Microsoft Antimalware for Azure Virtual Machines is a real-time protection capability that helps identify and remove viruses, spyware, and other malicious software, with configurable alerts when known malicious or unwanted software attempts to install itself or run on your system. The solution can be enabled and configured from the Azure Portal, Service Management REST API, and Microsoft Azure PowerShell SDK cmdlets.
To enable antimalware with the default configuration, click Create on the Add Extension blade without inputting any configuration setting values.
To enable antimalware with a custom configuration, input the supported values for the configuration settings provided on the Add Extension blade and click Create. Please refer to the tooltips provided with each configuration setting on the Add Extension blade to see the supported configuration values.
To enable antimalware event collection for a virtual machine, click any part of the Monitoring lens in the virtual machine blade, click Diagnostics command on Metric blade, select Status ON and check Windows Event system logs. The antimalware events are collected from the Windows Event system logs to your storage account. You can configure the storage account for your virtual machine to collect the antimalware events by selecting the appropriate storage account.