Microsoft Defender for Cloud | Microsoft Community Hub

Pinned Posts

Safeguard AI applications with Microsoft Defender for Cloud
Mar 21, 2025
Heather_Poulsen

Forum Widgets

Latest Discussions

WEF forwarding to Azure Security Centre / Log Analytics
Hello - I am hoping this is possible and a viable option. I currently use Windows Event Forwarding (WEF) with Winlogbeat sending events off to Elasticsearch. Epic, this works great, why would i change this right? Well i want to use Azure Log Analytics for my search platform, because i enjoy KutsoQL I want to use the Azure security centre and Sentinel. I already have Office365 Signin, Audit and Mailbox logs in Azure Log Analytics. Is it possible to simply stick the OMS agent on my WEC/WEF server and send events into my Logs Analytics workspace? If not, what is the best practice (and MS Solution) for Windows Event Management and Analysis?
Solved
AndrewX
Iron Contributor
Jun 01, 2019
Log Analytics
microsoft sentinel
security
15KViews
0likes
18Comments
How to Troubleshoot GCP integration
Yesterday, We connected a GCP org to Defender for Cloud, Security Posture shows the organization and 50 projects but the score is N/A and all of them show 0 of 0. How can I troubleshoot to see what is preventing the recommendations from being performed and reported?
Solved
Dean_Gross
Silver Contributor
May 12, 2022
3.6KViews
0likes
18Comments
ASC Security Policies & Compliance Wording
Hi all I have some questions i don't find clear answers in the documentation, so i hope you may share your insights here. First, I don't see how the regulatory compliance impact the secure score? Some of them are in the recommendations, some of them are not. Second, what's actually the difference between the Azure CIS 1.1.0 and the Azure Benchmark? And how they are connected with Azure Policy? Additionally, i though the ASC recommendations are based on Azure Policy, but then i read also that they are based on Benchmarks? 4th thing: Is it possible to e.g. set up one of the policies from ASC Default in that way that it only monitor it for a specific resource group? Let's say I want that one of that ASC default policies regarding VM security (e.g. Disk encryption on VM's) only monitor a specific resource group. How can i handle that? I tried to add custom initiatives with a defined scope for a specific resource but then there are no recommendations. Thank you in advance
Solved
GlavniArhivator
Copper Contributor
Aug 04, 2020
azure policy
15KViews
1like
13Comments
Microsoft Defender for Cloud | Security alerts
Microsoft Defender for Cloud | Security alerts i am not getting any mail alerts for this how can i have configured under Environment setting subscriptions and notification
shiham_ifthikar
Copper Contributor
Sep 25, 2023
alerts
1.8KViews
0likes
12Comments
[Announcement] Azure Defender integration with MDE for Windows Server 2019
We are happy to share that Azure Defender integration with MDE (Microsoft Defender for Endpoint) for Windows Server 2019 and Windows 10 Multi-Session (formerly Enterprise for Virtual Desktops (EVD) is now available for Public Preview! What is MDE and what does the integration include ? Microsoft Defender for Endpoint is a holistic, cloud delivered endpoint security solution. Its main features are: Risk-based vulnerability management and assessment Attack surface reduction Behavioral based and cloud-powered protection Endpoint detection and response (EDR) Automatic investigation and remediation Managed hunting services Microsoft Defender for Endpoint provides: Advanced post-breach detection sensors. Defender for Endpoint's sensors for Windows machines collect a vast array of behavioral signals. Analytics-based, cloud-powered, post-breach detection. Defender for Endpoint quickly adapts to changing threats. It uses advanced analytics and big data. It's amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly. Threat intelligence. Defender for Endpoint generates alerts when it identifies attacker tools, techniques, and procedures. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners. The integration of Microsoft Defender for Endpoint with Security Center let’s customers benefit from the following additional capabilities: Automated onboarding. Security Center automatically enables the Microsoft Defender for Endpoint sensor for all Windows servers monitored by Security Center. Single pane of glass. The Security Center console displays Microsoft Defender for Endpoint alerts. To investigate further, customers can use Microsoft Defender for Endpoint's own portal pages where they will see additional information such as the alert process tree and the incident graph. They can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.
