Microsoft Defender for Cloud is your central location for setting and monitoring your organizations security posture.

• Microsoft Defender for Cloud was previously known as Azure Security Center.
• The free/basic tier provides the Secure Score, continuous assessment and security recommendations.
• The paid tier is the enhanced security tier.

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises, continually assess, secure and defend.

• Defender continuously assesses the security posture of environments and their resources and produces a score (based on the Azure Security Benchmark) for it.
  • A Security Posture assessment shows how well an environment is hardened against attacks.
  • There is also threat detection capability that uses real-time signals to detect threats.
• Defender is about identifying security vulnerabilities whereas Sentinel is about detecting threats.
• Defender works for Azure, other clouds and on-prem resources.
• JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier)
• The free tier does not include monitoring non-Azure resources; this requires the enhanced tier of the service.
• Example: Defender would not detect if there is a new version of an OS, but it would detect of there are critical security updates that are missing.
• Defender can trigger alerts
  • In addition to being available in the Azure portal or programmatically, Security alerts and incidents are audited as events in Azure Activity Log
• Azure Policy provides most of the data Defender for Cloud uses for CSPM
• A Log Analytics Workspace is used just for data coming from virtual machines (i.e. WinEventLog, syslog)

• Enhanced security features are a paid add-on
• Just in time VM access
• Regulatory compliance dashboard and reports
• Alerts for real-time threat detection

Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.

Microsoft Defender for Servers is one of the enhanced security features of Microsoft Defender for Cloud. Use it to add threat detection and advanced defenses to your Windows and Linux machines whether they're running in Azure, AWS, GCP, and on-premises environment.

• https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction
• Alerts and vulnerability data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud
• There are two tiers Plan 1 and Plan 2.
• Defender for Servers also has features for just-in-time VM access, file integrity monitoring, …
• For just-in-time VM access, JIT does not support VMs protected by Azure Firewalls controlled by Azure Firewall Manager. The Azure Firewall must be configured with Rules (Classic) and cannot use Firewall policies.
• JIT access requires Defender Plan 2
• JIT access requires these user permissions

• https://docs.microsoft.com/en-us/learn/modules/azure-security-center/3-implement-azure-security-center

Ref: https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-security-center-azure/ba-p/2155188