Microsoft Defender for Cloud protects Azure and hybrid cloud workloads and manages security posture.
The features of Microsoft Defender for Cloud cover the two major pillars of cloud security:
Cloud Security Posture Management (CSPM) – The posture management features in Defender for Cloud include:
- Visibility – to assist you in comprehending your current security situation
- Hardening guidance – to assist you in efficiently and effectively improving your security.
Secure score is the key feature in Defender for Cloud that allows you to achieve those goals. Defender for Cloud is constantly monitoring your resources, subscriptions, and organization for security flaws. It then aggregates all of the findings into a single score, allowing you to see your current security situation at a glance: the higher the score, the lower the identified risk level.
Cloud Workload Protection (CWP) – Defender for Cloud provides security alerts based on Microsoft Threat Intelligence. It also includes a number of advanced, intelligent workload protections. Workload protection is provided by Microsoft Defender enhanced security features plans tailored to the types of resources included in your subscriptions. You can, for example, enable Microsoft Defender for Storage to receive alerts when suspicious activity is detected in your Azure Storage accounts.
The Defender for Cloud gives you visibility and control over the following CWP features in your environment:
Defender for Cloud provides advanced threat protection and security alerts for virtual machines, SQL databases, containers, web applications, your network, and more.
- Microsoft Defender for Servers
- Microsoft Defender for App Service
- Microsoft Defender for Storage
- Microsoft Defender for Databases
- Microsoft Defender for Containers
- Microsoft Defender for Key Vault
- Microsoft Defender for Resource Manager
- Microsoft Defender for DNS
You can add Defender for Cloud capabilities to your hybrid cloud environment in addition to defending your Azure environment:
- Secure your non-Azure servers
- Secure your virtual machines in other clouds (such as AWS and GCP)
Deploy Azure Arc and enable Defender for Cloud to protect virtual machines and SQL databases in other clouds or on-premises. Azure Arc for servers is a free service, but services used on Arc enabled servers, such as Defender for Cloud, will be charged according to the service’s pricing. Find out more in Azure Arc can be used to add non-Azure machines.
Microsoft Defender for Cloud security alerts
A security alert is generated when Defender for Cloud detects a threat in any area of your environment. These alerts provide information about the affected resources as well as suggested remediation steps and, in some cases, the option to trigger a logic app in response.
Microsoft Defender for Cloud advanced protection capabilities
Defender for Cloud employs advanced analytics to protect virtual machines, SQL databases, containers, web applications, and your network, among other things. Protections include just-in-time access to your VMs’ management ports and adaptive application controls to create allow lists for which apps should and should not run on your machines.
Vulnerability assessment and management
Without charge, Defender for Cloud includes vulnerability scanning for your virtual machines and container registries. The scanners are powered by Qualys, but no Qualys license or account is required; everything is handled seamlessly within Defender for Cloud.
Microsoft Defender for Cloud
Defender for Cloud is a tool for managing security posture and protecting against threats. Defender for Cloud improves the security posture of cloud resources, and with its integrated Microsoft Defender plans, it protects workloads running on Azure, hybrid, and other cloud platforms.
Defender for Cloud gives you the tools you need to harden your resources, monitor your security posture, defend against cyber attacks, and simplify security management. Defender for Cloud is simple to deploy because it is natively integrated, and it provides simple auto provisioning to secure your resources by default. Defender for Cloud addresses three critical requirements for managing the security of your cloud and on-premises resources and workloads:
- Continuously Assess – Understand your current security posture.
- Secure – Harden all connected resources and services.
- Defend – Detect and resolve threats to those resources and services.
Microsoft Defender tools
- Secure score: A single score that informs you your current security situation at a glance: the higher the score, the lower the identified risk level.
- Security recommendations: Hardening tasks that have been customized and prioritized to improve your posture. You put a recommendation into action by following the detailed remediation steps outlined in the recommendation. Defender for Cloud provides a “Fix” button for automated implementation of many recommendations.
- Security alerts: Defender for Cloud detects threats to your resources and workloads when enhanced security features are enabled. These alerts are displayed in the Azure portal, and Defender for Cloud can also email them to the appropriate personnel in your organization. As needed, alerts can be streamed to SIEM, SOAR, or IT Service Management solutions.
The Network map is one of the most powerful tools Defender for Cloud provides for continuously monitoring the security status of your network. The map displays the topology of your workloads, allowing you to determine whether each node is properly configured. You can see how your nodes are linked, which allows you to block unwanted connections that could make it easier for an attacker to infiltrate your network.
- Must have a subscription to Microsoft Azure
- Must be assigned the role of Subscription Owner, Subscription Contributor, or Security Admin.
Enable Defender for Cloud on your Azure subscription
- Sign into the Azure portal.
- Select Microsoft Defender for Cloud from the portal’s menu.
- Choose Getting Started from the menu on the left and follow the instructions to enable Defender for Cloud.
Defender for Cloud – Overview provides a complete view into the security posture of your hybrid cloud workloads, assisting you in discovering and assessing workload security as well as identifying and mitigating risks.
Enable enhanced security features on one subscription
Select Environment settings from the main menu of Defender for Cloud. Choose the subscription or workspace that you want to safeguard. To upgrade, choose Enable all Microsoft Defender plans or Enable only the services you want. Choose Save.