This article has not been completed yet. However, it may already contain helpful Information and therefore it has been published at this stage.
What is Microsoft Defender for Cloud? (formerly Azure Security Center and Azure Defender)
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and cloud workload protection solution that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multicloud and hybrid environments from evolving threats.
Defender for Cloud meets three key requirements when managing the security of your resources and workloads in the cloud and on-premises:
How to start:
To avoid unnecessary costs in a first step, we deactivate all services again (although the first 30 days are free).
Without enhanced security features (Free) - Defender for Cloud is enabled for free on all your Azure subscriptions when you visit the workload protection dashboard in the Azure portal for the first time, or if enabled programmatically via API. Using this free mode provides the secure score and its related features: security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
Below you will find an example of a Secure Score with the corresponding recomendations:
The introduction of MFA (multi-factor authentication) is producing a big impact.
Considering a hybrid use case, OnPrem machines can also be monitored using Microsoft Defender for Cloud.
The precondition for this is an installed MMA / OMS agent (Windows / Linux, depending on the operating system) that reports to a log analytics workspace.
The number of safety-related events can be limited by adopting one of the available categories.