This course helps you understand what Microsoft Defender for Cloud is, what it offers, and how it can be used to protect resources.
Learning Objectives
- Learn what Microsoft Defender for Cloud is and what it does
- Look at how Defender for Cloud is used to protect Azure resources, hybrid resources, and resources in other clouds
- Look at how Defender for Cloud can be used to assess vulnerabilities and optimize security
- Learn to use Defender for Cloud
Intended Audience
This course is intended for those who wish to learn about Microsoft Defender for Cloud.
Prerequisites
To get the most from this course, you should have some basic experience using Azure.
Welcome to Protecting Resources with Defender for Cloud. In this lesson, we’ll take a quick look at how Defender for Cloud can help protect Azure resources, hybrid resources, and multi-cloud resources.
As you might expect, Defender for Cloud, being an Azure service itself, can automatically monitor and protect most Azure services and resources without having to perform any deployment, per se. For example, it can automatically deploy the Log Analytics agent when needed. Defender for Cloud handles the deployment to Azure VMs itself, while deployment to non-Azure machines can be facilitated via Azure Arc.
As far as Azure-native protection goes, Defender for Cloud can detect threats against Azure PaaS services, Azure data services, and Azure networks.
Azure PaaS services that Defender for Cloud can protect include services such as the Azure App Service, Azure SQL, Azure Storage Account, and others. Integrating with Microsoft Defender for Cloud Apps allows you to also identify anomalies in Azure activity logs. Defender for Cloud can also be used to help automatically classify data stored in Azure SQL, and to perform assessments for potential vulnerabilities in Azure SQL and Storage services, while also providing recommendations for how to mitigate such vulnerabilities.
To protect Azure networks, Defender for Cloud can help mitigate brute force attacks. It does this by using just-in-time VM access to minimize access to VM ports. In doing so, Defender for Cloud hardens the network by preventing unnecessary access. In other words, you can use Defender for Cloud to setup secure access policies on selected ports. The policies can be used to allow access only for authorized users, or certain source IP address ranges or addresses, and only for a limited amount of time.
As I mentioned a few minutes ago, in addition to protecting Azure resources, Defender for Cloud can be used to protect hybrid cloud environments, including non-Azure servers that exist on-prem. To get this on-prem protection, though, you need to deploy Azure Arc and enable Defender for Cloud's enhanced security features.
Since Arc is a bit out of scope for this course, you can check out the URL that you see on your screen to learn more about this process.
In addition to native Azure resources and hybrid resources, Defender for Cloud can also protect resources running on other cloud platforms. AWS for example. Or GCP.
That said, you have to first connect these accounts to Defender for Cloud. To protect AWS resources, you can connect your AWS account to Defender for Cloud using either the Classic Cloud Connectors Experience, or via the Environment Settings Page. These are both covered in detail at the URL that you see on your screen.
To protect GCP resources, you need to create a connector for every GCP organization that you want to monitor from Defender for Cloud. This process is outlined at the URL shown on your screen.
Now, once you’ve connected your other cloud environments to Defender for Cloud, you can protect resources in those cloud environments. You can do this by enabling Defender for Cloud’s CSPM features, by enabling Microsoft Defender for Kubernetes, and by enabling Microsoft Defender for Servers. For example, once Defender for Cloud has been connected to AWS, its CSPM features can assess AWS resources according to AWS-specific security recommendations. These assessments are then included in the secure score. If you connect Defender for Cloud to AWS and enable Microsoft Defender for Kubernetes, its container threat detection and defenses get extended to any Amazon EKS Linux clusters you have running.
And then of course, Microsoft Defender for Servers extends threat detection and defenses to Windows and Linux EC2 instances in AWS, assuming you’ve connected Defender for Cloud to AWS. Defender for Servers includes the integrated license for Microsoft Defender for Endpoint, security baselines and OS level assessments, vulnerability assessment scanning, adaptive application controls (AAC), file integrity monitoring (FIM), and other functionality. Be sure to visit the URLs I mentioned to read more about connecting Defender for Cloud to AWS and GCP.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.