[Last update: 09/13/2024]
This blog post has a curation of many Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender) resources, organized in a format that can help you to go from absolutely no knowledge in Microsoft Defender for Cloud, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Microsoft Defender for Cloud. On November 2nd, at Microsoft Ignite 2021, Microsoft announced the rebrand of Azure Security Center and Azure Defender for Microsoft Defender for Cloud. To learn more about this change, read this article.
Every month we are adding new updates to this article, and you can track it by checking the red date besides the topic. If you already study all the modules and you are ready for the knowledge check, follow the procedures below:
To obtain the Defender for Cloud Ninja Certificate
1. Take this knowledge check here, where you will find questions about different areas and plans available in Defender for Cloud.
2. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again.
Note: it can take up to 24 hours for you to receive your certificate via email.
To obtain the Defender for Servers Ninja Certificate (Introduced in 08/2023)
1. Take this knowledge check here, where you will find only questions related to Defender for Servers.
2. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again.
Note: it can take up to 24 hours for you to receive your certificate via email.
Modules
To become an Microsoft Defender for Cloud Ninja, you will need to complete each module. The content of each module will vary, refer to the legend to understand the type of content before clicking in the topic’s hyperlink. The table below summarizes the content of each module:
Module |
Description |
0 - CNAPP |
In this module you will familiarize yourself with the concepts of CNAPP and how to plan Defender for Cloud deployment as a CNAPP solution. |
1 – Introducing Microsoft Defender for Cloud and Microsoft Defender Cloud plans |
In this module you will familiarize yourself with Microsoft Defender for Cloud and understand the use case scenarios. You will also learn about Microsoft Defender for Cloud and Microsoft Defender Cloud plans pricing and overall architecture data flow. |
2 – Planning Microsoft Defender for Cloud |
In this module you will learn the main considerations to correctly plan Microsoft Defender for Cloud deployment. From supported platforms to best practices implementation. |
3 – Enhance your Cloud Security Posture |
In this module you will learn how to leverage Cloud Security Posture management capabilities, such as Secure Score and Attack Path to continuous improvement of your cloud security posture. This module includes automation samples that can be used to facilitate secure score adoption and operations. |
4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud |
In this module you will learn how to use the cloud security posture management capabilities available in Microsoft Defender for Cloud, which includes vulnerability assessment, inventory, workflow automation and custom dashboards with workbooks. |
5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud |
In this module you will learn about the regulatory compliance dashboard in Microsoft Defender for Cloud and give you insights on how to include additional standards. In this module you will also familiarize yourself with Azure Blueprints for regulatory standards. |
6 – Cloud Workload Protection Platform Capabilities in Azure Defender |
In this module you will learn how the advanced cloud capabilities in Microsoft Defender for Cloud work, which includes JIT, File Integrity Monitoring and Adaptive Application Control. This module also covers how threat protection works in Microsoft Defender for Cloud, the different categories of detections, and how to simulate alerts. |
7 – Streaming Alerts and Recommendations to a SIEM Solution |
In this module you will learn how to use native Microsoft Defender for Cloud capabilities to stream recommendations and alerts to different platforms. You will also learn more about Azure Sentinel native connectivity with Microsoft Defender for Cloud. Lastly, you will learn how to leverage Graph Security API to stream alerts from Microsoft Defender for Cloud to Splunk. |
8 – Integrations and APIs |
In this module you will learn about the different integration capabilities in Microsoft Defender for Cloud, how to connect Tenable to Microsoft Defender for Cloud, and how other supported solutions can be integrated with Microsoft Defender for Cloud. |
9 - DevOps Security |
In this module you will learn more about DevOps Security capabilities in Defender for Cloud. You will be able to follow the interactive guide to understand the core capabilities and how to navigate through the product. |
10 - Defender for APIs |
In this module you will learn more about the new plan announced at RSA 2023. You will be able to follow the steps to onboard the plan and validate the threat detection capability. |
11 - AI Posture Management and Workload Protection |
In this module you will learn more about the risks of Gen AI and how Defender for Cloud can help improve your AI posture management and detect threats against your Gen AI apps. |
Legend
Product videos |
Webcast recordings |
Tech Community |
Docs on Microsoft |
Blogs on Microsoft |
GitHub |
External |
Interactive guides |
|
Module 0 - Cloud Native Application Protection Platform (CNAPP)
- Improving Your Multi-Cloud Security with a CNAPP - a vendor agnostic approach
- Microsoft CNAPP Solution
- Planning and Operationalizing Microsoft CNAPP
- Understanding Cloud Native Application Protection Platforms (CNAPP)
- Cloud Native Applications Protection Platform (CNAPP)
- Microsoft CNAPP eBook
- Understanding CNAPP
Module 1 - Introducing Microsoft Defender for Cloud
- What is Microsoft Defender for Cloud?
