Summary

Completed

In this module, you configure Defender for Cloud environment settings that establish a foundation for security governance across Azure subscriptions. You enable autoprovisioning of monitoring agents, connect workloads to a centralized Log Analytics workspace, and add regulatory and custom security standards that generate actionable recommendations. You then deploy security controls at scale using Fix operations for immediate bulk remediation, policy remediation tasks to trigger automated configuration deployment, governance rules to assign ownership and deadlines, and exemptions to document justified exclusions.

For Contoso, these capabilities transform an overwhelming list of 847 unmanaged recommendations into a governed compliance program. Governance rules now automatically assign remediation tasks to responsible engineering teams with 30-day deadlines and escalation workflows. Fix operations deploy secure transfer requirements across 47 storage accounts and transparent data encryption on 12 SQL databases in minutes—work that would take days manually. Recommendations with compensating controls are formally documented as mitigated exemptions, creating an auditable record of security decisions. The security team now has visibility into who owns each control, when remediation is due, and which items require leadership approval.

With security standards configured and remediation controls deployed, you're ready to evaluate how Contoso's security posture maps to regulatory frameworks. The next module covers using the Defender for Cloud regulatory compliance dashboard to track adherence to industry standards and prepare for audits.

Learn more

• Manage security policies and standards
• Remediate security recommendations
• Governance rules
• Custom security standards