Defending AVD with Microsoft Defender
Protect your session hosts with Defender for Cloud security posture management, configure antivirus with FSLogix-specific exclusions, and onboard endpoints to Defender for Endpoint for advanced threat detection.
Why AVD needs special Defender attention
Think of Defender like the health and safety team at a hotel.
Your session host VMs are like hotel rooms. Guests check in, use the room, and leave. The safety team has three jobs:
- Defender for Cloud β The safety inspector who walks through the building, checks fire exits, and gives you a score on how safe the hotel is. They recommend improvements but do not fix things themselves.
- Defender Antivirus β The cleaner who scrubs every room after guests leave. But you have to tell them NOT to scrub certain locked drawers (FSLogix profile containers) or they will slow everything down.
- Defender for Endpoint β The undercover security guard who watches for suspicious behaviour: someone picking locks, sneaking into staff areas, or copying the guest register.
Defender for Cloud and AVD
What Defender for Cloud does for AVD
Defender for Cloud is a Cloud Security Posture Management (CSPM) tool that continuously assesses your AVD infrastructure and provides recommendations.
Key capabilities for AVD:
- Secure Score β a percentage rating of your security posture across all Azure resources including AVD
- Security recommendations β specific actions like βEnable disk encryption on session hostsβ or βInstall endpoint protectionβ
- Regulatory compliance β track compliance against standards like ISO 27001, NIST, CIS
- Alert correlation β links alerts from session hosts to broader attack chains
Defender for Servers plans
For AVD session hosts, the relevant Defender plan is Defender for Servers.
| Feature | Defender for Servers Plan 1 | Defender for Servers Plan 2 |
|---|---|---|
| Defender for Endpoint integration | Yes | Yes |
| Vulnerability assessment | No | Yes (built-in Qualys or MDVM) |
| Just-in-time VM access | No | Yes |
| File integrity monitoring | No | Yes |
| Adaptive application controls | No | Yes |
| Network hardening recommendations | No | Yes |
| Pricing | Lower | Higher |
| Best for | Basic endpoint protection | Full server security |
ποΈ JC at the Federal Department uses Plan 2: βDirector Walsh requires vulnerability assessment and file integrity monitoring for compliance audits. We need to prove that no unauthorised files changed on session hosts between image deployments. Plan 2 is mandatory for our accreditation.β
π§ Mia at Horizons Health uses Plan 1: βWe need endpoint protection on our clinical session hosts but our budget is tight. Plan 1 gives us Defender for Endpoint integration, which covers our HIPAA requirements for malware protection.β
Exam tip: Defender for Servers vs Defender for Endpoint
These are NOT the same thing. Defender for Servers is a Defender for Cloud plan that protects Azure VMs (including session hosts). Defender for Endpoint is the agent-based endpoint detection and response (EDR) solution that runs on the VM. Plan 1 includes Defender for Endpoint. Plan 2 adds vulnerability assessment, JIT access, and file integrity monitoring. Know which features belong to which plan.
Defender Antivirus on session hosts
The FSLogix exclusion problem
This is one of the most important AVD security topics for the exam and real life. Defender Antivirus will cripple your session hosts if you do not configure FSLogix exclusions.
Why? FSLogix profile containers are VHD/VHDX files that are mounted and unmounted constantly as users sign in and out. Without exclusions, the antivirus scans these large files on every mount, causing:
- Login times increasing from seconds to minutes
- High CPU usage on session hosts during peak sign-in hours
- Profile attachment failures (file locked by antivirus scan)
Required FSLogix exclusions
These exclusions are mandatory for any AVD deployment using FSLogix:
File exclusions:
| Path | Purpose |
|---|---|
| %ProgramFiles%\FSLogix\Apps\frxdrv.sys | FSLogix driver |
| %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys | FSLogix driver |
| %ProgramFiles%\FSLogix\Apps\frxccd.sys | FSLogix Cloud Cache driver |
| %TEMP%*.VHD | Temporary profile VHD files |
| %TEMP%*.VHDX | Temporary profile VHDX files |
| %Windir%\TEMP*.VHD | System temp VHD files |
| %Windir%\TEMP*.VHDX | System temp VHDX files |
Folder exclusions (profile container share paths):
| Path | Purpose |
|---|---|
| The UNC path to your profile share (e.g. \\storage\profiles) | Profile container VHDs |
| The UNC path to your ODFC share (e.g. \\storage\odfc) | Office Data File Cache containers |
Process exclusions:
| Process | Purpose |
|---|---|
| %ProgramFiles%\FSLogix\Apps\frxccd.exe | Cloud Cache process |
| %ProgramFiles%\FSLogix\Apps\frxccds.exe | Cloud Cache service |
| %ProgramFiles%\FSLogix\Apps\frxsvc.exe | FSLogix service |
π§ Mia learned this the hard way: βOn our first pilot, nurses were waiting 4 minutes to log in during the 7 AM shift change. Twelve nurses hitting the same two session hosts, all mounting profiles simultaneously, and Defender scanning every VHD. After adding the FSLogix exclusions, login dropped to 15 seconds.β
Deep dive: Cloud Cache exclusions
If you are using FSLogix Cloud Cache (for profile replication across storage providers), you need additional exclusions for the Cloud Cache temp files. Cloud Cache writes temporary copies of the VHD locally before syncing. These temp files are in %ProgramData%\FSLogix\Cache and %ProgramData%\FSLogix\Proxy. Both paths must be excluded.
