Security configuration for Amazon Web Services


Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.


Cloud Security Posture Management (CSPM) is now supported in Microsoft Defender for Cloud. Once Microsoft Defender for Cloud Apps fully converges with the Microsoft 365 Defender portal, CSPM will only be available in the new Microsoft Defender for Cloud page.

Microsoft Defender for Cloud Apps provides you with a security configuration assessment of your Amazon Web Services environment. This assessment provides fundamental security recommendations based on the Center for Internet Security (CIS) benchmark for AWS.


  • AWS Security Hub must be set up for all your AWS account regions. For more information, see Setting Up AWS Security Hub.


    If this is the first time you're enabling Security Hub, it can take several hours for the initial data to become available.

  • Your Amazon Web Services must be connected to Defender for Cloud Apps. For more information, see Connect AWS to Microsoft Defender for Cloud Apps.

How to view AWS security recommendations

  1. In Defender for Cloud Apps, browse to Investigate > Security configuration, and then select the Amazon Web Services tab.


    It might take up to 15 minutes before your changes take effect.

    security configuration menu.

  2. You can filter the recommendations by type, by resource, and by accounts. Additionally, you can click on the security configuration icon Amazon Security Hub icon. to open the recommendation in Amazon Security Hub for more information and to deep dive into the recommendation.


    To make investigation even simpler, you can create custom queries and save them for later use. After you've finished building your query, click the Save as button in the top right corner of the filters. In the Save query pop-up, name your query.

    security configuration.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.