Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| azure:az-500:alt:microsoft_defender_for_cloud [2022/07/23 13:59] – created mmuze | azure:az-500:alt:microsoft_defender_for_cloud [2023/03/02 16:20] (current) – [Enhanced Security Features] mmuze | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Microsoft Defender for Cloud ====== | ====== Microsoft Defender for Cloud ====== | ||
| - | | + | > Microsoft Defender for Cloud is your central location for setting and monitoring your organizations security posture. |
| + | |||
| + | * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**. | ||
| + | * The **// | ||
| + | * The **//paid tier//** is the **// | ||
| + | |||
| + | Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, | ||
| + | |||
| + | * Defender continuously assesses the security posture of environments and their resources and produces a score (based on the **Azure Security Benchmark**) for it. | ||
| + | * A **Security Posture assessment** shows how well an environment is hardened against attacks. | ||
| + | * There is also **threat detection** capability that uses real-time signals to detect threats. | ||
| + | * Defender is about identifying security vulnerabilities whereas Sentinel is about detecting threats. | ||
| + | * Defender works for Azure, other clouds and on-prem resources. | ||
| + | * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier) | ||
| + | * The free tier does not include monitoring non-Azure resources; this requires the enhanced tier of the service. | ||
| + | * **Example: | ||
| + | * Defender can trigger **// | ||
| + | * In addition to being available in the Azure portal or programmatically, | ||
| + | * **Azure Policy** provides most of the data Defender for Cloud uses for CSPM | ||
| + | * A **Log Analytics Workspace** is used just for data coming from virtual machines (i.e. WinEventLog, | ||
| + | |||
| + | ====== Enhanced Security Features ====== | ||
| + | * Enhanced security features are a paid add-on | ||
| + | * Just in time VM access | ||
| + | * Regulatory compliance dashboard and reports | ||
| + | * Alerts for real-time threat detection | ||
| + | |||
| + | ===== Alerts ===== | ||
| + | > Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment. | ||
| + | |||
| + | ===== Defender for Servers ===== | ||
| + | > Microsoft Defender for Servers is one of the enhanced security features of Microsoft Defender for Cloud. Use it to add threat detection and advanced defenses to your Windows and Linux machines whether they' | ||
| + | |||
| + | * [[https:// | ||
| + | * Alerts and vulnerability data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud | ||
| + | * There are two tiers Plan 1 and Plan 2. | ||
| + | * Defender for Servers also has features for just-in-time VM access, file integrity monitoring, ... | ||
| + | * For just-in-time VM access, JIT does not support VMs protected by Azure Firewalls controlled by Azure Firewall Manager. The Azure Firewall must be configured with Rules (Classic) and cannot use Firewall policies. | ||
| + | * JIT access requires //Defender Plan 2// | ||
| + | * JIT access requires these [[https:// | ||
| + | ====== Security Center ====== | ||
| + | |||
| + | * [[https:// | ||
| + | {{: | ||
| + | |||
| + | Ref: [[https:// | ||