Explain Microsoft Defender for Cloud


Microsoft Defender for Cloud's features covers the two broad pillars of cloud security:

Cloud Security Posture Management (CSPM) - In Defender for Cloud, the posture management features provide:

  • Visibility - to help you understand your current security situation
  • Hardening guidance - to help you efficiently and effectively improve your security

The central feature in Defender for Cloud that enables you to achieve those goals is secure score. Defender for Cloud continually assesses your resources, subscriptions, and organization for security issues. It then aggregates all the findings into a single score so that you can tell, at a glance, your current security situation: the higher the score, the lower the identified risk level.

Cloud Workload Protection (CWP) - Defender for Cloud offers security alerts that are powered by Microsoft Threat Intelligence. It also includes a range of advanced, intelligent, protections for your workloads. The workload protections are provided through Microsoft Defender enhanced security features plans specific to the types of resources in your subscriptions. For example, you can enable Microsoft Defender for Storage to get alerted about suspicious activities related to your Azure Storage accounts.

The Defender for Cloud provides visibility and control of the CWP features for your environment:

Screenshot of Defender for Cloud workload protections.

What resource types can Microsoft Defender for Cloud secure?

Defender for Cloud provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, and more.

When you enable Defender for Cloud from the Pricing and settings area, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment:

  • Microsoft Defender for Servers

  • Microsoft Defender for App Service

  • Microsoft Defender for Storage

  • Microsoft Defender for Databases

  • Microsoft Defender for Containers

  • Microsoft Defender for Key Vault

  • Microsoft Defender for Resource Manager

  • Microsoft Defender for DNS

Hybrid cloud protection

In addition to defending your Azure environment, you can add Defender for Cloud capabilities to your hybrid cloud environment:

  • Protect your non-Azure servers

  • Protect your virtual machines in other clouds (such as AWS and GCP)

You'll get customized threat intelligence and prioritized alerts according to your specific environment so that you can focus on what matters the most.

To extend protection to virtual machines and SQL databases in other clouds or on-premises, deploy Azure Arc and enable Defender for Cloud. Azure Arc for servers is a free service, but services used on Arc enabled servers, such as Defender for Cloud, will be charged as per the pricing for that service. To learn more see Add non-Azure machines with Azure Arc.

Microsoft Defender for Cloud security alerts

When Defender for Cloud detects a threat in any area of your environment, it generates a security alert. These alerts describe details of the affected resources, suggested remediation steps, and in some cases, an option to trigger a logic app in response.

Whether an alert is generated by Defender for Cloud or received by Defender for Cloud from an integrated security product, you can export it. To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in Stream alerts to a SIEM, SOAR, or IT Service Management solution.

Microsoft Defender for Cloud advanced protection capabilities

Defender for Cloud uses advanced analytics for virtual machines, SQL databases, containers, web applications, your network, and more. Protections include securing the management ports of your VMs with just-in-time access, and adaptive application controls to create allowlists for what apps should and shouldn't run on your machines.

Vulnerability assessment and management

Defender for Cloud includes vulnerability scanning for your virtual machines and container registries at no extra cost. The scanners are powered by Qualys, but you don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Defender for Cloud.

Review the findings from these vulnerability scanners and respond to them all from within Defender for Cloud. This capability brings Defender for Cloud closer to being the single pane of glass for all of your cloud security efforts.