Hi, I’m Makoto, a freelance engineer.
In this article, I’ll explain Microsoft Defender for Cloud.
It’s an important service for managing security in Azure. With the already difficult to understand terminology and service name changes, it can be confusing.
I’ve tried to provide an easy-to-understand explanation with screenshots, so please read to the end.
Let’s get started!
What is Microsoft Defender for Cloud?
Microsoft Defender for Cloud is a service for comprehensively managing and visualizing security.
Note that it was called Azure Security Center until November 2021, but the name has changed.
Security Center – sounds right! I preferred that name because it was more intuitive.
I’m going to digress a bit to add some context to the service name change.
Source: Azure Security product name changes – Microsoft Ignite November 2021
Not only the Azure Security Center but also other security services like Azure Sentinel have been renamed at the same time. The fact that “Azure” has been removed from the service names suggests this:
As briefly mentioned in the Azure Arc article, this likely reflects an accelerating movement toward centralized management of hybrid cloud and multi-cloud environments.
“Azure Defender” in the table was a paid option for the Azure Security Center, but it has been renamed “Enhanced Security Features” (more on that later).
What Microsoft Defender for Cloud can do
Comprehensive security management might sound a bit abstract. Specifically, you can:
- Visualize the current security status as a “Secure Score”
- Improve security based on recommendations
- Visualization of regulatory compliance status
- Detect threats to protected resources and send alerts
- Access additional features by enabling enhanced security features
As mentioned earlier, you can also manage and protect on-premises servers and servers in other cloud providers, not just Azure.
Let’s look at each one in turn.
Secure Score and Recommendations
Some of its key features include Secure Score and Recommendations.
The current security status is visualized as a “Secure Score”, which helps to understand the current situation. The Secure Score may also be referred to as the “Security Score” in some cases.
You can improve your score by following the recommendations that appear. The remediation steps that appear are also very helpful.
If you thought that, you’re smart.
The feature that visualizes scores and displays recommendations is the same as Azure Advisor. For those who haven’t studied it yet, please read the article and follow the learning progression.
https://az-start.com/advisor-overview/
The recommendations in Microsoft Defender for Cloud are integrated with Azure Advisor, and the Security category from Advisor can also be viewed in Microsoft Defender for Cloud.
Regulatory Compliance
Next, let’s take a look at the Regulatory Compliance feature.
Let’s start with an excerpt from the official documentation.
Regulatory compliance refers to the discipline and process of ensuring that a company follows the laws enforced by governing bodies in their geography or rules required by voluntarily adopted industry standards. For IT regulatory compliance, people and processes monitor corporate systems to detect and prevent violations of policies and procedures established by these governing laws, regulations, and standards.
In summary, it’s about discipline and processes that ensure compliance with laws and regulations.
When we talk about compliance, we generally mean “adherence to laws and regulations,” but this does not necessarily refer only to rules mandated by law, but also to rules that have been voluntarily adopted by the industry.
Regulatory compliance in Azure can be thought of as a tool that applies a set of rules-industry standards (compliance standards)-established by public bodies or industry organizations that say “this is how things should be done.” It visualizes compliance status and provides support to help you meet those standards as you use Azure. In essence, it’s like having a helpful guide to ensure that your use of Azure is in line with important industry guidelines and regulations.
There are several rule sets (compliance standards) to choose from, but the Microsoft-defined Microsoft Cloud Security Benchmark (formerly the Azure Security Benchmark) is available for free. (Internally, definitions from the Azure Policy initiative are used to apply the rules).
You can also download reports in CSV or PDF format.
Security Alerts
When threats or security-related issues are detected, you can receive security alerts (the following is a sample alert):
Security alerts require the “Enhanced security features” to be enabled (which is paid).
Enhanced Security Features (formerly Azure Defender)
Microsoft Defender for Cloud can be used for free.
By default, the Free plan is automatically enabled and you can review multiple recommendations for free.
- Enable MFA for owner accounts
- Designate multiple administrators (owners)
- Protect virtual machines with NSG
These are basic recommendations.
As mentioned earlier, the Microsoft Cloud Security Benchmark is also available for free.
By enabling Enhanced Security Features (formerly Azure Defender), you can access additional security management and threat prevention features.
There is a 30-day trial period, so you can use it for free at first even after activation. The unit price differs depending on the type of resource, such as Virtual Machines and App Service, and you can turn them on and off individually.
Summary
In this article, we explained Microsoft Defender for Cloud.
To prepare for the AZ-900 exam, focus on the following key points:
- Protects not only Azure but also on-premises and third-party clouds
- Provides visibility into current security status as a “Secure Score” that can be used to improve security based on status and recommendations
- Detects and alerts on threats to protected assets
- Provides regulatory compliance visibility and downloadable reports
- Free plan enabled by default (limited functionality available)
- Additional features are available for a fee when “Enhanced Security Features (formerly Azure Defender)” is enabled
It’s a bit complicated with features divided into free and paid, but I think understanding the overview of mainly free features should be sufficient.
That’s all for now. See you next time!
