How do I protect Azure Government instances?

To protect Azure Government instances, you have a few options:

  • You can deploy Deep Security Manager using the Deep Security Manager (BYOL) VM that's listed inside Azure Government's Marketplace (see the image below). The deployment instructions for the Azure Government are the same as any other region.
  • You can install the Deep Security Manager on-premises software onto an Azure VM running inside Azure Government.

Protecting Azure Government instances using a manager in global Azure

Be aware that if your Deep Security Manager is outside of Azure Government, using it to manage computers in the Azure Government would break ITAR compliance.

You cannot use the Computers > Add > Add Account option in the Deep Security Manager console to add Azure Government instances to a manager in global Azure, and vice versa. This is because the manager can only communicate with Azure instances in its own cloud.

If your Deep Security Manager is located outside the Azure Government cloud, and you want to use it to protect instances in the Azure Government cloud, you will need to use the Deep Security legacy REST API, and supply the azureADLoginEndPoint and azureEntryPoint arguments. For details on using the API, see Create Cloud Account.