cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is the best approach to protected Azure Hosted VM?

SB V
Brass Contributor

‎Jul 04 2022 05:26 AM

‎Jul 04 2022 05:26 AM

What is the best approach to protected Azure Hosted VM?

Hi Community,

 

One of our customer has Azure VM machines hosted platform and there is no on-prem dependency.

They would like to understand what are the capabilities of Microsoft Sentinel over M365 Defender while protecting the VMs from threats.

 

Questions:

 

1. What is recommended for the Azure Windows VM hosted environment?

2. What are the additional values if we recommend M365 Sentinel over M365 Defender?

 

Any pointers would be of great help.

 

Thanks in advance!

988 Views
1 Like
1 Reply
Reply
1 Reply
Matheus_Montagnini

‎Jul 05 2022 11:36 AM

‎Jul 05 2022 11:36 AM

Re: What is the best approach to protected Azure Hosted VM?

Hello @SB V,

 

I understand that you are concerned regarding threat protection capabilities offered by Microsoft security products for Azure virtual machines.

 

I will answer your questions accordingly to the information and details provided by you, please feel free to answer if there is any additional question or further concerns from your part.

 

1. What is recommended for the Azure Windows VM hosted environment?

A: Microsoft offers Defender for Cloud as an Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) solution for all your Azure and non-Azure (on-prem, AWS and GCP) resources. Defender for Cloud helps you to assess, secure and defend your cloud workloads, and has some free features that may help you improve your overall security posture. You can find more details here: What is Microsoft Defender for Cloud? | Microsoft Docs

 

Implementing Defender for Cloud security recommendations would be a great start here, but you'll probably need its enhanced security features in order to keep your workloads secure against modern threats. For this, we can enable Defender for Servers for your Azure (and non-Azure!) virtual machines. Defender for Servers will bring more advanced security features for you, including Defender for Endpoint license (Defender for Endpoint is the EDR solution from Microsoft), vulnerability assessment from Qualys, just-in-time access, adaptive network hardening and many others. You can find more information regarding Defender for Cloud enhanced security features and Defender for Servers capabilities in those pages:

 

Understand the enhanced security features of Microsoft Defender for Cloud | Microsoft Docs

Microsoft Defender for Servers - the benefits and features | Microsoft Docs

 

2. What are the additional values if we recommend M365 Sentinel over M365 Defender?

A: I would not recommend Microsoft Sentinel at this point. Sentinel is a SIEM/SOAR solution that will deliver intelligent security analytics and threat intelligence for your organization, that will help you to detect attacks and threats, then respond those threat using its hunting capabilities. Sentinel will NOT automatically respond/mitigate security threats OOBE, it will only detect threats from the data ingested by the company. You can better understand Sentinel case use scenarios in this doc: What is Microsoft Sentinel? | Microsoft Docs

 

Hope that this helps you to better understand Microsoft security offerings for Azure virtual machines and address your questions, if not, please feel free to answer me with any further questions and concerns you may have so we can further discuss it.

 

Best regards,

 

Matheus Montagnini

0 Likes
Reply