- A New Approach to Get Your Cloud Risks Under Control
- Getting Started with Microsoft Defender for Cloud
- Implementing a CNAPP Strategy to Embed Security From Code to Cloud
- Boost multicloud security with a comprehensive code to cloud strategy
- A new name for multi-cloud security: Microsoft Defender for Cloud
- Microsoft Defender for Cloud Data Flow
- Common questions about Defender for Cloud
Module 2 – Planning Microsoft Defender for Cloud
- Features for IaaS workloads
- Features for PaaS workloads
- Built-in RBAC Roles in Microsoft Defender for Cloud
- Enterprise Onboarding Guide
- Assigning Permissions in Microsoft Defender for Cloud
- Design Considerations for Log Analytics Workspace
- Microsoft Defender for Cloud Monitoring Agent Deployment Options
- Onboarding on-premises machines using Windows Admin Center
- Understanding Security Policies in Microsoft Defender for Cloud
- Creating Custom Policies
- Centralized Policy Management in Microsoft Defender for Cloud using Management Groups
- Planning Data Collection for IaaS VMs
- Considerations for Multi-Tenant Scenario
- How to Effectively Perform an Microsoft Defender for Cloud PoC
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for Resource Manager
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for Storage
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for DNS
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for App Service
- Microsoft Defender for Cloud PoC Series - Microsoft Defender for Container Registries
- Microsoft Defender for Cloud PoC Series – Microsoft Defender CSPM
- Microsoft Defender for DevOps GitHub Connector - Microsoft Defender for Cloud PoC Series
- Grant tenant-wide permissions to yourself
- Protect non-Azure resources using Azure Arc and Microsoft Defender for Cloud
- Simplifying Onboarding to Microsoft Defender for Cloud with Terraform
Module 3 – Enhance your Cloud Security Posture
- Azure Secure Score vs. Microsoft Secure Score
- How to calculate your secure score
- How Secure Score affects your governance
- Enhance your Secure Score in Microsoft Defender for Cloud
- Security recommendations
- Resource exemption
- Customizing Endpoint Protection Recommendation in Microsoft Defender for Cloud
- How to keep track of Resource Exemptions in Microsoft Defender for Cloud
- Deliver a Security Score weekly briefing
- Send Microsoft Defender for Cloud Recommendations to Azure Resource Stakeholders
- Secure Score Over Time Reports
- Secure Score Reduction Alert
- Weekly Secure Score Progress Report
- Average Time taken to remediate resources
- Improved experience for managing the default Azure security policies
- Security Policy Enhancements in Defender for Cloud
- Create custom recommendations and security standards
- Secure Score Overtime Workbook
- Automation Artifacts for Secure Score Recommendations
- Remediation Scripts
- Security Controls in Microsoft Defender for Cloud
- Enable MFA
- Restrict Unauthorized Network Access
- Secure Management Ports
- Secure management ports demo
- Apply adaptive application control
- Enable auditing and logging
- Enable auditing and logging demo
- Remediate security configurations
- Apply system updates
- Enable endpoint protection demo
- Encrypt data in transit
- Encrypt data at rest
- Protect Applications Against DDoS Attacks
- Implement security best practices
Module 4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud
- CSPM in Defender for Cloud
- Take a Proactive Risk-Based Approach to Securing your Cloud Native Applications
- Predict future security incidents! Cloud Security Posture Management with Microsoft Defender
- Software inventory filters added to asset inventory
- Drive your organization to security actions using Governance experience
- Managing Asset Inventory in Microsoft Defender for Cloud
- Vulnerability Assessment Deployment Options
- Vulnerability Assessment Workbook Template
- Vulnerability Assessment for Containers
- Exporting Azure Container Registry Vulnerability Assessment in Microsoft Defender for Cloud
- Improvements in Continuous Export feature
- Implementing Workflow Automation
- Workflow Automation Artifacts
- Creating Custom Dashboard for Microsoft Defender for Cloud
