AMA: Microsoft Defender for Cloud

Welcome! The Microsoft Defender for Cloud AMA will start soon. What questions do you have for our experts? Post them now and we’ll use them to kick off the half-hour!

Welcome to the Microsoft Defender for Cloud AMA and the Tech Community Live: Microsoft Security edition. Let's get started! Please post your questions here in the Comments. We will be answering questions in the live stream—and others will be answering here in the Comments.

Don't be shy! This is a great forum to ask your questions about Microsoft Defender for Cloud, and also to share feedback and information about use cases and scenarios you need to support. Post your thoughts and questions now in the Comments.

Regarding the log analytics workspace for containers: Defender for Cloud will create a default Log Analytics workspace but you can assign a custom workspace through policy: Configure Microsoft Defender for Containers components - Microsoft Defender for Cloud | Microsoft Learn

That concludes today’s Microsoft Defender for Cloud AMA. Thanks to everyone who was able to join us live - and to those catching up on demand!

Up next: AMA: Security Service Edge (SSE)

Thanks all for the participation! In addition to the questions posted on this page, we also answer questions posted in reply to the event on other social channels (LinkedIn, X, etc.). Below are the questions the panelists answered, along with a timestamped link:

Question -- Is there anything new in defender for cloud from Ignite? - answered at 1:35.

Question -- What are the benefits of the new AI Security Posture Management (AI-SPM) capabilities in Defender for Cloud? - answered at 3:15.

Question -- How does Defender for Cloud work with multicloud environments? Anything we should take into consideration as we plan? - answered at 4:37.

Question from LinkedIn -- Does Defender for Cloud support Azure Kubernetes Services? - answered at 6:27.

Question from Tech Community -- What is the difference between defender for cloud vs defender for cloud apps? - answered at 7:54.

Question on X -- What roles can configure or modify a security policy on Defender for Cloud?  - answered at 9:15.

Question -- Can we use Defender for Cloud for threat detection and response for API traffic? - answered at 10:50.

Follow up question -- New API security management posture management capabilities? - answered at 11:18.

Question -- What details are included in security alerts? - answered at 12:40.

Question -- Going back to containers, any reason to keep the default workspace and not just use our custom ones? - The team followed up after the event with the following response: While retaining the default workspace ensures a straightforward setup and operation, utilizing custom workspaces can provide enhanced control and alignment with your organization's requirements. This approach can offer benefits such as centralized data management, compliance with organizational policies, and more centralized control over data access and retention. The key is to ensure that any custom configurations are properly implemented to support the continuous and effective operation of Defender for Containers. For more information, go to https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-defender-for-containers. 

Question -- Can you talk more about how the integration of AI security posture management within Defender for Cloud enhances the detection and mitigation of API-related threats? - answered at 17:51

Question -- What do you personally see as the main benefits of the Endor Labs integration? Can I configure Endor Labs for GitHub? - answered at 19:34.

Question -- Does Defender for Cloud support API security testing on source code repositories? - answered at 21:39.

Question -- How does Defender for Cloud prioritize risk? - answered at 23:16.