Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:alt:microsoft_defender_for_cloud [2023/02/07 19:08] – mmuze | azure:az-500:alt:microsoft_defender_for_cloud [2023/03/02 16:20] (current) – [Enhanced Security Features] mmuze | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**. | * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**. | ||
| - | * The **//free tier//** provides the //Secure Score//, continuous assessment and security recommendations. | + | * The **//free/ |
| + | * The **//paid tier//** is the **// | ||
| Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, | Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, | ||
| * Defender continuously assesses the security posture of environments and their resources and produces a score (based on the **Azure Security Benchmark**) for it. | * Defender continuously assesses the security posture of environments and their resources and produces a score (based on the **Azure Security Benchmark**) for it. | ||
| - | * **Security** Posture assessment how well and environment is hardened against attacks. | + | * A **Security Posture assessment** shows how well an environment is hardened against attacks. |
| * There is also **threat detection** capability that uses real-time signals to detect threats. | * There is also **threat detection** capability that uses real-time signals to detect threats. | ||
| * Defender is about identifying security vulnerabilities whereas Sentinel is about detecting threats. | * Defender is about identifying security vulnerabilities whereas Sentinel is about detecting threats. | ||
| * Defender works for Azure, other clouds and on-prem resources. | * Defender works for Azure, other clouds and on-prem resources. | ||
| * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier) | * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier) | ||
| - | * The free tier does not include monitoring non-Azure resources; this requires the Enhance | + | * The free tier does not include monitoring non-Azure resources; this requires the enhanced |
| * **Example: | * **Example: | ||
| - | * **Azure Policy** provides most of the data Defender for Cloud uses | + | |
| - | * A **Log Analytics Workspace** is used just for data coming from virtual machines | + | * In addition to being available in the Azure portal or programmatically, |
| + | | ||
| + | * A **Log Analytics Workspace** is used just for data coming from virtual machines | ||
| ====== Enhanced Security Features ====== | ====== Enhanced Security Features ====== | ||
| * Enhanced security features are a paid add-on | * Enhanced security features are a paid add-on | ||
| + | * Just in time VM access | ||
| + | * Regulatory compliance dashboard and reports | ||
| + | * Alerts for real-time threat detection | ||
| + | |||
| + | ===== Alerts ===== | ||
| + | > Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment. | ||
| ===== Defender for Servers ===== | ===== Defender for Servers ===== | ||