January 25, 2024June 23, 2024 Defender for Cloud – Part 1: Getting Started (The blog series) Table of Contents Getting started with Defender for Cloud When you first time open Microsoft Defender for Cloud the overview page opens. Defender for Cloud is now enabled on your subscription and you have access to the basic features provided by Defender for Cloud. These features include:The Foundational Cloud Security Posture Management (CSPM) planRecommendationsAccess to the Asset inventoryWorkbooksSecure scoreRegulatory compliance with the Microsoft cloud security benchmarkThe Defender for Cloud overview page provides a unified view into the security posture of your hybrid cloud workloads, helping you discover and assess the security of your workloads and to identify and mitigate risks.I will introduce those features above in the coming posts. Enable enhanced security features When you first time click Getting Started from Defender for Cloud menu:The view in the portal looks like this: Upgrade tab Like to text says you can enable Defender for Cloud’s enhanced security features for the selected subscription by clicking the Upgrade button below.In my example there’s only one subscription which could be enabled.You can start 30-day trial of enhanced security features which enablesCloud Security Posture Management (CSPM)Cloud Workload Protection for machines (CWP)Advanced threat protection for PaaS services Get Started tab In this view you can add non-Azure servers from on-prem datacenter(s) and connect multi-cloud environments such as Amazon Web Services (AWS) and Google Cloud Platform (GCP) and many other sites to get managed from the security point of view from Defender for Cloud. Add non-Azure servers By pressing Configure above left you end up the page where you can onboard non-azure servers and collect logs with Log analytics Agent and store them to the existing Log analytics workspace or create a new one. I’ll write more onboarding topics later on coming blogs. Connect and protect external multi-cloud environments By pressing Configure above right you end up to Environment Settings blade where you can connect external services and also do a lot more but I concentrate now to the external services. As you can see you can add connection to:Amazon Web ServicesGoogle Cloud PlatformGitHubAzureDevOpsGitLabThe process will start when you press the Add environment button in the top.It depends by the service what credentials you need to fill but eventually if everything is correct you see the connector below in this same view.Part 14 is dedicated to Environment Settings. Install agents tab And finally if you have virtual machines in your subscription you can install log analytics agent automatically to your virtual machines. Or continue without installing anything. Here was the Getting Started section. I hope you get some knowledge about it. Next part is about the Defender for Cloud Inventory. Stay tuned. The parts of the MDC blog series View all the parts of the MDC blog series:Part 0: Microsoft Defender for Cloud – The EPIC blog series – introductionPart 1: Getting started (this post)Part 2: The Asset InventoryPart 3: Security posturePart 4: Security recommendationsPart 5: Security alertsPart 6: Attack path analysisPart 7: Cloud security explorerPart 8: WorkbooksPart 9: Regulatory compliancePart 10: Workload protectionsPart 11: Data securityPart 12: Firewall managerPart 13: DevOps securityPart 14: Environment settingsPart 14A: Defender PlansPart 14B: Security PoliciesPart 14C: Email notificationsPart 14D: Workflow automationPart 14E: Continuous ExportPart 15: Security solutionsPart 16: Community Jussi Metso Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Media x facebook linkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe DEFENDER FOR CLOUD
CSPM Cloud Security Posture Management (CSPM) and some of it’s features January 11, 2023January 16, 2023 Table of Contents What is Cloud Security Posture Management in Azure? Cloud Security Posture Management… Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 4: Security Recommendations August 24, 2024August 26, 2024 Resources and workloads protected by Microsoft Defender for Cloud are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture. Read More
DEFENDER FOR CLOUD Microsoft Defender for DevOps December 21, 2022December 30, 2022 Table of Contents What is Microsoft Defender for DevOps? Microsoft Defender for DevOps adds additional security capabilities to… Read More