Event banner
Event details
16 Comments
- Trevor_Rusher
Community Manager
Thank you for watching this session! We would love to hear your feedback on this event, tell us what you thought here: https://aka.ms/TechAccelSurvey2 - Heather_Poulsen
- Trevor_Rusher
Thanks for joining us today! We’ll continue to answer questions here in the chat for the rest of the hour and we’ll check back through the end of the week. Thanks to everyone who was able to join us live - and to those catching up on demand!
That concludes the Microsoft Secure Tech Accelerator! Thank you so much for participating! Remember you can revisit all the sessions on-demand whenever you'd like from the main event page here.
- Trevor_RusherHope you are enjoying this deep dive into Defender for Cloud. What do you like about this event? Share your feedback here in the Comments and help shape the direction of our future events on the Tech Community!
- it would be helpful if the system showed who actually tried to upload a file that was blocked. we need to know who to talk with to find out what happened.
- Inbal_Argov
Microsoft
Hi Dean, we agree - that's a must. We're working on adding source IP and authentication method used, and you'll see it included very soon. - Fernanda_Vela
In the security alert "Potential malware uploaded to a storage blob container" we include:
- Azure AD user
- Authentication type
- how do you recommend MSSPs think about providing services associated with the MDC Attack Path functionality
- giulioastori
You can leverage the MDC Attack Path analysis functionality to offer enhanced security services to your customers. Here are some recommendations for how you can approach providing services associated with the MDC Attack Path analysis functionality:
-
Understand your customer's security requirements: Before offering any security service, it's important to understand your customer's security requirements. The MDC Attack Path analysis functionality can help you identify potential attack paths that could be used to target your customer's cloud resources. Use this information to develop a customized security plan that meets your customer's specific needs.
-
Configure and deploy MDC: To use the MDC Attack Path analysis functionality, you'll need to configure and deploy MDC within your customer's cloud environment. Work with your customer's IT team to ensure that MDC is deployed correctly and that the relevant resources are being monitored.
-
Conduct regular Attack Path analysis: Once MDC is up and running, conduct regular Attack Path analysis to identify potential vulnerabilities and attack paths. Use this information to prioritize security actions and proactively mitigate risks before they can be exploited.
-
Provide remediation recommendations: As part of your services, provide remediation recommendations based on the Attack Path analysis. This can include recommendations for adjusting security policies, reconfiguring cloud resources, and implementing additional security controls.
-
Monitor and report on progress: Finally, monitor and report on progress to demonstrate the effectiveness of your services. Provide regular reports on the status of the Attack Path analysis, any remediation actions taken, and the overall security posture of your customer's cloud environment.
- Lara_Goldstein+1 to Giulio's response. At the end of the day, the goal should be to resolve all discovered attack paths.
-
- May we get some guidance on implementing Defender for Cloud and integrating it with other Defender products (like M365 Defender, Endpoint, and Azure Servers)? The scope would be medium size companies between 500 to 1000 users as far as scope.
- Dick_Lake
Hi. To your point about Azure Servers, Defender for Servers is a component of Defender for Cloud that can be enabled and automatically integrates with Defender for Cloud. Defender for Servers is a consumption based plan, so we don't care about the number of users or licenses you have. Defender for Servers also plays nicely with the MDE portal so you can see all of your Servers and workstations in the same portal.
- giulioastori
Here are some guidance steps to help you implement Defender for Cloud and integrate it with other Defender products:
-
Assess your organization's security needs: Before you begin implementing Defender for Cloud, it's important to assess your organization's security needs. Consider the types of cloud resources you're using, the level of risk associated with each resource, and the potential impact of a security breach.
-
Plan your implementation: Once you've assessed your security needs, you can start planning your implementation. This should involve identifying the specific Defender for Cloud features that are relevant to your organization and determining how you'll configure and deploy the solution.
-
Deploy Defender for Cloud: With your implementation plan in place, you can start deploying Defender for Cloud.
-
Integrate with other Defender products: Defender for Cloud can be integrated with other Defender products, such as M365 Defender, Endpoint, and Servers. Integration enables you to streamline your security operations and gain a more comprehensive view of your organization's security posture.
-
Monitor and manage Defender for Cloud: Once Defender for Cloud is up and running, it's important to monitor and manage the solution on an ongoing basis. This involves keeping an eye on security alerts, investigating potential threats, and taking action to mitigate risks as they arise.
For medium-sized companies with 500 to 1000 users, it may be helpful to work with a qualified IT service provider or Microsoft partner to help with the implementation and integration of Defender for Cloud.
-
- Trevor_RusherWelcome to Implementing Defender for Cloud and the Microsoft Secure Tech Accelerator. Let's get started! Have a question? Post here in the Comments so we can help. Let’s make this an active Q&A!
- Trevor_RusherImplementing Defender for Cloud starts soon. Have a question? Post it here in the Comments!