- Using Microsoft Defender for Cloud API for Workflow Automation
- Understanding Network Map
- Using Adaptive Network Hardening
- Identify security vulnerabilities workloads managed by Microsoft Defender for Cloud
- What you need to know when deleting and re-creating the security connector(s) in Defender for Cloud
- Connect AWS Account with Microsoft Defender for Cloud
- Connect GCP Account with Microsoft Defender for Cloud
- All You Need to Know About Microsoft Defender for Cloud Multicloud Protection
- Custom recommendations for AWS and GCP
- Azure Monitor Workbooks integrated into Microsoft Defender for Cloud and three templates provided
- How to Generate a Microsoft Defender for Cloud exemption and disable policy report
- Cloud security posture and contextualization across cloud boundaries from a single dashboard
- Best Practices to Manage and Mitigate Security Recommendations
- Defender CSPM
- Defender CSPM Plan Options
- Cloud Security Explorer
- Identify and remediate attack paths
- Agentless scanning for machines
- Cloud security explorer and Attack path analysis
- Governance Rules at Scale
- Governance Improvements
- Data Security Aware Posture Management
- A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud
- Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis
- Understanding data aware security posture capability
- Agentless Container Posture
- Agentless Container Posture Management
- Microsoft Defender for Cloud - Automate Notifications when new Attack Paths are created
- Proactively secure your Google Cloud Resources with Microsoft Defender for Cloud
- Demystifying Defender CSPM
- Discover and Protect Sensitive Data with Defender for Cloud
- Defender for cloud's Agentless secret scanning for virtual machines is now generally available!
- Defender CSPM Support for GCP
- Data Security Dashboard
- Agentless Container Posture Management in Multicloud
- Agentless malware scanning for servers
- Recommendation Prioritization
- Unified insights from Microsoft Entra Permissions Management
- Defender CSPM Internet Exposure Analysis
- ServiceNow's integration now includes Configuration Compliance module (09/2024)
Module 5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud
- Regulatory compliance dashboard
- Understanding Regulatory Compliance Capabilities in Microsoft Defender for Cloud
- Regulatory Compliance dashboard and security benchmark
- Adding new regulatory compliance standards
- Regulatory Compliance workbook
- Regulatory compliance dashboard now includes Azure Audit reports
- Microsoft cloud security benchmark: Azure compute benchmark is now aligned with CIS!
- Updated naming format of Center for Internet Security (CIS) standards in regulatory compliance
- CIS Azure Foundations Benchmark v2.0.0 in regulatory compliance dashboard
- Spanish National Security Framework (Esquema Nacional de Seguridad (ENS)) added to regulatory compliance dashboard for Azure (09/2024)
Module 6 – Cloud Workload Protection Platform Capabilities in Microsoft Defender for Clouds
- Understanding Just-in-Time VM Access
- Implementing JIT VM Access
- Automate JIT VM Access Deployment with PowerShell
- File Integrity Monitoring in Microsoft Defender
- Define known-safe applications using Adaptive Application Control
- Understanding Threat Protection in Microsoft Defender
- Microsoft Defender for Servers
- Demystifying Defender for Servers
- Onboarding directly (without Azure Arc) to Defender for Servers
- Agentless secret scanning for virtual machines in Defender for servers P2 & DCSPM
- Vulnerability Management in Defender for Cloud
- File Integrity Monitoring using Microsoft Defender for Endpoint (09/2024)
- Microsoft Defender for Network Layer
- Microsoft Defender for Containers
- January 2022 Updates for Defender for Containers
- Demystifying Microsoft Defender for Containers
- Basics of Defender for Containers
- Secure your Containers from Build to Runtime
- AWS ECR Coverage in Defender for Containers
- Upgrade to Microsoft Defender Vulnerability Management
- End to end container security with unified SOC experience
- Binary drift detection episode (09/2024)
- Binary drift detection (09/2024)
- Microsoft Defender for Storage
- Microsoft Defender for SQL
