ESET PROTECT – Table of Contents

Microsoft Azure

ESET Cloud Workload Protection—Microsoft Azure, Amazon Web Services, Google Cloud Platform main features

Enables visibility and protection of cloud workloads by synchronizing virtual machines organized in resource groups.

Enables deployment of security protection to workloads, either manually or automatically, for newly created instances.

Provides endpoint-level security indicators from protected workloads, expanding visibility into threats across cloud environments.

Provides extended asset context in Incidents and supports response actions on protected machines.

Ingests more cloud indicators and telemetry, expanding visibility into cloud environment activity.

How to enable the integration

Prerequisites

Before setting up the integration, complete the following prerequisites:

arrow_down_businessVM-level requirements

Integration setup in ESET PROTECT Web Console

Important

See required permissions for Azure service.

Click Connect to go through the Connect Integration process:

1.General Setup—type Name, Domain name to identify the integration, and optionally type Description for your reference. Click Connect to redirect to your Microsoft account.

2.Sign in with a Microsoft account that satisfies the prerequisites. You will be asked to grant CWP's OAuth application the following permissions on behalf of your account:

OAuth scope

Purpose

https://management.azure.com/user_impersonation

Full access to Azure Resource Manager APIs required to create the resource group, custom RBAC role, and role assignments on your behalf.

Microsoft issues a short-lived access token to CWP's OAuth application. The token is used only during the automated setup and is discarded immediately afterward. Granting consent also creates CWP's Service Principal in your Entra ID tenant if it does not already exist.

3.Enable Access—select a method how to grant access to your Azure subscriptions: Temporary impersonation. Click Proceed to redirect to Microsoft to provide consent.

4.Connect Subscriptions—select the subscriptions you want CWP to protect:

Management subscription—the subscription where CWP will create its resource group and manage supporting resources.

Protected subscriptions—one or more subscriptions whose Activity Logs CWP will monitor and whose VMs can be protected. The management subscription can be included here or not.

Important

The onboarding wizard asks for subscriptions in two places. In the Connect Subscriptions step, you select the subscriptions ESET will be granted access to (the protected subscriptions). Later, in the Deploy Resources step, you select a single management subscription where CWP will create the dedicated resource group and supporting modules. The management subscription can be one of the protected subscriptions or a separate subscription.

5.Deploy Resources—select Azure subscription for which ESET can create a dedicated resource group with the necessary modules for management and operation. Click Continue.

6.Summary—review Integration Summary with your settings (Name, Domain name, Selected Subscriptions, ESET Resource Group Subscription) and click Finish.

7.arrow_down_business        After you click Finish, CWP automatically runs the following steps on your behalf using the obtained short-lived token:

8.Wait until the ESET Web Console shows the connector status as Active. When the integration onboarding fails, the status is shown as Failed.

Important

When an integration is finished (Status: Active), you can the see virtual machines synchronized in the Integration in Computers > Companies tree > selected organization (static group).

Deployment

System requirements and supported operating systems

You can deploy the ESET protection to virtual machines that meet the system requirements for the installation of the ESET security application:

ESET Server Security for Windows (Windows VMs)

ESET Server Security for Linux (Linux VMs)

Auto deployment

By default, auto-deployment is turned off. You can define how ESET Cloud Workload Protection behaves on virtual machines integrated from your connected cloud environments in the Configuration section.

If configured, every 15 minutes it is checked if there is an eligible virtual machine in the given group (target) to start deployment. If yes, the ESET Management Agent and then a security product will be installed on the virtual machine in a few minutes.

Audit log contains information about starting deployment.

Manual deployment

Select the computers on which you want to enable ESET security product. A subscription will be assigned automatically.

1.Go to Computers > select Company (static group) > list virtual machines.

2.Select the virtual machine > click the three dots icon_more_vertical button > select Platform modules > click Enable ESET security application for cloud.

3.Select Targets.

4.Select to agree to Legal documents and click Enable.