Defender for Cloud

Question

Hello, I have a couple of questions:

1) I'm a little confused with 'Defender for Cloud'. I understand that this will be used to help defend cloud resources. It's turned on per subscription which is associated with any cloud resources. However if my company just purchased the E5 license, and currently doesn't have any other cloud products (i.e VM's, app services, storage) does this mean we don't need to use Defender for Cloud ?

What about the Microsoft 365 application data (such as one drive data, sharepoint data, teams data, exchange data (outlook) etc...) ? I realize this is not associated to any subscriptions, so it doesn't seem Defender for Cloud is used for this ?

2) My second question has to do with subscriptions and confirming my understanding on how they work. We have one subscription turned on by default (visual studio subscription). I'd like to replace that one with something that has a more appropriate name i.e. production. I believe I'd have to create a new subscription and make this the default subscription. I suspect there ought to be a way to do this.
As will, I think can associate spending limits on this, so I can also create another subscription call dev/test and put a spending limit on this of a small amount.
Please correct me if this is not feasible.

Any help / advice is appreciated. I realize there is a ton of documentation out there (can be a bit overwhelming), just trying to get a quick jump start on this.

Answer 1

Hi @Samir Kothari ,

Thanks for your post!

1) It really depends on which security features you need. It's not just for managing app services, VMs, and storage, but it also offers other features such as Cloud Security Posture Management (CSPM), a regulatory compliance dashboard that shows whether you are meeting compliance standards, and threat protection. If you have users in your tenant and want to detect anomalies in your Azure Activity logs, you can use Microsoft Defender for Cloud's integration with Microsoft Defender for Cloud Apps.

The free version of Defender for Cloud is automatically enabled for your services, but if you want enhanced security features such as multi-cloud security (integration with AWS and Google), threat protection for Key Vault, Defender for Endpoint (which integrates with Microsoft 365 Threat Intelligence), and others, you need the paid version.

For Sharepoint, Onedrive, Teams, and Microsoft 365 data, you may want to look into Microsoft Defender for Office 365.

2) If you would prefer to just change the name of the existing subscription, you can follow the steps in this article to Change the Subscription Name.

If you have an Enterprise Agreement, a Microsoft Partner Agreement (MPA), or a Microsoft Customer Agreement (MCA), you follow the steps here to create an additional subscription.

To change or remove your billing subscription, you can follow the steps here.

For information around creating a subscription budget, you can review Tutorial: Create and manage Azure budgets.

Let me know if this helps and if you have further questions.

Marilee

-
If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

Answer 2

Quick comment on the MDFC question. As you said it protects your subscription and Azure resources. It also includes some server workload protection options for Windows, Linux and SQL server (bot in Azure an on-premise). The Defender for Servers license (P1 and P2) includes Defender for Endpoint. You might find that adding MDCF, at least at the P1 level, provides a useful addition to your server endpoint protection. Do you need MDFC? Probably not critical if you have MDE but it is something to consider. I recommend at least the P1 option. Also, as you begin to migrate server workloads to Azure the value of MDFC will increase.