You have a Microsoft Sentinel deployment and 100 Azure Arc-enabled on-premises servers. All the Azure Arc-enabled resources are in the same resource group.
You need to onboard the servers to Microsoft Sentinel. The solution must minimize administrative effort.
What should you use to onboard the servers to Microsoft Sentinel?
Click on the arrows to vote for the correct answer
A. B. C. D.B
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-policies-mmaThe correct answer for this question is C. Azure virtual machine extensions.
To onboard the Azure Arc-enabled on-premises servers to Microsoft Sentinel, you can use the Azure Arc agent and the Azure virtual machine extension. The Azure virtual machine extension simplifies the deployment of the agent by automating the installation and registration process. It also enables you to centrally manage the deployment of the agent across multiple servers.
To use the Azure virtual machine extension to onboard the servers to Microsoft Sentinel, follow these steps:
Open the Azure portal and navigate to the resource group that contains the Azure Arc-enabled servers.
Select the first server that you want to onboard to Microsoft Sentinel.
In the server's blade, select the "Extensions" tab.
Click on the "+ Add" button to add a new extension.
In the "Add extension" blade, search for "Azure Sentinel".
Select the "Microsoft Monitoring Agent" extension for Azure Sentinel.
Click on the "Create" button to deploy the extension to the server.
Repeat steps 2-7 for each server that you want to onboard to Microsoft Sentinel.
Once you have deployed the Azure virtual machine extension to all the servers, the Azure Arc agent will be automatically installed and registered with Microsoft Sentinel. You can then start monitoring the servers and analyzing the security data in Microsoft Sentinel.
Option A, Azure Automation, is incorrect as it is not a recommended method for onboarding servers to Microsoft Sentinel. Azure Automation is a service that provides process automation and configuration management for your Azure resources, but it is not designed for onboarding servers to Microsoft Sentinel.
Option B, Azure Policy, is also incorrect as it is not a recommended method for onboarding servers to Microsoft Sentinel. Azure Policy is a service that allows you to create and enforce policies for your Azure resources, but it is not designed for onboarding servers to Microsoft Sentinel.
Option D, Microsoft Defender for Cloud, is incorrect as it is a separate security solution that provides advanced threat protection for your cloud workloads. While it can integrate with Microsoft Sentinel to provide additional security insights, it is not used for onboarding servers to Microsoft Sentinel.