Overview

I always prefer using Docker Compose instead of Docker commands since compose files are self-documenting. That’s why it drives me crazy when someone–especially large companies–only give documentation in docker commands. Microsoft does this when you attempt to deploy an on-prem connector for Defender for Cloud Apps. Here’s how to use a docker compose file instead.

Process

During setup, Microsoft will give you a command to run like this:

(echo $TOKEN) | docker run --name $COLLECTOR_NAME$ -p 514:514/udp -p 21:21 -p 20000-20099:20000-20099 -e "PUBLICIP='192.168.x.x'" -e "PROXY=" -e "SYSLOG=true" -e "CONSOLE=XXXX.us3.portal.cloudappsecurity.com" -e "COLLECTOR=COLLECTOR_NAME" --security-opt apparmor:unconfined --cap-add=SYS_ADMIN --restart unless-stopped -a stdin -i mcr.microsoft.com/mcas/logcollector starter