azure:az-500:alt:microsoft_defender_for_cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:alt:microsoft_defender_for_cloud [2023/02/08 14:43] – [Microsoft Defender for Cloud] mmuzeazure:az-500:alt:microsoft_defender_for_cloud [2023/03/02 16:20] (current) – [Enhanced Security Features] mmuze
Line 3: Line 3:
  
   * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**.   * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**.
-  * The **//free tier//** provides the //Secure Score//, continuous assessment and security recommendations.+  * The **//free/basic tier//** provides the //Secure Score//, continuous assessment and security recommendations.
   * The **//paid tier//** is the **//enhanced security//** tier.   * The **//paid tier//** is the **//enhanced security//** tier.
  
Line 14: Line 14:
   * Defender works for Azure, other clouds and on-prem resources.   * Defender works for Azure, other clouds and on-prem resources.
   * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier)   * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier)
-  * The free tier does not include monitoring non-Azure resources; this requires the Enhance tier of the service.+  * The free tier does not include monitoring non-Azure resources; this requires the enhanced tier of the service.
   * **Example:** Defender would not detect if there is a new version of an OS, but it would detect of there are critical security updates that are missing.   * **Example:** Defender would not detect if there is a new version of an OS, but it would detect of there are critical security updates that are missing.
-  * Defender can trigger **//alerts//+  * Defender can trigger **//alerts//*
-    *  In addition to being available in the Azure portal or programmatically, Security alerts and incidents are audited as events in Azure Activity Log +    * In addition to being available in the Azure portal or programmatically, Security alerts and incidents are audited as events in Azure Activity Log 
-  * **Azure Policy** provides most of the data Defender for Cloud uses +  * **Azure Policy** provides most of the data Defender for Cloud uses for CSPM 
-  * A **Log Analytics Workspace** is used just for data coming from virtual machines+  * A **Log Analytics Workspace** is used just for data coming from virtual machines (i.e. WinEventLog, syslog)
  
 ====== Enhanced Security Features ====== ====== Enhanced Security Features ======
Line 25: Line 25:
   * Just in time VM access   * Just in time VM access
   * Regulatory compliance dashboard and reports   * Regulatory compliance dashboard and reports
 +  * Alerts for real-time threat detection
 +
 +===== Alerts =====
 +> Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.
  
 ===== Defender for Servers ===== ===== Defender for Servers =====
  • azure/az-500/alt/microsoft_defender_for_cloud.1675867403.txt.gz
  • Last modified: 2023/02/08 14:43
  • by mmuze