AzureFeeds

2. Overview of Defender for Servers

Microsoft Defender for Servers is a plan within Microsoft Defender for Cloud that provides advanced threat protection for Windows and Linux servers, whether they are hosted in Azure, on-premises, or in other cloud environments. It includes capabilities such as endpoint detection and response (EDR), vulnerability assessment, file integrity monitoring, and adaptive application controls. Defender for Servers integrates with Microsoft Defender for Endpoint to provide unified security management and threat detection.

For more information on Defender for servers visit documentation at the link below.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-servers-plan

3. Onboarding On-Premises Servers via Azure Arc

To onboard on-premises servers to Defender for Servers, Azure Arc is used to project non-Azure machines into Azure. This enables the application of Azure policies, monitoring, and security configurations. The onboarding process involves:
– Installing the Azure Connected Machine Agent on the server
– Registering the server with Azure Arc
– Enabling Defender for Servers in Microsoft Defender for Cloud
– Ensuring the server is reporting and compliant with security policies.

For more information on connecting on-premises servers to Azure Arc visit documentation in the link below.

Connect hybrid machines to Azure using a deployment script – Azure Arc | Microsoft Learn

4. Script Purpose and Details

This PowerShell script is designed to help infrastructure administrators verify the health of the HIMDS service (used by Microsoft Defender for Endpoint) and the connectivity status of the Azure Connected Machine Agent (Azure Arc) on multiple servers. It is especially useful in scenarios where administrators do not have access to the Azure portal but need to ensure that servers are properly onboarded and connected.

Key functions of the script include:

• – Reading a list of computer names from a CSV file


• – Checking the status of the HIMDS service on each machine


• – Running the ‘azcmagent show’ command remotely to verify Azure Arc connectivity


• – Logging and displaying the results with color-coded output

5. PowerShell Script

# Path to the CSV file
$csvPath = “C:PathTocomputers.csv”

# Import computer names from CSV
$computers = Import-Csv -Path $csvPath | Select-Object -ExpandProperty ComputerName

# Array to store connected machines
$connectedMachines = @()

foreach ($computer in $computers) {
    Write-Host “Checking $computer…” -ForegroundColor Cyan

    try {
        # Check HIMDS service
        $himdsService = Get-Service -ComputerName $computer -Name “himds” -ErrorAction Stop
        $himdsStatus = $himdsService.Status

        # Run azcmagent show remotely and parse output
        $azcmOutput = Invoke-Command -ComputerName $computer -ScriptBlock {
            try {
                $output = azcmagent show | Out-String
                return $output
            } catch {
                Write-Error “Failed to run azcmagent: $_”
                return $null
            }
        }

        if ($azcmOutput -ne $null) {
            $statusLine = $azcmOutput -split “`n” | Where-Object { $_ -match “Agent Statuss*:s*Connected” }

            if ($statusLine) {
                Write-Host “[$computer] HIMDS Service: $himdsStatus, Azure Arc Status: Connected” -ForegroundColor Green
                $connectedMachines += $computer
            } else {
                Write-Host “[$computer] HIMDS Service: $himdsStatus, Azure Arc Status: Not Connected” -ForegroundColor Yellow
            }
        } else {
            Write-Host “[$computer] HIMDS Service: $himdsStatus, Azure Arc Status: Unknown (command failed)” -ForegroundColor Red
        }
    }
    catch {
        Write-Host “[$computer] Error: $_” -ForegroundColor Red
    }
}

# Output connected machines
Write-Host “`nConnected Machines:” -ForegroundColor Cyan
$connectedMachines | ForEach-Object { Write-Host $_ -ForegroundColor Green }

6. How It Simplifies Administrative Tasks

This script streamlines the process of verifying Azure Arc connectivity across multiple servers. Instead of manually logging into each server and running individual checks, administrators can execute this script to:
– Quickly identify which machines are connected to Azure Arc
– Detect issues with the HIMDS service
– Generate a list of healthy and connected machines
– Save time and reduce the risk of human error