Microsoft Defender for Cloud

Reading Time: 3 minutes

Microsoft Defender for Cloud is part of the Microsoft Defender security offering, providing both,

  • CSPM – Cloud Security Posture Management
  • CWPP – Cloud Workload Protection Platform

This blog series will look at,

  • Getting started with Defender for Cloud
  • On-boarding cloud service Azure
  • On-Boarding AWS
  • On-Boarding on-premises environment

Overview – Defender for Cloud

CSMP for all Azure deployed resources is enabled by default. This feature is free and provided out of the box by Microsoft, giving you insight into resources that have been deployed within your environment, misconfiguration and hardening recommendations for those resources.

When first navigating to Defender for Cloud you are presented with the overview page. As the image below illustrates, it provides at a glance an overview of the environments that you have on-boarded, Azure, other cloud providers, on-premises environments, insight into your Secure Score and regulatory compliance and workload protection if any assets have been on-boarded.

Additional options, recommendations, Security alerts and a view of your inventory are available from the menu on the left-hand side of the screen,

Overview page

Data is collected using a Log Analytics Workspace agent and stored in a default Workspace. A custom Log Analytics Workspace can be configured for data collection,

Azure Monitor Agent can also be used for data collection, this capability is still in preview.

Log Analytics Agent and Workspace configuration

Getting Started

The getting started page for Defender for Cloud will help you with a click of a button to roll out Defender enhanced security capabilities for supported assets. This can be rolled out across assets where data is collected within different log analytics workspaces or within different subscriptions.

Although this can be enabled by clicking a single button, some caution should be exercised, and the capability should be tested before simply enabling it across all your environments.

Getting Started – Upgrade page

The get started page will step you through on-boarding not Azure servers and multi cloud environments, AWS and GCP.

Getting started – Get Started page

You also have the capability to install data collection agents, allowing you to receive security alerts and recommendations. the agents must be installed on all virtual machines that you want to collect data from.

Automatic installation of agents can also be enabled from this page.

Install agents

Through the next few blog posts in this series will take a closer look at each of these elements,

  • Creating and configuring a dedicated Log Analytics Workspace for Defender for cloud
  • On-Boarding non Azure servers
  • On-Boarding AWS and GCP
Tags: , ,