Forum Widgets
Latest Discussions
Defender for AI data storage/processing
Hi, does anyone know where the data that Defender for AI uses is processed and what data is stored and available to Microsoft? If abuse monitoring is turned off, the documentation says "Microsoft does not store the prompts and completions associated with the approved Azure subscription." If content filtering is enabled the documentation says "Noo prompts or generated content are stored in the content classifier models." https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-portal#preventing-abuse-and-harmful-content-generation But I was wondering what data is stored/processed, where this happens and if there's any documentation around this for the Defender for AI service. Could anyone point me to a page, please? Thanks, Neil.
Unable to resolve - A vulnerability assessment solution should be enabled on your virtual machines
We currently have a mix of approximately 45 Windows / Linux Servers and AVD machines which are not successfully being marked as compliant with the Defender recommendation "A vulnerability assessment solution should be enabled on your virtual machines". On the subscription level we have Defender for Servers Plan 2 enabled and Agentless Scanning CSPM enabled. Within a subscription some of the of these VMs are compliant and others are not. Their compliance state doesn't appear to have any relevance to if the Qualys or MDE extensions are installed. We have servers that are healthy that have Qualys, MDE, or none installed and are healthy. Our VMs are not using the full feature set of Defender Plan 2 as we use CrowdStrike so the Defender for Endpoint functionality of the Defender for Servers Plan 2 has been disabled, but to my knowledge this shouldn't impact Vulnerability assessments. In Security Portal it does seem that generally all the VMs that healthy for this recommendation are visible in the devices section. Whereas these 45 that are not, are either not searchable or have sensor health state "inactive". We have an Azure Policy generated to onboard devices to Vulnerability assessment using MDE.Tvm and it seems to be generally working but not for these 45 devices. The Microsoft Documentation is really unclear, what do we need to make these systems compliant?How are you presenting CSPM and CNAPP insights to your executive leadership?
Hi everyone, I'm a Cloud Security Specialist at Microsoft, working closely with Microsoft Defender for Cloud, and I wanted to start a conversation with the community — partly out of curiosity, but also to learn from your real-world experiences. When it comes to reporting cloud security posture to your executive leadership (CISO, CTO, or broader security/tech leadership), how are you presenting insights from CSPM, CNAPP, or Defender for Containers? Specifically, how do you communicate findings such as: Misconfigurations Vulnerabilities Risk exposure across your cloud environments? Are you using: Power BI dashboards to centralize and visualize the data? Manual Excel reports? The native Defender for Cloud portal? Or even exploring Microsoft Fabric for more advanced reporting scenarios? I’d love to hear how you’re turning technical insights into executive-level narratives. Do you follow a particular structure, reporting cadence, or set of best practices? Looking forward to hearing how others in the community are approaching this challenge — and how you're bridging the gap between cloud security and business strategy.Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?
discount if I already have a Microsoft Defender for Endpoint license
Hi, I am looking to explore the Microsoft Defender for Endpoint server license vs Defender for servers plan 2 licensing. We do have existing licenses available for Microsoft Defender for Endpoint server licenses and we would like to make use of this license in azure to avoid double payment of licenses. Can someone help me understand how does this credit process work? i know starting point is raising a ticket with MS. Can we get the credit if we have only spare licenses? what if i have licenses being used on onboarded servers still can i request credit? Also what is the easiest way to way to see how many Microsoft Defender for Endpoint servers license are in use right now?Defender for Cloud Inventory API Coverage — No Official Way to Retrieve Per-Resource Coverage?
I'm reaching out to the Microsoft Defender for Cloud team and the broader community because I've run into a gap that I believe others may face too — and I’m hoping for guidance or clarification. I need to programmatically retrieve a list of resources from a subscription and determine if each resource is covered by a Defender for Cloud plan. This would replicate what we see in the Azure Portal under: Microsoft Defender for Cloud > Inventory: The goal is to fetch this data via API and replicate that table — but the problem is that it seems there’s no way to retrieve the “Defender for Cloud” coverage status per resource. Here’s what I’ve tried so far: The /pricings endpoint — returns plan tiers like Free or Standard, but only for the overall subscription or service type, not individual resources. Azure Resource Graph — the properties field does not contain any Defender-related indicators that would confirm whether a specific resource is covered. My Question Does an API exist today to retrieve per-resource Defender for Cloud coverage? Is there a /coverage endpoint or equivalent that is officially supported? If anyone from the Defender for Cloud or Azure product teams can point me in the right direction, I’d truly appreciate it. Thank you!
Need help with enabling the "Security attack path" export data type in continuous export
I tried enabling the "Security attack path" via API and CMDLET using Powershell. It is not working. New-AzSecurityAutomation ` -Name $automationName ` -ResourceGroupName $resourceGroupName ` I am not sure .Which resource group we should mention here. Is it random RG in a subscription or LAW RG.it is failing in both ways. API Method $checkUrl="https://management.azure.com/subscriptions/$($subscription.Id)/resourceGroups/$resourceGroupName/providers/Microsoft.Security/automations/$automationName`?api-version=2023-12-01-preview"
Microsoft Defender for Cloud - Servers & Apps Question
Hi, while learning about the Microsoft Defender for Cloud (MDC) Cloud Workload Protection (CWP), I have seen below points. Servers: When we opt for MDC CWP for servers, I see Agentless scanning for machines and along with it below, But we already have "Carbon Black" which handles the above role of Guest Configuration agent. So, my question is, If I enroll for MDC - Cloud workload protection: As we need to have a security/defender tool installed on Azure machines (In this case Guest Configuration agent). Would this then replace "Carbon Black" as we already, have it? Or do we see this MDC - Cloud workload protection for Servers as additional apart from Carbon Black? Apps: We have our Azure Apps protected by Cloudflare and VNet Integration which are with our firewall-based routes, do we still need to enroll for App Service protection by MDC CWP. Please advise on above 2 areas. ThanksDefender for Servers
Defender for servers is part of Defender for Cloud CWP. We do not use this product, however we have interest in logging Servers both on-premise and multi cloud tenants to Sentinel workspace. Couple of ways to accomplish: Defender for Servers in passive - Since we're currently not subscribed can we get data in with ARC + AMA + Defender extension across multi cloud tenant? Objective is to NOT pay for Defender for Servers p1/p2 instead log Events for detections Azure Monitor Agent and Data Collection Rule with logging level (Common, Minimal, Custom) I've ideas on both but I'm leaning towards Defender for Servers in passive with Defender Extension and AMA. Will this automatically get charge as part of Defender for Server CWP or it flat out won't work if not enabled? I can't get straight answer on this from anyone and I don't have full blown tenant owner permission to test this. When asked there is wait time to get response from other teams. I'm interested getting data in via Defender in Passive relying and relaying partner as Defender Extension and ARC+AMA. Let me know your thoughts!DevOps Security: MDC-ADO integration through Service account
Hi All, Is it possible to integrate MDC-ADO Integration with Service Account? When I attempted to authorize ADO in MDC during the integration process, it appears to only accept individual accounts. Does anyone have insights on how to utilize a Service Account for this integration?
