Microsoft Defender for Cloud | Microsoft Community Hub

Pinned Posts

Safeguard AI applications with Microsoft Defender for Cloud
Mar 21, 2025
Heather_Poulsen

Forum Widgets

Latest Discussions

How do I get the SOC 2 Report?
Hi, I need to Download the SOC 2 Report from Azure (App Services), however, it seems I don't have it in here, how do I get the SCO 2 Report?
Natan1310
Copper Contributor
Dec 16, 2020
80KViews
0likes
7Comments
Deploying and Onboarding 2008 R2
Hi all, We purchased Defender for Business Servers, and i need to install it on some 2008 R2 servers. There is no Defender for Endpoint software, so following the guides, i only have to install the MMA, but then how i know my server is protected? i need to enroll it at azure? Our servers are on-premise, and i don't know if i need to use Azure Arc (i need to pay?), anyone is using Defender for Windows Servers (On-Premise) with 2008 R2 version? Thanks in advance
Solved
jriaza
Copper Contributor
Mar 23, 2023
Azure Defender for Servers
microsoft defender for endpoint
threat protection
49KViews
0likes
7Comments
New Blog Post | Microsoft Defender PoC Series – Defender CSPM
Microsoft Defender PoC Series – Defender CSPM - Microsoft Community Hub This Microsoft Defender for Cloud PoC Series provides guidelines on how to perform a proof of concept for specific Microsoft Defender plans. For a more holistic approach where you need to validate Microsoft Defender for Cloud and Microsoft Defender plans, please read How to Effectively Perform an Microsoft Defender for Cloud PoC article.  Cloud Security Posture Management provides organizations with a centralized view of their cloud security posture, allowing them to quickly identify and respond to security risks, ensures compliance, and allows for continuous monitoring and improvement of cloud security posture. Defender for Cloud CSPM provides organizations with a unified view of their cloud environment across multiple cloud providers, including Azure, AWS, GCP and On-premises. Defender for Cloud offers CSPM in two plans: a free Foundational CSPM plan and a Premium Defender CSPM plan. To understand the capabilities of CSPM plans, please refer: Overview of Cloud Security Posture Management (CSPM) | Microsoft Learn. Defender CSPM plan, provides advanced posture management capabilities such as Attack path analysis, Cloud security explorer, Agentless Scanning, security governance capabilities, and also tools to assess your security compliance.
RobinBaldwin
Former Employee
Mar 15, 2023
cloud security
cloud security posture management
48KViews
0likes
0Comments
New Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud
Full blog post: Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub In our previous blog “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” Yuri Diogenes emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. He delved into the core elements of posture management, including monitoring secure score improvement, enforcing governance rules, and engaging in proactive hunting. Building on that discussion, we now turn our attention to the vital aspect of proactive hunting in this follow-up article. Our goal is to provide technical insights and practical tips for reducing the attack surface and minimizing the risk of compromise through proactive hunting in cloud environments. This article will demonstrate how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency. Original post: New Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub
AshleyMartin
Former Employee
Feb 22, 2023
cloud security
cloud security posture management
47KViews
0likes
0Comments
Disable MFA 14 day grace period?
Hi, Just looking for some advice here... Is it possible to disable/remove the 14 day "grace period" for MFA registration for new users? Premium subscription being used. Customer wants all new users to be forced to set up MFA when they first log in and not allow them to skip for 14 days. I can't find anywhere to disable this? Security defaults is not enabled. A 3rd party service is being used for SSPR. Thanks.
luke_m137
Copper Contributor
Oct 20, 2021
40KViews
0likes
7Comments
Force a refresh on the Security Policy
Hello there, Is it possible to force a refresh on the Security Policy or a single recommendation once changes have been made to correct the security alert?
Solved
Gunter Danzeisen
Brass Contributor
Sep 12, 2019
30KViews
0likes
9Comments
[Announcement] Azure Defender integration with MDE for Windows Server 2019
We are happy to share that Azure Defender integration with MDE (Microsoft Defender for Endpoint) for Windows Server 2019 and Windows 10 Multi-Session (formerly Enterprise for Virtual Desktops (EVD) is now available for Public Preview! What is MDE and what does the integration include ? Microsoft Defender for Endpoint is a holistic, cloud delivered endpoint security solution. Its main features are: Risk-based vulnerability management and assessment Attack surface reduction Behavioral based and cloud-powered protection Endpoint detection and response (EDR) Automatic investigation and remediation Managed hunting services Microsoft Defender for Endpoint provides: Advanced post-breach detection sensors. Defender for Endpoint's sensors for Windows machines collect a vast array of behavioral signals. Analytics-based, cloud-powered, post-breach detection. Defender for Endpoint quickly adapts to changing threats. It uses advanced analytics and big data. It's amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly. Threat intelligence. Defender for Endpoint generates alerts when it identifies attacker tools, techniques, and procedures. