Microsoft Defender for the cloud

Natasha Ong
This is some text inside of a div block.
4 min read

In a nutshell:

Microsoft Defender for Cloud is your trusty guardian for cloud security. It assesses, secures, and defends your cloud environment across Azure and hybrid and multi-cloud environments.

What is cloud security?

A cloud security service is a digital guardian for your stuff in the cloud, making sure it stays safe from sneaky hackers and cyber troubles. Just like you lock your front door to keep your home safe, cloud security services put locks and alarms on your digital things to protect them.

Cloud security is so important - how else can you make sure your documents, photos, business data and applications are safe when they're on the cloud?

Cloud providers like Azure are running a vault in the sky to store our treasures, but we still need a trusted guard to look after our account's security 24/7.

Microsoft Defender for Cloud

Microsoft Defender for Cloud is like your trusty guardian for cloud security. It's there to watch over your cloud environments, whether they're in Azure, other clouds like AWS, or even your on-premises systems. Its mission is to make sure your security is strong and to alert you if any cyber threats come knocking.

Image source: Microsoft Learn

Assess, Secure, and Defend

Defender for Cloud tackles three key tasks:

  1. Continuously assess: It always keeps an eye on your environment, scanning for vulnerabilities in virtual machines, container registries*, and SQL servers. You'll get a clear picture of where you might be at risk.
  • *Container registries are like secure storage spaces for container images, which are used to package and deploy applications. In Defender for Cloud, it scans container registries for vulnerabilities to ensure that the images used for deploying applications are free from security risks. This helps maintain the security of your containerised applications.
  1. Secure: It helps you lock down your resources by suggesting security best practices and checking if you're using the right security settings for any new resource. In Defender for Cloud, you can set your policies to management groups, subscriptions, and even for a whole account. A key word under Secure is the Azure Security Benchmark - the recommendations Defender for Cloud give you are reliable because they're based on this Benchmark, which is a gold standard for digital security that experts recommend.
  1. Defend: If it detects any threats lurking around, it generates security alerts. These alerts provide details on what's affected and how to fix it. Defender for Cloud also provides fusion kill-chain analysis, which means understanding a cyberattack from start to finish. It helps security experts see how an attack began, the steps it went through, and the impact it had, so they can respond effectively and prevent future attacks.

Azure-native Protection

Defender for Cloud is native to Azure, so it automatically keeps an eye on many Azure services for you.

Defender for Cloud helps you spot threats across:

  • Azure PaaS services: It can detect threats targeting Azure services including Azure App Service, Azure SQL (Azure's cloud-based SQL database service), Azure Storage Account, and more. It can even check for unusual activity in Azure activity logs, if you use the Microsoft Defender for Cloud Apps service.
  • Azure data services: It helps you organise and secure your data in Azure SQL. Plus, it gives you tips on how to fix any vulnerabilities it finds across Azure SQL and Storage services.
  • Networks: Defender for Cloud can help you fend off brute force attacks*, think of it as a digital security bouncer! You can also help make your network super strong against unnecessary access by reducing access to virtual machine ports** and using the just-in-time*** VM access. You can set secure access policies (and even set time limits with these) on selected ports for only authorised users, allowed source IP address ranges**** or IP addresses.
*Brute force attacks are like digital "guessing games" where attackers repeatedly try different combinations of usernames and passwords to gain unauthorised access to a system.
**Virtual machine ports are like digital doors that allow communication into and out of virtual machines. Defender for Cloud helps you secure your virtual machines by reducing access to these ports, making it harder for unauthorised users or attackers to breach your VMs. It provides an extra layer of protection for your virtual infrastructure.
***Just-in-time VM access is a security practice that allows you to control and restrict access to virtual machines for authorised users only. With Defender for Cloud, you can set access policies that specify when and for how long certain users or IP addresses are allowed access to specific VM ports, reducing the risk of unauthorised access and potential attacks.
****Allowed source IP addresses or ranges in Defender for Cloud enables you to specify which IP addresses or IP address ranges are permitted to access your network or resources. By defining these allowed sources, you can restrict access to your Azure resources, adding an extra layer of security to prevent unauthorised access from other locations or potential threats.

What if I have a hybrid environment?

Not only does Defender for Cloud guard your Azure environment, it can also protect your non-Azure servers in a hybrid setup. You'll get customised threat alerts tailored to your unique setup.

To extend protection to on-premises machines, you can bring in Azure Arc (we'll dive deep into this soon!) and activate Defender for Cloud's enhanced security.

What if I have a multi-cloud environment?

If you're using multiple cloud providers like AWS and Google Cloud Platform, Defender for Cloud can still have your back. For example, if you've connected your AWS account to an Azure subscription, you can protect your AWS resources alongside your Azure ones using the same Defender for Cloud services, making Azure a universal security shield.