To deploy Microsoft Antimalware using Powershell, the VM Agent needs to be installed. If the VM Agent is not already installed, see Installing the Microsoft Azure VM Agent on pre-existing VMs.

Installing Microsoft Antimalware

Launch Windows Azure Powershell

Login to your Azure account

Add-AzureAccount

Select the Azure Subscription where the VM resides

Select-AzureSubscription “YourAzureSubscriptionName”

Define parameters for Cloudservice name, and VM name of the VM

$cloudService = “YourCloudServiceName”
$vmName = “YourVMName”

Get the VM

$vm = Get-AzureVM –ServiceName $cloudService –Name $vmName

Add Microsoft Antimalware Agent to the Virtual Machine

Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM

Update the VM which will install the Antimalware Agent

Update-AzureVM -ServiceName $cloudService -Name $vmName -VM $vm.VM

Microsoft Antimalware is now installed and the System Center Endpoint Protection application should be visible on the start screen.

Configure security policy

After Microsoft Antimalware is installed, you need to define a security policy. If no security policy is configured you will most likely get the following message when trying to launch System Center Endpoint Protection from the start screen:

Your system administrator has restricted Access to this app

To configure the security policy follow the steps below.

Open cmd and go to C:\Program Files\Microsoft Security Client

cd C:\Program Files\Microsoft Security Client\

Configure policy by running the command

configsecuritypolicy cleanuppolicy.xml

References

Deploying Antimalware Solutions on Azure Virtual Machines - Kundana Palagiri
Azure antimalware not functioning - app is restricted