Blog Post

Microsoft Defender for Cloud Blog
1 MIN READ

Microsoft Defender for Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0

JimCheng's avatar
JimCheng
Icon for Microsoft rankMicrosoft
Oct 17, 2023
 
We are thrilled to announce that Microsoft Defender for Cloud, in collaboration with the Center for Internet Security (CIS), now supports the latest CIS Azure Security Foundations Benchmark - version 2.0.0. This release also includes the new corresponding built-in policy initiative in the Azure Policy blade.  
 

 

 
Please refer to our product documentation to learn how to add CIS Azure Security Foundations Benchmark 2.0.0 to your dashboard. 
 
The release of CIS Azure Security Foundations Benchmark v2.0.0 represents a major version shift of CIS Azure benchmark product support in Azure platform. The v2.0.0 aligns with Microsoft cloud security benchmark and now encompasses over 90 built-in Azure Policies, which is a substantial leap forward compared to the previous versions. The current versions of CIS Azure Security Foundations Benchmark (v1.4.0, v1.3.0, and v1.0) will be gradually phased out from Defender for Cloud. 
 
This major release is also an outcome of a joint effort between Microsoft, the Center for Internet Security (CIS), and the broader user communities. Especially, many thanks are due to the CIS Microsoft Azure Community experts who made this effort possible:
  • Robert Burton
  • Luke Schultheis
  • Niclas Madsen
  • Steve Johnson
  • Ian McRee
 
We look forward to hear more feedback from our user community, you welcome to reach out to us at benchmarkfeedback@microsoft.com
Updated Oct 18, 2023
Version 3.0
  • AnotherNerd33's avatar
    AnotherNerd33
    Copper Contributor

    Are there going to be efforts to map the CIS M365 Foundations level 1 & level 2 to the DFC Regulatory Compliance as a 1-to-1 mapping of the M365 Defender portal's Secure Score based on all of the Defender XDR solutions?

    Likewise, the Compliance Manager's Assessments of the CIS M365 controls should also appear in this section in DFC.

    While the CIS framework for Azure is important; don't forget that M365 is also important too, it's not a complete picture without them both being gauged with 1-to-1 mapping of each control and their sub-controls.

  • 3-2-1-GoCheck Thanks for the question. 

    If you're referring to the Microsoft Defender for Cloud, it does have some free offerings (e.g. Foundational CSPM capability) while most of the offerings are not free. You can find the pricing details in this page: Pricing—Microsoft Defender | Microsoft Azure

     

    I am not clear what/how MS for StartUps offers Microsoft Defender though. Please reach out to your account manager to raise a ticket in Home  Â· Customer Self-Service (powerappsportals.com)

    Thanks, 

     

    Jim