Microsoft Defender for Cloud Cheat Sheet

• A Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) that secures multi-cloud and hybrid environments, including Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and on-premises resources.
• Detect vulnerabilities, restrict your exposure to threats, and quickly detect and respond to attacks.
• Secure Score allows you to get continuous assessment and security recommendations.
• It helps you to detect unusual activities and prevent threats in your PaaS workloads.
• Protect your virtual machines with configuration and vulnerability management, workload hardening, and server EDR.
• It also supports advanced monitoring to track and manage compliance & governance.

• Allows you to protect your resources using free or standard tiers.

Concepts

• Defender for Cloud displays the overall secure score of your account. The higher the score, the lower the identified risk level.
• Recommendations help you remediate potential security vulnerabilities in your Azure resources.
• Security controls help you implement a set of security recommendations. After you remediate all of the recommendations, it will reflect in your overall security score.
• To help in complying with the security requirement of your organization, you can define a security policy in your workloads.
• You can quickly investigate the problem and recommendations on how to remediate an attack using security alerts.
• Just-in-Time (JIT) VM access enables you to lock down inbound traffic to your Azure, AWS, and GCP virtual machines. The newer Adaptive Application Controls feature uses machine learning to create allowlists of known-safe applications, hardening VMs against malware and ransomware.
• Advanced Capabilities & Integrations:
  • AI-Powered Attack Path Analysis: Visualizes how seemingly minor security weaknesses can be chained together by an attacker to reach critical assets. It helps prioritize the highest-risk recommendations. (Generally Available).
  • Integration with Microsoft Defender External Attack Surface Management (EASM): Discovers and assesses the risk of unknown, exposed, or inadvertently public internet-facing assets that belong to your organization. (GA as an integrated solution).
  • Security for Developers: New protections are designed for the development lifecycle:
    • Microsoft Defender for DevOps: (GA) Centralizes security across GitHub and Azure DevOps repositories, providing visibility, tracking, and remediation of code vulnerabilities.
    • GitHub Advanced Security for Azure DevOps: (GA) Brings secret scanning, dependency scanning, and code scanning (SAST) natively into Azure DevOps pipelines.

Microsoft Defender for Cloud Pricing

• With Standard Tier, you are charged
  • Per hour for VMs, app services, SQL database
  • Per transactions for storage and IoT messages
  • Per month for IoT devices
  • Per image for ACR
  • Per vCore/hour for AKS

Microsoft Defender for Cloud vs Microsoft Sentinel:
https://tutorialsdojo.com/azure-security-center-vs-azure-sentinel/

Azure Security Expert Series:
https://www.youtube.com/watch?v=vxv4NyBs-80&list=PLLasX02E8BPA0ZNzg-BsHio7yTciN-UVu

Microsoft Defender for Cloud Cheat Sheet References:

https://azure.microsoft.com/en-us/services/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction