Getting started with Defender for Cloud

Hi All,

Welcome to my first blog in a series of blogs all covering parts of Defender for Cloud and connecting resources to this solution.

If you think wait what, I have heard about Security Center, so what is this? Last year Microsoft rebranded the security suits to defender naming conventions, so your former Azure Security Center is now Defender for Cloud.

Ignite 2021: Microsoft Defender for Cloud news

Before we start deploying, lets take a look at what Defender for cloud is, and what it brings for our environment.

What Microsoft says about it:

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises:

• Defender for Cloud secure score continually assesses your security posture so you can track new security opportunities and precisely report on the progress of your security efforts.
• Defender for Cloud recommendations secures your workloads with step-by-step actions that protect your workloads from known security risks.
• Defender for Cloud alerts defends your workloads in real-time so you can react immediately and prevent security events from developing.

So in we now know we have a central dashboard that keeps can provide recommendations on how to increase our security and provide alerts when things go wrong.

Besides you can connect with AWS and GCP, off course you want to know what Azure resources can be protected with Defender for Cloud.

Currently the following resources can be protected from Defender for Cloud:

• Microsoft Defender for Servers
• Microsoft Defender for Storage
• Microsoft Defender for SQL
• Microsoft Defender for Containers
• Microsoft Defender for App Service
• Microsoft Defender for Key Vault
• Microsoft Defender for Resource Manager
• Microsoft Defender for DNS
• Microsoft Defender for open-source relational databases
• Microsoft Defender for Azure Cosmos DB

Okay great, I can start protecting my Azure environment, but the CFO wants to know the cost.

Great thing about Defender for Cloud is that you pay only for the resources that you wish to protect with Defender for Cloud making it really flexible to optimize cost.

Current prizing is as below in US Dollars:

To start with today, we will enable Defender for cloud and look how can manage what to protect. Microsoft now provides you with a 30 trail version so you can start and play around with cost. You will have to enable Defender for Cloud on Subscription level, this also is the first level where you can select what and what not to protect. For example you can protect you Production subscription but exclude your sandbox.

Here you will see we have enabled Defender for Cloud for 1 Azure Subscription, and not (yet) other cloud providers. Also by default all resource types that can be protected within this subscription will get enabled.

When we select the subscription we can than toggle if we want to defend all those resource types.

Here you will see that i have 1 VM and 2 Storage accounts ready to be protected by Defender for Cloud.

Last bit to cover for today are the Email notification that you will see on left hand side.

Here we can select who will get mail notification from defender for this subscription (Owner, ServiceAdmin, AccountAdmin, Contributor) add additional mail addresses, for example you servicedesk mail to generate a ticket and the level when the mail has to be sent (High, Medium, Low)

Now we are good to go to protect our Azure resource you will have to wait till my next blog where we setup the connection with a VM.

Hope the information was useful and see back at one of the other blogs.