Defender for Cloud – Part 1: Getting Started (The blog series)

Table of Contents

Getting started with Defender for Cloud

When you first time open Microsoft Defender for Cloud the overview page opens.

Defender for Cloud is now enabled on your subscription and you have access to the basic features provided by Defender for Cloud. These features include:

  • The Foundational Cloud Security Posture Management (CSPM) plan
  • Recommendations
  • Access to the Asset inventory
  • Workbooks
  • Secure score
  • Regulatory compliance with the Microsoft cloud security benchmark

The Defender for Cloud overview page provides a unified view into the security posture of your hybrid cloud workloads, helping you discover and assess the security of your workloads and to identify and mitigate risks.

I will introduce those features above in the coming posts.

Enable enhanced security features

When you first time click Getting Started from Defender for Cloud menu:

The view in the portal looks like this:

Upgrade tab

Like to text says you can enable Defender for Cloud’s enhanced security features for the selected subscription by clicking the Upgrade button below.

In my example there’s only one subscription which could be enabled.

You can start 30-day trial of enhanced security features which enables

  • Cloud Security Posture Management (CSPM)
  • Cloud Workload  Protection for machines (CWP)
  • Advanced threat protection for PaaS services

Get Started tab

In this view you can add non-Azure servers from on-prem datacenter(s) and connect multi-cloud environments such as Amazon Web Services (AWS) and Google Cloud Platform (GCP) and many other sites to get managed from the security point of view from Defender for Cloud. 

Add non-Azure servers

By pressing Configure above left you end up the page where you can onboard non-azure servers and collect logs with Log analytics Agent and store them to the existing Log analytics workspace or create a new one.  I’ll write more onboarding topics later on coming blogs.

Connect and protect external multi-cloud environments

By pressing Configure above right you end up to Environment Settings blade where you can  connect external services and also do a lot more but I concentrate now to the external services.

As you can see you can add connection to:

  • Amazon Web Services
  • Google Cloud Platform
  • GitHub
  • AzureDevOps
  • GitLab

The process will start when you press the Add environment button in the top.

It depends by the service what credentials you need to fill but eventually if everything is correct you see the connector below in this same view.

Part 14 is dedicated to Environment Settings.

 

Install agents tab

And finally if you have virtual machines in your subscription you can install log analytics agent automatically to your virtual machines.  Or continue without installing anything.

Here was the Getting Started section. I hope you get some knowledge about it. Next part is about the Defender for Cloud Inventory. Stay tuned.

The parts of the MDC blog series

View all the parts of the MDC blog series:
Picture of Jussi Metso
Jussi Metso
Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future.

Discover more from Jussi Metso

Subscribe to get the latest posts sent to your email.

DEFENDER FOR CLOUD

Related Posts

Discover more from Jussi Metso

Subscribe now to keep reading and get access to the full archive.

Continue reading