Securing multicloud (Azure, AWS & GCP) with Microsoft Defender for Cloud: Connector best practices
84views
As organizations adopt Microsoft Defender for Cloud across multicloud environments, Microsoft offers a range of resources to assist with planning, deployment, and scalable onboarding.
Planning resources include the Multicloud Protection Planning Guide, which outlines key design considerations for securing multicloud environments.
Deployment resources include guidance such as Connect your Azure subscriptions – Microsoft Defender for Cloud, which helps with setting up connections.
With proper planning and a well-defined adoption strategy, onboarding can be smooth and predictable. However, support cases show that some common challenges may still occur during or after onboarding AWS or GCP environments. Below are typical multicloud issues, their symptoms, and recommended solutions.
Common multicloud connector issues and resolutions
1. Removed cloud account still appears in Microsoft Defender for Cloud
Issue
An AWS or GCP account has been deleted, but it still appears in Microsoft Defender for Cloud under connected environments. Security recommendations for that account may also continue to appear.
Cause
Microsoft Defender for Cloud does not automatically remove connectors when external accounts are deleted. The connector remains as a separate object in Azure because there is no automatic notification when an AWS or GCP account is decommissioned.
Solution
Manually delete the stale connector using one of the following methods:
- Azure portal
- Sign in to the Azure portal
- Navigate to Microsoft Defender for Cloud > Environment settings
- Select the obsolete AWS account or GCP project
- Choose Delete
- REST API
- Use the Security Connectors Delete REST API
Note
If an organization-level connector was used, remove the management account connector first, followed by any child connectors. This helps avoid dependency issues.
2. Identity provider missing or partially configured
Issue
After deploying the AWS CloudFormation template, the connector fails. The AWS environment appears in an error state due to a missing or incomplete identity link between Azure and AWS.
Cause
The CloudFormation template was generated using the wrong Azure directory or subscription, or it was deployed to the wrong AWS account. This results in mismatched Azure and AWS identifiers.
Solution
- Verify Azure context
- In the Azure portal, confirm the correct directory and subscription under Directories + subscriptions
- Clean up incorrect setup
- Delete the CloudFormation stack and related IAM resources in AWS
- Remove the failed connector in Microsoft Defender for Cloud
- Recreate the connector
- Generate and deploy a new template using the correct accounts
- Validate
- Once successful, the environment status changes to Healthy, and data begins appearing within about an hour
3. Duplicate connector blocking onboarding
Issue
Onboarding fails with an error indicating that a connector with the same hierarchyId already exists. The environment shows as failed, and no resources are visible.
Cause
Only one connector per cloud account is allowed within the same Microsoft Entra ID tenant. If the account was previously onboarded in another subscription, it must be removed before re-adding.
Solution
- Locate the existing connector
- In the Azure portal, check Microsoft Defender for Cloud > Environment settings across all subscriptions in the same tenant
- Optionally, use Azure Resource Graph to search for connectors
- Remove the duplicate
- Delete the connector associated with the same hierarchyId
- Retry onboarding
- Add the connector again in the desired subscription
- If the issue persists, ensure all duplicates are removed and allow time for changes to propagate
Conclusion
Microsoft Defender for Cloud enables a robust multicloud security strategy, but maintaining cloud security is an ongoing process. Onboarding is just the beginning—continuous monitoring of recommendations, alerts, and compliance across all environments is essential. When properly configured, Defender for Cloud provides a centralized view to help maintain visibility and control as security threats evolve.
add a comment
Windows 365 and Microsoft Intune: A Unified Approach to Modern Endpoint Management
Windows 365 and Microsoft Intune together create a deeply integrated solution for managing modern endpoints. Windows 365 delivers secure Cloud...
Simplifying Hyper-V Management with Windows Admin Center vMode
Windows Admin Center has long been a favorite tool for IT pros, trusted to manage millions of Windows Servers around the world....
Upgrading to Windows Server 2025 from Windows Server 2022 using Media (ISO)
The adoption of Windows Server 2025 has been remarkable, and we are truly grateful for the overwhelming response. A big...
Windows 11 Installation Assistant 25H2 – upgrade your W10 or W11 with the help of this new tool from Microsoft
If you’re planning to stay on Windows, there’s now a new tool from Microsoft that makes the upgrade process much...
