6. Microsoft Defender for Cloud (MDC)

MDC (Microsoft Defender for Cloud)

Ways of working

• Defender for Cloud Labs, great resource to get started and familiar https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Labs

• Deploying and Managing Microsoft Defender for Cloud as Code https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploying-and-managing-microsoft-defender-for-cloud-as-code/ba-p/3649653

• How to deploy MDC at scale - PDF https://onedrive.live.com/?authkey=%21AIzlpf%2DTsBYFMbk&cid=66C31D2DBF8E0F71&id=66C31D2DBF8E0F71%212663&parId=66C31D2DBF8E0F71%212662&o=OneUp

• How to deploy MDC at scale - Video https://www.youtube.com/watch?v=o9wHIS_QLJE

• Use Azure Policies to drive each area as you progress (work smarter, not harder)

  • Use the following policies to enable the particular Defender for Cloud plans (links below are for your Azure portal):

  • Configure Azure Defender for servers to be enabled

  • Configure Azure Defender for SQL servers on machines to be enabled
  • Configure Azure Defender for Azure SQL database to be enabled
  • Configure Azure Defender for Storage to be enabled
  • Configure Azure Defender for App Service to be enabled
  • Configure Azure Defender for DNS to be enabled
  • Configure Azure Defender for Key Vaults to be enabled
  • Configure Azure Defender for open-source relational databases to be enabled
  • Configure Azure Defender for Resource Manager to be enabled

Enable Telemetry

• How to Effectively Perform a Microsoft Defender for Cloud PoC (updated March 2022) https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/how-to-effectively-perform-a-microsoft-defender-for-cloud-poc/ba-p/516874

• Microsoft Defender for Cloud Lab http://aka.ms/MDFCLabs

• Quickstart: Enable enhanced security features https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security

Validate and Test

• Alert validation in Microsoft Defender for Cloud https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation

• Simulate Alerts in Azure VM's, Linux VM's and Kubernates https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-alerts-on-your-azure-vms-windows-

• How to validate Azure Key Vault Threat Detection alerts https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/validating-azure-key-vault-threat-detection-in-microsoft/ba-p/1220336

• Trigger a test alert for Microsoft Defender for Storage https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-test

Enable Reporting

• Tutorial: Improve your regulatory compliance https://learn.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard

• Microsoft Defender for Cloud threat intelligence report https://learn.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports

Review and Improve as needed

• Security posture for Microsoft Defender for Cloud https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

• Implement security recommendations in Microsoft Defender for Cloud https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations

• Find recommendations that can improve your security posture https://learn.microsoft.com/en-us/azure/defender-for-cloud/review-security-recommendations

Troubleshooting

• MDC Troubleshooting Guide https://learn.microsoft.com/en-us/azure/defender-for-cloud/troubleshooting-guide

• Don't forget the Community at Github: https://github.com/Azure/Microsoft-Defender-for-Cloud

  • Labs to help you get started in deployment: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Labs
  • Onboarding: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Onboarding
  • Policy: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Policy
  • Powershell Scripts: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts
  • Simulations (check it's working): https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Simulations
  • Workbooks: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workbooks
  • Workflow Automation: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation

• Defender for Cloud Communitity Repository https://github.com/Azure/Microsoft-Defender-for-Cloud

• MDC Click thru Demo https://microsofteur.sharepoint.com/:p:/t/SecurityDemos/ERgIJG3yFCZJqyPbRa0KCa8BJYNZ-7UfwEMunKiUtuSIGg?e=c2wP4K