Manage security posture by using Microsoft Defender for Cloud

In this module, you connect on-premises servers, AWS accounts, and GCP projects to Microsoft Defender for Cloud to extend unified security coverage across your entire hybrid and multicloud estate. You learn how federated authentication secures connector access without storing long-lived credentials. Then you plan the right connector scope for each environment type, and configure native connectors for AWS and GCP. The module covers both CSPM (agentless) and CWPP (Azure Arc–enabled) coverage extension, and closes by verifying that unified posture and workload protection is active across all connected environments.

In this module, you use Cloud Security Posture Management (CSPM) in Microsoft Defender for Cloud to identify, prioritize, and trace security risks across Azure environments — including generative AI workloads. You compare Foundational and Defender CSPM plan capabilities, interpret the risk-based Cloud Secure Score, investigate attack paths targeting cloud and AI resources, and run graph-based queries in Cloud Security Explorer to proactively discover hidden risks.

In this module, you use Microsoft Defender External Attack Surface Management (EASM) to discover and secure your external attack surface. You learn how Microsoft Defender External Attack Surface Management (EASM) outside-in discovery complements other Defender tools. EASM uses recursive discovery to find unknown internet-facing assets across your organization, analyze dashboards to prioritize vulnerabilities and security hygiene risks, and integrate EASM findings with Defender CSPM for attack path analysis.

In this module, you use Microsoft Defender for Cloud to assess your organization's compliance posture against security frameworks. You explore the regulatory compliance dashboard, investigate control gaps, assign regulatory standards, and generate audit-ready reports that communicate compliance status to stakeholders.

Enable Cloud Workload Protection Platform (CWPP) plans in Microsoft Defender for Cloud to defend servers, storage, databases, and AI workloads against active threats. You identify the right plan for each workload type — including Defender for AI Services and Defender for APIs — configure plan-specific settings such as the Defender for Servers P1/P2 tier distinction and Defender for Storage malware scanning, and deploy protection at subscription or management group scope. The module concludes by verifying coverage using the Coverage workbook.

Configure Microsoft Defender Vulnerability Management for Azure VMs by selecting the appropriate scanning method for your Defender for Servers plan tier, enabling vulnerability assessment at subscription and machine scope, and reviewing findings in the Microsoft Defender portal. Apply Defender for Servers Plan 2 premium capabilities—security baselines assessment and vulnerable application blocking—to enforce ongoing compliance and reduce exploitation risk.