StanislavBelov
Microsoft
Feb 23, 2021
21KViews
2likes
12Comments
Can I use ASC Workflow automation to install Qualys agent?
We have the following recommendation in ASC - Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys) (Preview) - that has some VMs that need the agent. Within the recommendation I can remediate, but is there anyway to use Workflow automation to look for VMs that do not have the Qualys agent and to install it? I tried creating a Logic app and copied and pasted the remediation logic from the recommendation, but it did not work. Thx
Solved
Jeff Walzer
Iron Contributor
Mar 31, 2020
4.5KViews
0likes
12Comments
Azure Security Center and Qualys
In Ignite 2019 it was announced that ASC (standard tier) now provides vulnerability assessment solution for VMs (using Qualys) with no extra charge: "...we are announcing that the Azure Security Center Standard tier includes built-in vulnerability assessment for virtual machines for no additional fee" (https://techcommunity.microsoft.com/t5/Azure-Security-Center/Ignite-2019-releases-for-Azure-Security-Center-and-Azure/ba-p/975570) I've tried to deploy the solution by: Select the Vulnerability assessment solution should be installed on your virtual machines recommendation in ASC Click Install after selecting the relevant VMs However, going through the wizard it still asks of a Qualys license code and public key So what does the "for no additional fee" actually mean? Do you still need some sort of a Qualys license to use this? Or I'm a doing something wrong in the deployment steps?
Solved
markus_pitkaranta
Copper Contributor
Dec 30, 2019
vulnerabilities
15KViews
0likes
12Comments
Possible to Disable Defender on individual Storage Accounts?
Hi folks, The gist is that we have Azure Defender enabled at a Subscription level. With that comes Advanced Threat Protection for Storage Accounts which is charged per transaction within those Storage Accounts. We have four storage accounts out of 176 that are very highly transactional and the monthly billing for Advanced Threat Protection is close to $1,000. They are internal storage accounts with very limited public exposure so we are not worried about threats within those transactions. Our ideal scenario would be to keep Defender enabled at the subscription level for all of our Storage accounts and all future storage accounts but not be billed for (or use) Advanced Threat Protection. It seems like this cmdlet: https://docs.microsoft.com/en-us/powershell/module/az.security/disable-azsecurityadvancedthreatprotection?view=azps-6.3.0 Should do the job, but it does not. Either it does not disable ATP or it does not disable the billing. In either of those cases it does not do what we need. After 2.5 months or trying to work through it the only option I have been given is to disable Defender at the Subscription level for all of our Storage Accounts, and then re-enable the 172 storage accounts that we do want Defender for individually via PS. That will and does work, but it will require overhead on our part to ensure they all stay enabled and that any future accounts are enabled by the creator and none get missed. Do we have any other avenues to suppress Advanced Threat Protection on a subset of accounts within a Subscription?
Solved
CSP_MO
Copper Contributor
Sep 09, 2021
15KViews
0likes
11Comments
Server is still showing " Install endpoint protection solution on virtual machines"
Windows server 2019 has AMA (Azure Monitor Agent) and has Defender for Endpoint onboarded but it still showing in the recommendation to "Install endpoint protection on virtual machine" as unhealthy. Defender for endpoint is onboarded and is listed in the installed application and confirmed running. Do I have to install MMA as well? or there is something else missing to update the recommendation.
BaselFawal
Brass Contributor
Sep 02, 2022
8.8KViews
1like
10Comments
Using Logic Apps to trigger Work Items in DevOps from triggers in Azure Security Center.
Dear Colleagues, I am looking for a workflow that is triggered from anything in Azure Security Center (reccomendations first) to a new bug or issue in Azure DevOps. Right after this there is a trigger in Teams that a new item is an issue to work on. The team works in Teams and accomplished the tasking inside of Azure DevOps.
mthibodeaux
Copper Contributor
Feb 10, 2020
devops
8.7KViews
0likes
10Comments

Resources

Tags

cloud security98 Topics
cloud security posture management37 Topics
security33 Topics
Azure Defender for Servers26 Topics
microsoft defender for endpoint26 Topics
azure25 Topics
threat protection20 Topics
vulnerabilities17 Topics
best practices13 Topics
security controls12 Topics