- Microsoft Defender for SQL and the Vulnerability Assessment (VA)
- Microsoft Defender for SQL Anywhere
- Defender for Open-Source Relational Databases Multicloud (09/2024)
- Microsoft Defender for KeyVault
- Microsoft Defender for AppService
- Microsoft Defender for IoT
- Microsoft Defender for Resource Manager
- Understanding Security Incident
- Security Alert Correlation
- Alert Reference Guide
- 'Copy alert JSON' button added to security alert details pane
- Alert Suppression
- Simulating Alerts in Microsoft Defender for Cloud
- Integration with Microsoft Defender for Endpoint
- Resolve security threats with Microsoft Defender for Cloud
- Protect your servers and VMs from brute-force and malware attacks with Microsoft Defender for Cloud
- Investigating Microsoft Defender for Cloud alerts using Azure Sentinel
- Service Layer Protection - Microsoft Defender for Resource Manager and DNS
- Azure Arc and Azure Microsoft for Kubernetes
- Filter security alerts by IP address
- Alerts by resource group
- Defender for Servers Security Alerts Improvements
Module 7 – Streaming Alerts and Recommendations to a SIEM Solution
- Continuous Export capability in Microsoft Defender for Cloud
- Deploying Continuous Export using Azure Policy
- Connecting Microsoft Sentinel with Microsoft Defender for Cloud
- Closing an Incident in Azure Sentinel and Dismissing an Alert in Microsoft Defender for Cloud
- Accessing Microsoft Defender for Cloud Alerts in Splunk using Graph Security API Integration
- Microsoft Sentinel bi-directional alert synchronization
Module 8 – Integrations and APIs
- Integration with Tenable
- Integrate security solutions in Microsoft Defender for Cloud
- Defender for Cloud integration with Defender EASM
- Defender for Cloud integration with Defender TI
- REST APIs for Microsoft Defender for Cloud
- Obtaining Secure Score via REST API
- Using Graph Security API to Query Alerts in Microsoft Defender for Cloud
- Automate(d) Security with Microsoft Defender for Cloud and Logic Apps
- Automating Cloud Security Posture and Cloud Workload Protection Responses
Module 9 – DevOps Security
- Overview of Microsoft Defender for Cloud DevOps Security
- DevOps Security Interactive Guide
- Configure the Microsoft Security DevOps Azure DevOps extension
- Configure the Microsoft Security DevOps GitHub action
- Automate SecOps to Developer Communication with Defender for DevOps
- Compliance for Exposed Secrets Discovered by DevOps Security
- Automate DevOps Security Recommendation Remediation
- DevOps Security Workbook
- Remediating Security Issues in Code with Pull Request Annotations
- Code to Cloud Security using Microsoft Defender for DevOps
- GitHub Advanced Security for Azure DevOps alerts in Defender for Cloud
- Securing your GitLab Environment with Microsoft Defender for Cloud
- Bridging the Gap Between Code and Cloud with Defender for Cloud
Module 10 – Defender for APIs
- What is Microsoft Defender for APIs?
- Onboard Defender for APIs
- Validating Microsoft Defender for APIs Alerts .
- API Security with Defender for APIs
- Microsoft Defender for API Security Dashboard
- Exempt functionality now available for Defender for APIs recommendations
- Create sample alerts for Defender for APIs detections
- Defender for APIs reach GA
- Increasing API Security Testing Visibility
Module 11 – AI Posture Management and Workload Protection
- Secure your AI applications from code to runtime with Microsoft Defender for Cloud
- AI security posture management
- AI threat protection
- Secure your AI applications from code to runtime (09/2024)
Are you ready to take your knowledge check? If so, click here. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again.
Note: it can take up to 24 hours for you to receive your certificate via email.
Other Resources
- Microsoft Defender for Cloud Interactive Guide
- Microsoft Defender for Cloud Labs
- Become an Microsoft Sentinel Ninja
- Become an MDE Ninja
- Cross-product lab (Defend the Flag)
- Release notes (updated every month)
- Important upcoming changes
Have a great time ramping up in Microsoft Defender for Cloud and becoming a Microsoft Defender for Cloud Ninja!!
Reviewer:
- Tom Janetscheck, Senior PM