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners. The integration of Microsoft Defender for Endpoint with Security Center let’s customers benefit from the following additional capabilities: Automated onboarding. Security Center automatically enables the Microsoft Defender for Endpoint sensor for all Windows servers monitored by Security Center. Single pane of glass. The Security Center console displays Microsoft Defender for Endpoint alerts. To investigate further, customers can use Microsoft Defender for Endpoint's own portal pages where they will see additional information such as the alert process tree and the incident graph. They can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.
StanislavBelov
Microsoft
Feb 23, 2021
21KViews
2likes
12Comments
Communication with suspicious random domain name (Preview)
Hi All So we are seeing multiple alerts via Azure Security Centre for the following Communication with suspicious random domain name (Preview) The alerts show that various assets connected to our domain are querying via our DNS server various nefarious looking domain names such as 25jimj.qgxouyclggk.com and 3dde4b.zbrjtstrclnm.com In all of these cases we can see that the asset has connected to various IP addresses that are registered to amazon. We seee multiple hits to amazon and then we see hits to these random domains. The alert points us to the following https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2021-07-07T08%3a33%3a40&reportName=MSTI-TS-DNS-Changer.pdf&tenantId=c4a31167-4b24-47e3-a4b4-93d92097a1e3&urlCreateDateTime=2021-07-07T08%3a33%3a40&token=6WEIykYGq3uD81RbTof8TYiRqAqA91erSiZwWuAM0l0= We run virus scans on these machines and no malware or issues are being reported. This alert is in preview so very little online about the alert itself. Does anyone on here know much about this alert? How concerned should we be? These assets themselves are onboarded onto Defender but this activity does not trigger any alert.
ragnar667
Copper Contributor
Sep 29, 2021
16KViews
0likes
5Comments
Possible to Disable Defender on individual Storage Accounts?
Hi folks, The gist is that we have Azure Defender enabled at a Subscription level. With that comes Advanced Threat Protection for Storage Accounts which is charged per transaction within those Storage Accounts. We have four storage accounts out of 176 that are very highly transactional and the monthly billing for Advanced Threat Protection is close to $1,000. They are internal storage accounts with very limited public exposure so we are not worried about threats within those transactions. Our ideal scenario would be to keep Defender enabled at the subscription level for all of our Storage accounts and all future storage accounts but not be billed for (or use) Advanced Threat Protection. It seems like this cmdlet: https://docs.microsoft.com/en-us/powershell/module/az.security/disable-azsecurityadvancedthreatprotection?view=azps-6.3.0 Should do the job, but it does not. Either it does not disable ATP or it does not disable the billing. In either of those cases it does not do what we need. After 2.5 months or trying to work through it the only option I have been given is to disable Defender at the Subscription level for all of our Storage Accounts, and then re-enable the 172 storage accounts that we do want Defender for individually via PS. That will and does work, but it will require overhead on our part to ensure they all stay enabled and that any future accounts are enabled by the creator and none get missed. Do we have any other avenues to suppress Advanced Threat Protection on a subset of accounts within a Subscription?
Solved
CSP_MO
Copper Contributor
Sep 09, 2021
15KViews
0likes
11Comments
ASC Security Policies & Compliance Wording
Hi all I have some questions i don't find clear answers in the documentation, so i hope you may share your insights here. First, I don't see how the regulatory compliance impact the secure score? Some of them are in the recommendations, some of them are not. Second, what's actually the difference between the Azure CIS 1.1.0 and the Azure Benchmark? And how they are connected with Azure Policy? Additionally, i though the ASC recommendations are based on Azure Policy, but then i read also that they are based on Benchmarks? 4th thing: Is it possible to e.g. set up one of the policies from ASC Default in that way that it only monitor it for a specific resource group? Let's say I want that one of that ASC default policies regarding VM security (e.g. Disk encryption on VM's) only monitor a specific resource group. How can i handle that? I tried to add custom initiatives with a defined scope for a specific resource but then there are no recommendations. Thank you in advance
Solved
GlavniArhivator
Copper Contributor
Aug 04, 2020
azure policy
15KViews
1like
13Comments

Resources

Tags

cloud security98 Topics
cloud security posture management37 Topics
security33 Topics
Azure Defender for Servers26 Topics
microsoft defender for endpoint26 Topics
azure25 Topics
threat protection20 Topics
vulnerabilities17 Topics
best practices13 Topics
security controls12 Topics