Forum Widgets
Latest Discussions
Azure Security Center Webinar: Secure Score
Want to learn about Secure Score in Azure Security Center? Join our webinar. Details and registration at https://aka.ms/ASCSSWebinar. Azure Secure Score is a simple but elegant tool that will help you improve your infrastructure security by identifying and ranking the highest impact configuration changes you can make. We have recently introduced tools such as "virtual analyst" which enable you to increase your Secure Score in an automated fashion. More details can be found at https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score. We are hosting two identical sessions at the following times: Tuesday, September 10, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT, and Wednesday, September 11, 2019 at 09:00 GMT / 11:00 CEST / 17:00 HKT Afterward, recordings will be posted to https://aka.ms/ASCRecordings. We hope you’ll join us!Defender for Cloud - Workload Protection features per Workload ?
I've been thinking about all the current Protection Use cases of Defender for Cloud (Mar/22). There is support for many cloud-native workloads so a bird's eye view of what can be achieved on each is quite welcome I believe. So I've scoured the public official docs and made a chart of some of the capabilities per workload. I don't know if there's a better, public and official document on this? This is what I found out in my own research: The list of Workloads was retrieved from the official Microsoft docs page. For each Workload’s Protection Use cases, the official public docs file was referenced. There are nuances for supported controls per platform so be sure to check the sources for all details. Information updated on Mar 2022. All Information contained in here must always be checked against the latest documentation. For a Complete list of all alerts generated by Defender for Cloud, per workload with reference of MITRE ATT&CK’s tactics, check out this official doc. source: Microsoft Defender for servers — the benefits and features | Microsoft Docs source: Container security with Microsoft Defender for Cloud | Microsoft Docs source: Microsoft Defender for App Service — the benefits and features | Microsoft Docs source: Microsoft Defender for Storage — the benefits and features | Microsoft Docs Source: Reference table for all security alerts in Microsoft Defender for Cloud | Microsoft Docs Source: Reference table for all security alerts in Microsoft Defender for Cloud | Microsoft Docs Source: Microsoft Defender for DNS — the benefits and features | Microsoft Docs Source Azure SQL: Enable database protection for your subscription — Microsoft Defender for Azure Cosmos DB | Microsoft Docs Source SQL Servers on Machines: Enable database protection for your subscription — Microsoft Defender for Azure Cosmos DB | Microsoft Docs Source: Microsoft Defender for open-source relational databases — the benefits and features | Microsoft Docs Source: Overview of Defender for Azure Cosmos DB — Microsoft Defender for Azure Cosmos DB | Microsoft DocsCall for input : Automatic remediation and Custom policies
Hi! -Do you want to automatically remediate a security center recommendation? Auto remediation allows you to simply remediate unhealthy resources automatically -Do you want to surface your own custom Azure policy in Security Center? Adding a custom policy you created in Azure policy and surface it in Azure Security center portal. If you are interested in these features , we are in the design phase and would very much appreciate your input! If you are willing to have a call to share your thoughts and requirements on these topics please contact me miril@micorsoft.com or reply to this message. Thanks in advance for your cooperation! Miri LandauWelcome to the Azure Security Center community forum
Welcome to the Azure Security Center community forum! Join us to share questions, thoughts, and ideas about Azure Security Center and receive answers from the diverse Security Center community. Our community is here to assist you with any questions or challenges you may have. This forum is part of the Security Center community platforms, including the GitHub repository for sharing code, and a blog for keeping up-to-date with news and how-to-guides. Get involved in any of the following community platforms: Azure Security Center GitHub repository Azure Security Center Blog Features Suggestions To learn more about Azure Security Center, see the: Product description and introduction Security Center documentation Feel free to post any questions, comments, or requests here. Best regards, Azure Security Center team
Filter/Exclude VMSS instances from Defender
We run Microsoft365 Defender for a variety of things, including endpoint and VM scanning. One annoyance we experience is that we can't find an easy way to filter out (or suppress entirely) Defender's scanning (or the results of that scanning) of instances in Virtual Machine Scale Sets that run our self-hosted Azure DevOps agents. My question is-- have others encountered this and do they have ideas for how to make this data more manageable? To explain a little more - we generally like that Defender scans our VM instances in Azure using "agentless" scanning, but there is one situation that leads to a lot of noise. We run a VMSS that hosts our Azure DevOps agents following https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/scale-set-agents?view=azure-devops. These agents are run on "ephemeral" VMs that scale in and out depending on how many jobs are running. Any given VM won't exist for more than about 12 hours max and the images on which these VMs are based are rebuilt once a week. Accordingly in a given week, we might have several hundred (or more) VM instances that are created and torn down. The problem is that each of these now gets an entry in Defender which leads to a lot of noise in the analyses. In general, we don't mind being able to see reports on these VMs but they aren't really a priority due to the ephemeral nature of both the instances and the images on which they are built. We have looked into using tagging to filter them out but apparently https://stackoverflow.com/questions/53370880/individually-tag-instance-in-azure-vmss, and tags that are applied to the VMSS itself don't get picked up by Defender. Does anyone have any ideas for how to sanitize/normalize our Defender dashboards/reports against this type of workflow? The ideal would be an easy way to hide this information unless we explicitly want to see it, but I would also except a reliable way to not have it reported at all for this VMSS.
Admin accounts and Defender email alerts
This must be a common scenario - Our admin accounts don't have mailboxes associated for obvious reasons. Mailboxes are for normal users but Microsoft says the Defender for Cloud apps alerts are sent to Admin account's email address. This doesn't make sense. How can this be sorted ? What are the workarounds others are using? Thank you! Kev
Monitor files that contain passwords saved on OneDrive, SharePoint or Exchange.
Hi everyone. I need to create DLP rule on Purview and Policy alert on Defender if user trying save files that contain passwords saved on Onedrive, sharepoint and Exchange. I tryed use many diferent Expression regular, but i recive error into the Microsoft Plataform. Someone else made something close?Announcing our Microsoft Defender for Cloud AMA on August 16th!
Join us on Wednesday 8/16 at 9:00AM PST for an AMA (Ask Microsoft Anything) with the Microsoft Defender for Cloud team! This will be a text-based live hour of answering all your questions relating to the product. Please join us to learn more about: Microsoft's point of view on the Cloud Native Application Protection Platform(CNAPP). Microsoft's new innovation in Multicloud(GCP) Posture Management in Defender Cloud Security Posture Management(CSPM). How to leverage Microsoft Defender for Cloud to enable multicloud compliance management. Join here: aka.ms/DefForCloudAMA Note: If you are unable to attend the live hour, you can ask your question at any time on the event page below and the team will get to it during the event.
