Event banner
Event details
27 Comments
- Trevor_Rusher
Community Manager
Thank you all for joining our AMA today! I'll be locking this event to new questions but you should always be able to see all the questions and answers here on this page in perpetuity, so feel free to bookmark. If you have more questions related to Defender for Cloud feel free to check out the Defender for Cloud Discussion Space here on Tech Community.
Also please stay tuned for our next AMA here on the SCI Tech Community Event Space!
Thomas_ZouMicrosoft
Hi Community,
For those of you who want to learn more or asks questions about our new innovations about CNAPP, Defender CSPM and Data security announced in Microsoft Secure yesterday, please go to this blog post: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/announcing-defender-cspm-ga-amp-new-data-security-capabilities/ba-p/3781013
we will be answering your questions as well after the event!
Best, Thomas- A adaptive application control question. Do you know if there is a way to investigate whats wrong if a device falls under the No recommendation? The device is up and running for more then 3 weeks. Heartbeat of the AMA agent is reporting ok. File integrity is working fine on that device. But still the device isn't showing in the recommended tab. Is there some logs file we can check for this?
- Tom_JanetscheckHi Thomas, in case it is a Windows machine, you might have a pre-existing AppLocker policy, or AppLocker is not available on it. In this case, the machine will have no recommendation. Please also look at https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls#enable-application-controls-on-a-group-of-machines.
- The Event viewer app lockers logs are empty so i'm pretty sure app locker isn't running on that machine. It is also the windows server Datacenter edition with GUI so that is also not the case
- I'm testing the new integration (pipeline) with the Azure Monitor Agent. The accompanying Azure Policy initiative is in preview as well. I noticed that Windows Server 2022 is not in scope of the policy definition to deploy the Azure Security Agent extension. Is that functionality built-in or an error in the policy definition?
- Tom_JanetscheckHi Jent, today, the policy does not yet contain Windows Server 2022 as an operating system in scope. However, you can use the builtin policy definition as a template for a custom one and add additional operating systems (or remove the OS scoping part).
Follow up question Tom_Janetscheck, when the new AMA, ASA, DCR pipeline is complete, I guess I can use the same test alert validation as in Simulate alerts on your Azure VMs (Windows) with the fake executable execution.
- Trevor_RusherWelcome to the Microsoft Defender for Cloud AMA! This live hour gives you the opportunity to ask questions directly to the Microsoft team. Please post any questions in a separate, new comment thread on this event. Microsoft team- please introduce yourself on this thread to let the customers know who you are and what you do!
- YuriDiogenesHello everyone, I'm Yuri Diogenes, Principal PM Manager for Defender for Cloud Team. I'm happy to answer your questions about the amazing Defender for Cloud!! Let's go!
- Tom_JanetscheckHi there everybody, I'm Tom Janetscheck, Senior Product Manager on the Defender for Cloud team. I'm happy to answer your technical questions related to our product today. So, keep them coming!
- danielavillarrealHi there everyone! I'm Daniela Villarreal, Product Marketing Manager for Defender for Cloud's storage and database protection solutions. Happy to answer your questions on our just-announced data-aware security posture and Defender for Storage capabilities!
- The DFC Recommendation: Machines should have a vulnerability assessment solution . Is this depending on the MDE.Windows OR MDE.Linux extension? Because we got one client who deployed MDE on their linux environment via ansible and have the DFC MDE automatic onboarding disabled on one subscription and the recommendation for those devices is unhealthy. On another subscription they do have MDE automatic onboarding enabled and the extension do get installed and those devices are healthy in the recommendation. IF not, can you explain deep dive how it's validated?
- Tom_Janetscheck
Hi Thomas,
Defender for Cloud will assess if your machine is using Microsoft Defender Vulnerability Management (MDVM) as part of the integration with Microsoft Defender for Endpoint (MDE) or agentless scanning, the Qualys VA solution as part of Microsoft Defender for Servers Plan 2, or one of the two BYOL VA solutions. In addition, for MDVM integration with Defender for Cloud to be available, it's a separate setting in Settings & Monitoring blade of the subscription.The setting looks good, so that is not the case. Any other suggestion ?
- What the best practice for using Defender for Cloud to protect and ensure secure configuration of Microsoft AVD?
- Tom_JanetscheckHi Dominic, it depends on your scenario. While Defender for Servers is aimed towards protecting server operating systems, most of its capabilities are also available on client operating systems. However, we currently do not support integration and license coverage for Microsoft Defender for Endpoint on these machines, unless you are using Windows 10/11 Enterprise multi-session. You can learn more about integration with Microsoft Defender for Endpoint at https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint.
- If CSPM is GA, then what is the cost model? Thanks,
- Thomas_Zou
Great question! The foundational CSPM capabilities will stay free, with Defender CSPM generally available (GA), the plan will remain free until billing starts on May 1 2023. Billing will apply for compute, database, and storage resources. Billable workloads will be VMs, Storage Accounts, OSS DBs, and SQL PaaS & Servers on Machines. When billing starts, existing Microsoft Defender for Cloud customers will receive automatically applied discounts for Defender CSPM. Microsoft Defender CSPM protects across all your multicloud workloads, but billing only applies for Servers, Databases and Storage accounts at $15/billable resource/month.
If you have one of the following plans enabled, you will receive a discount. Current Microsoft Defender for Cloud customers receive automatically applied discounts (5-25% discount per billed workload based on the highest applicable discount).
Refer to the following table:
Current Defender for Cloud Customer Automatic Discount Defender CSPM Price
Defender for Servers P2 - 25% discount - cost: $11.25/ Compute or Data workload / month
Defender for Containers - 10% discount - cost $13.50/ Compute or Data workload / month
Defender for DBs / Defender for Storage - 5% discount - cost $14.25/ Compute or Data workload / month
and to find more pricing information, please see this pricing page: https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
- Trevor_RusherI'm excited to share this upcoming AMA with the Defender for Cloud team! Remember to please ask your questions down here in a new comment thread. Thanks!
- Hey Trevor. Completely off topic, but I just found these series. Would you be willing to host a Defender for Endpoint AMA with ATP Product Group?
- Trevor_RusherHey Toby! I will pass your interest up the pipeline to the MDE team. I know we have done a few in the past but that was a while ago, so hopefully they will be willing to do one again soon! Thanks