Cloud Cache also uses a local cache directory that can grow large β antivirus scanning this directory causes write contention and can corrupt the cache. This is a real-world issue that also appears in exam scenarios.
Real-time protection considerations
For multi-session hosts, real-time protection should remain enabled β but it must be configured with the exclusions above. Disabling real-time protection is not recommended, even for performance.
Additional recommendations for multi-session:
- Scheduled scans β run during off-hours (e.g. 2 AM), not during business hours
- Scan type β use Quick Scan for daily scans, Full Scan weekly during maintenance windows
- CPU throttle β set
ScanAvgCPULoadFactorto limit CPU usage during scans (default is 50 percent)
Defender for Endpoint on session hosts
Onboarding methods
Defender for Endpoint (MDE) must be onboarded on each session host. For non-persistent (pooled) environments, use the VDI onboarding scripts that run at VM startup or first boot β do NOT bake the onboarding into the golden image, as this creates stale device entries in the MDE portal.
| Onboarding Method | Best For | How It Works |
|---|---|---|
| Microsoft Intune | Entra ID joined or hybrid joined hosts managed by Intune | Intune deploys the MDE agent via device configuration profile |
| Group Policy | AD DS joined hosts in traditional environments | GPO deploys the onboarding package to the OU containing session hosts |
| VDI non-persistent onboarding script | Pooled hosts rebuilt frequently | Script runs at VM startup/first boot, registers a fresh device entry each time |
| Microsoft Endpoint Configuration Manager | Organisations using MECM/SCCM | Deploy onboarding package as an application or task sequence step |
Important: Do NOT bake MDE onboarding into the golden image for pooled/non-persistent hosts. This creates duplicate or stale device entries in the MDE portal because every VM deployed from that image registers with the same device identity. Use the VDI non-persistent onboarding scripts instead β they run at each VM startup and create clean device entries.
ποΈ JC onboards via Group Policy: βOur 3,000 session hosts are all AD DS joined. GPO deploys the MDE onboarding package to the AVD Session Hosts OU. For new pooled hosts, the VDI non-persistent onboarding script runs at startup β we never bake MDE into the image.β
π§ Mia onboards via Intune: βOur clinical session hosts are hybrid Entra joined and Intune-managed. Intune pushes the MDE sensor automatically. When we rebuild pooled hosts from a new image, they auto-enrol in Intune and get MDE within minutes.β
Scanning strategy for multi-session
| Scan Type | Frequency | When to Run | Notes |
|---|---|---|---|
| Quick Scan | Daily | During low-usage hours (early morning) | Scans common malware locations, fast |
| Full Scan | Weekly | Maintenance window (e.g. Saturday night) | Scans all files and running processes |
| Custom Scan | As needed | After incident or image update | Target specific folders or drives |
Performance tip: On multi-session hosts with 10+ concurrent users, a full scan during business hours can cause noticeable lag for all users. Always schedule scans outside peak hours using Group Policy or Intune.
Exam tip: Onboarding pooled vs personal hosts
For pooled hosts that are rebuilt frequently, use the VDI non-persistent onboarding scripts that run at VM startup or first boot. Do NOT bake MDE onboarding into the golden image β this creates stale or duplicate device entries in the MDE portal because every VM from that image shares the same device identity.
For personal hosts that persist, Intune or GPO-based onboarding works well because the host stays around long enough for the policy to apply and maintains a stable device identity.
Putting it all together
| Layer | Tool | What It Does for AVD |
|---|---|---|
| Posture management | Defender for Cloud | Scans infrastructure, gives secure score, compliance tracking |
| Server protection | Defender for Servers (Plan 1 or 2) | Adds vulnerability assessment, JIT, file integrity (Plan 2) |
| Antivirus | Defender Antivirus | Real-time protection with FSLogix exclusions |
| Endpoint detection | Defender for Endpoint | Threat detection, investigation, automated response |
Mia's clinical session hosts are experiencing 4-minute login times during the morning shift change. CPU spikes to 100 percent when multiple nurses sign in simultaneously. FSLogix profiles are stored on an Azure Files share. What is the most likely cause?
JC is deploying Defender for Endpoint on 500 pooled AVD session hosts that are rebuilt from a golden image every two weeks. New hosts take 30 minutes to appear in the MDE portal after deployment. How should JC fix this gap?
Which of the following paths should be EXCLUDED from Defender Antivirus scanning on AVD session hosts using FSLogix? (Choose two)
Next up: Network Security: NSGs, Firewall, Bastion β how to lock down session host networking with NSGs and Azure Firewall, and secure admin access with Bastion and JIT.