into advanced. So we'll click through networking. We'll leave our default network interface information set here. We'll go into management. Again, we'll leave everything at the default here. I'm not trying to show you how to configure management of a VM. And then we'll go into advanced. Now, under advanced here, under extensions, what we do is click the select an extension to install link. And what this is going to do is allow us to select an extension we want to install. And over here on the right, we can see Microsoft Antimalware as an option. We'll select that, and then we'll click create.

Now, in the installation configuration screen here, we can exclude certain files and locations. We can exclude different extensions and even processes for Antimalware. And then we can enable or disable real-time protection, or we can configure it to run a scheduled scan. The scan type here allows us to specify whether we want to do a quick scan or a full scan. And then, of course, we can specify the day and the scan time. I'll leave these options at their defaults. We'll click OK. And then from here, what we would do is go back down to the bottom of the page for our VM creation. We would review and create. And then what we would do is create the VM. When this VM is deployed, it's going to be deployed with Microsoft Antimalware installed. And that's pretty much it. It's not real difficult to get Microsoft Antimalware installed, but I wanted to show you that process and where you needed to go to install that extension.


Introduction - Configuring Endpoint Security within VMs - Configuring Virtual Machine Security - Hardening Virtual Machines - Configuring System Updates for Virtual Machines - Starting a Runbook from the Azure Portal - Configuring Baselines - Azure Networking - Configuring Authentication - Container Isolation - AKS Security - Azure Container Registry - Creating a Container Registry - Implementing Vulnerability Management - Conclusion



About the Author
Thomas Mitchell
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.