Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected

Description:

This setting enables Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud.

Rationale:

WDATP integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, detect and respond to advanced attacks on Windows server endpoints monitored by Microsoft Defender for Cloud.
Windows Defender ATP in Microsoft Defender for Cloud supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription.

WDATP works only with Standard Tier subscriptions.

WDATP works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.

From Azure Console

1. Go to 'Microsoft Defender for Cloud'
2. Select 'Environment Settings' blade
3. Select 'Security policy' blade
4. Click On 'Edit Settings' to alter the security policy for a subscription
5. Select the 'Integrations' blade
6. Check/Enable option 'Allow Microsoft Defender for Endpoint to access my data'
7. Select 'Save'

Using Azure Command Line Interface 2.0
Use the below command to enable Standard pricing tier for Storage Accounts

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/settings/WDATP?api-version=2021-06-01 -d@"input.json"'

Where input.json contains the Request body json data as mentioned below.

{
"id": "/subscriptions//providers/Microsoft.Security/settings/WDATP",
"kind": "DataExportSettings",
"type": "Microsoft.Security/settings",
"properties": {
"enabled": true
}
}
.