Enable DfC and Enhanced Security Features DEMO
Start course

This course helps you understand what Microsoft Defender for Cloud is, what it offers, and how it can be used to protect resources.

Learning Objectives

  • Learn what Microsoft Defender for Cloud is and what it does
  • Look at how Defender for Cloud is used to protect Azure resources, hybrid resources, and resources in other clouds
  • Look at how Defender for Cloud can be used to assess vulnerabilities and optimize security
  • Learn to use Defender for Cloud

Intended Audience

This course is intended for those who wish to learn about Microsoft Defender for Cloud.


To get the most from this course, you should have some basic experience using Azure. 


Hello and welcome back. In this demonstration here, what I want to do is show you how to enable a Defender for Cloud and how to enable the enhanced security features of Defender for Cloud within your Azure subscription. Now on the page here, you can see I'm logged into my Azure portal. I'm logged in as my global administrator. And there's a couple different ways we can access Defender for Cloud. We can access it from the top menu bar here, if it exists here, or we can search for it right here in resources. 

So, go ahead and open Defender for Cloud. And when we open Defender for Cloud, we're presented with our overview page. This gives us the secure score, all I talked about our regulatory compliance, workload protections, firewall manager, and all of some of the prevalent recommendations here on the right-hand side. We can upgrade to the new containers plan. And if we scroll down, we can look at our inventory and some other information protection info here. Now if we scroll back up, we can select the Azure subscriptions we're working with.

If we go back we can look at our assessed resources, we can look at our active recommendations, and we can look at any security alerts we have. And of course, if we go back again, we can open up the secure score and what this will do is give us information on our secure score through the secure score dashboard. Now, what I want to do here is show you how to enable the enhanced security features for Defender for Cloud. Now to do that, if I select 'Environment settings' down here under management, what this is going to do is take me out to our environment settings where we can select our subscription here and we're working with the berks batteries subscription. And we can also see what AWS accounts were connected to here. In this case, we don't have any. But what we'll do here is select our 'Berks Battery' subscription. And we can see here that we have enhanced security turned off right now. If we scroll down, we can see all of these options are grayed out. So, before we can enable these enhanced security features, what we have to do is select this second box here.

Now, sometimes this box is a little odd. It's not necessarily all that intuitive that you can click on it. So, if you hover around here sometimes the pointer changes but if you do click on the box when you have the pointer, what you're doing is enabling Microsoft Defender for Cloud. And when you do that, everything down here lights up. You can enable all of your resource types here by selecting 'Enable all.' And then of course, you can turn different resources off here by selecting them individually. 

We can see in this column here we have the pricing, and then in the resources column it tells us what we're going to be protecting by enabling these security features. We can see we'll be protecting one Server, four different storage accounts and a Key vault. So, what I'll do for this demonstration is enable the plan for my Servers, and for my Key vaults. Notice here, you have this pricing if we hover over the icon here we can see a little bit of information about the billing. For example, servers here are billed hourly but only for running machines.

Now, If we look down at Key vault here we can see that pricing is 2 cents per 10,000 transactions. And that's what you can do here, you can hover over each one of these informational icons to see a little bit about the pricing. For example, DNS here, this pricing applies to all Azure resources connected to the Azure default DNS resolvers, and that's 70 cents per one million DNS queries. And you'll notice the very bottom here that when we select 'Save', and we're going to do that up top. And when we select 'Save' these enhanced security features are going to be enabled on the resources that we've selected. 

And the first 30 days are free and then after that we start getting billed per this pricing. So, we'll go ahead and save our options here and there you have it. We now have our Defender for Cloud enabled for our servers. It's essentially enabling Microsoft Defender for servers and we have Microsoft Defender for Key vault also enabled here. So, with that we'll bounce back out to Defender for Cloud and into our overview page, and we'll call it a wrap.


About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.