Blog Post

Microsoft Defender for Cloud Blog
3 MIN READ

Monthly news - March 2023

StanislavBelov's avatar
Mar 06, 2023

Microsoft Defender for Cloud

Monthly news

March 2023 Edition

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from February 2023.

Legend:
Product videos Webcasts (recordings) Docs on Microsoft Blogs on Microsoft
GitHub External content Product improvements Announcements
 Microsoft Defender for Cloud
Watch two new episodes of the Defender for Cloud in the Field show about Defender for Servers and Governance capabilities improvements.
An improved version of the cloud security explorer includes a refreshed user experience that removes query friction dramatically, added the ability to run multicloud and multi-resource queries, and embedded documentation for each query option. The Cloud Security Explorer now allows you to run cloud-abstract queries across resources. You can use either the pre-built query templates or use the custom search to apply filters to build your query.
Microsoft Defender for Cloud Labs have been updated and now include the new Defender CSPM capabilities. Our labs project help you get ramped up with Microsoft Defender for Cloud and provide hands-on practical experience for product features, capabilities, and scenarios.
A new community workbook "Active Recommendations" has been added to the Defender for Cloud's library. This workbook will show active recommendations including the time it has been open for a particular resource. It's available with Foundational CSPM (no need to have Defender CSPM enabled) and allows to filter by severity and cloud environment.
Learn how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency.
Threat actors use tools to exfiltrate sensitive information from exposed storage resources open to unauthenticated public access. This process is called blob-hunting, also known as Container Enumeration on Leaky Buckets. It is a common collection tactic, easy to do, cheap to carry out, does not require authentication, and there is no shortage of open-source tools that help facilitate and automate its process. Microsoft Defender for Storage detects blob-hunting attempts and other malicious activities by monitoring unusual activities from unexpected sources.
Microsoft Defender for Cloud is a unified solution for cloud security posture management (CSPM), cloud workload protection (CWP), and DevOps security management. Customers using Microsoft Defender for Cloud may want to consume the detailed security alerts, recommendations, secure score controls, and regulatory compliance checks outside of the portal for additional analysis. This blog will walk through different scenarios and methods to retrieve Defender for Cloud data, including exporting to Security Incident Event Management (SIEM) solutions, Log Analytics workspaces, CSV files, and alternative locations via an automated script.
Defender for Containers protects your Kubernetes clusters by continuously assessing them to get visibility into misconfigurations and help mitigate identified threats. To get insight into the workload configuration on the cluster, the Azure Policy for Kubernetes is deployed as part of the Defender for Containers plan. The Azure Policy for Kubernetes extends the Gatekeeper v3 admission controller webhook for OPA. Gatekeeper is needed to check if the policy is correct before enforcing it. On Azure Kubernetes Service (AKS), it is deployed as an add-on. For Arc Enabled Kubernetes, which includes on-premises clusters and clusters hosted in Google Cloud or Amazon Web Services, it is deployed as an extension. In this blog, we will go more into detail about how Azure Policy for Kubernetes, uses Gatekeeper with OPA in the Defender for Containers plan.
Join us for an "Ask Microsoft Anything (AMA)" event to connect with members of the Defender for Cloud product group who will be on hand to answer your questions and listen to feedback.
Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Georgia Banking Company – a thriving fast growing community bank – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML.

 

 

Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe

 

Updated Mar 23, 2023
Version 10.0
No CommentsBe the first to comment