Getting started with Deep Security Manager VM for Azure Marketplace

This article describes how to start protecting your Azure virtual machines (VM) with Deep Security Manager VM for Azure Marketplace.

  1. Create a Deep Security Manager VM for Azure Marketplace .
  2. Add your Azure cloud account to Deep Security.
  3. Add the Deep Security extension to your Azure VM.

Create a Deep Security Manager VM for Azure Marketplace

  1. Log in to your Azure portal and click the Marketplace blade.
  2. Click the Security + Identity blade and search for "Deep Security".
  3. In the search results, click the Deep Security solution you want to use.
    Deep Security Manager (BYOL)Bring-Your-Own-License (BYOL) is for customers who have already obtained a license to use Deep Security from another source. If you are using this type of license, you will need to enter the license or activation code in Deep Security Manager after it is installed.
    Deep Security ManagerDeep Security Manager enables customers to pay based on the size of the Azure virtual machine they create. With this pricing model, each virtual machine type has an associated seat count limit (the seat count is the number of Deep Security Agents that you can activate). You can run more than one virtual machine to increase your seat count limit.
    The seat count limits for each type of virtual machine supported for Deep Security are as follows:
    • D2 v2: Up to 25 Agents
    • D3 v2: Up to 50 Agents
    • D4 v2: Up to 100 Agents
    • D5 v2: Up to 200 Agents

    As you create or stop Deep Security Manager nodes, the seat count usage for the hour is recalculated. To check your seat count limit after installing Deep Security Manager, open Deep Security Manager and go to Administration > Licenses.
  4. Review the pricing information and click Create.
  5. Follow the seven steps of the Create Deep Security Manager journey to create a Deep Security virtual machine.
    1. Specify the name of the Deep Security Manager VM and configure other general settings on the Basics blade and then click OK.
      • The credentials you specify in this blade are what you will use to log on to the Deep Security Manager virtual machine.
      • Depending on the type of authentication you select, you have to enter a strong password or an SSH public key.
      • Type in a name into Resource group to create a new Resource group or click Select existing to use an existing one.
      • Select an Azure region from the Location list.
    2. Select a virtual machine size, configure the Deep Security Manager URL and port numbers on the Deep Security Manager VM blade, and then click OK.
      • Use the DNS name you enter in Deep Security Manager URL (for example, azurevmdemo01).
      • Specify the port number for the Deep Security Manager console port to access and log into Deep Security Manager (for example,
      • Specify the heartbeat port number used by the Deep Security Agents to communicate with Deep Security Manager.
    3. Create a new database or enter the name of an existing one on the Database Settings blade and then click OK.
      • Do not type anything into Database Hostname if you create a new database. However, if you click Use Existing then the database host name is required.
      • You can view the names of existing Azure SQL databases by going to the SQL databases blade and viewing the properties of a database (Settings blade > Properties blade > Server name).
    4. Enter the name of the administrator account you will use to sign in to Deep Security Manager on the Deep Security Credentials blade and enter and confirm the password for that account and click OK.
    5. Click the arrows to review the settings for the new virtual network and the subnet for the Deep Security Manager VM on the Network Settings blade and click OK twice.
    6. Review the information on the Summary blade and click OK when Validation passed appears at the top of the summary to finish creating the virtual machine.

    Validation passed message

    1. Click Terms of use, privacy policy, and Azure Marketplace Terms on the Buy blade to review them and then click Create.

    It will take approximately 30-40 minutes before your new virtual machine is running.

  6. When installation is complete, open a browser and go to:

    https://<DNS name>:8443

    where the DNS name is the name you specified on the Deep Security Manager blade (for example, You can view the DNS name for your Deep Security virtual machine by clicking the value in Public IP address/DNS name label in the Settings blade.

    If installation is successful, you will be redirected to Deep Security Manager. If installation fails, you will see an error message. If this happens, click Install Deep Security Manager again and verify all settings as you step through the installation again.

Add your Azure cloud account to Deep Security

You can also think of this as importing your Azure VM into Deep Security.

  1. Sign in to Deep Security Manager and click on the Computers tab.
  2. Click New > Add Cloud Account on the Computers page.
  3. Select Azure as the Cloud Provider and click Next.
  4. Enter the account credentials used to log into the Azure portal and click Signin.

    The account must be the owner of the Azure subscription and must have the Global Admin role in your Azure Active Directory. These privileges are required so that Deep Security can automate the provisioning of a Service Principal object in your Azure Active Directory. Deep Security uses that Service Principal object to authenticate itself to your Azure subscription so that it can invoke the necessary Azure APIs to synchronize your Azure VMs in the Deep Security Manager console. For instructions on creating a user with global administrator rights, see Microsoft's Add new users or users with Microsoft accounts to Azure Active Directory article.

  5. Click Accept on the Deep Security Connector permissions page.
  6. Select the Azure Active Directory and Subscription Name and click Next.
  7. Review the summary information and click Finish.
    After the Azure VM has been imported, it will appear on the Computers page of Deep Security Manager.

Add the Deep Security extension to your Azure VM

When you create an Azure virtual machine, you can add the Trend Micro Deep Security Agent to your virtual machine in the Extensions setting. This installs the Deep Security Agent software and also registers the Deep Security Agent with the Deep Security Manager.

  1. Log in to the Azure portal, click the VM you want to protect with Deep Security in the Virtual Machines blade, and click All Settings.
  2. Click Extensions in the Settings blade, click +Add extension in the Extensions blade, select Trend Micro Deep Security in the New Resource blade, and then click Create.
  3. Enter the required information for the extension and then click OK:
    Manager AddressThe DNS name of the Azure Marketplace Deep Security Manager.
    Activation PortThe discovery and heartbeat port number of the Azure Marketplace Deep Security Manager.
    Tenant IdentifierThis is not applicable to Deep Security Manager VM for Azure Marketplace so type NA here.
    Tenant Activation PasswordThis is not applicable to Deep Security Manager VM for Azure Marketplace so type NA here.
    Security Policy Identifier(optional)The policy ID or name in your Deep Security Manager that you want to assign to this Azure VM. It is displayed in the deployment script generated by Deep Security Manager.

After you finish these steps, you are ready to Protect Microsoft Azure Virtual Machines with Deep Security Manager.