Welcome to this module on managing security by using Microsoft Defender for Cloud, formerly known as Azure Security Center. We will cover the following topics in this module. We will discuss the requirements needed to integrate Microsoft Defender for Cloud with Azure Virtual Desktop. We will then look at the features that are available. Finally, we will look at some general security best practices for Azure Virtual Desktop. 

Let's start off by taking a look at some of the requirements that need to be fulfilled in order to integrate Azure Virtual Desktop with Microsoft Defender for Cloud. There are two levels of Microsoft Defender for Cloud, basic and standard. Before you can integrate this service with AVD, you need to ensure you have enabled the standard tier in Microsoft Defender for Cloud. Finally, you need to ensure you have provisioned your Azure Virtual Desktop environment and have active session hosts within this environment.

Let's now move on to discussing some of the features that are available once you meet these requirements. The first feature I would like to highlight is the security configuration assessment, which will assess your existing security implementation within Azure Virtual Desktop. Next, we have a security score, which again assesses the AVD environment, but this time outputs a score, detailing vulnerabilities and how you can remediate those.

We move on to file integrity monitoring, better known as FIM. This feature examines operating system files, Windows registry, apps, and more for changes in behavior that might indicate an attack. I also want to mention Just-in-time VM access as an important feature. This feature allows you to control access to the sessions hosts and limit not only the level of access, but the amount of time a user can access a VM.

The final feature I will touch on is adaptive application control. This is an intelligent and automated solution for defining allow lists of known, safe applications for your session hosts. In the final part of this lecture, I will discuss general security best practices for Azure Virtual Desktop. An important aspect of AVD is the session host virtual machines, so ensuring you have some type of endpoint protection enabled on these is very important.

With any type of cloud-hosted environment, security posture is key, and AVD is no different, which is why it is another best practice to continuously monitor and improve your secure score. Access and authentication are an important aspect of all cloud-hosted services, and as such, forcing users to utilize multi-factor authentication when accessing Azure Virtual Desktop should be standard. The final best practice recommendation I want to point out is to set up screen locks for idle sessions. This protects access to the environment if users walk away from their screens and leave the session unattended.