Our team’s mission remains the same - to protect cloud workloads. Last Ignite we made significant progress in multi-cloud support for GCP and AWS, as well as enabling new Azure protections for ARM and DNS. More recently we published a TEI study that showed the cost savings and reduction of risk associated with a security breach associated with Azure Defender.
Today we are happy to announce new protections for Windows Server 2019, Windows 10 Virtual Desktop and networking as well as improved experiences for alerts and reporting.
Azure Defender for Servers now presents additional threat detection capabilities for Windows Server 2019 and Windows 10 Virtual Desktop (WVD) (in preview) by integrating the Microsoft Defender for Endpoint EDR technology.
As part of helping our customers consume their security status and launch security management scenarios from a central experience, we have integrated the Azure Firewall Manager into Azure Security Center’s main dashboard. This will allow customers to check Firewall coverage status across all networks and to centrally manage Azure Firewall policies.
Here is a screenshot of the enhanced Azure Security Center dashboard:
The Security Center alerts experience has been improved and simplified and is now aligned with the Azure Sentinel incident experience. We added new capabilities that help security teams to triage Azure Defender alerts easier and faster and thus reduce alerts fatigue, such as: searching, sorting, filtering and grouping capabilities, preview of alerts directly in the list, and correlation to MITRE ATT&CK tactics. In addition, we introduced new capability to create sample of Azure Defender alerts, in order to evaluate our offering around the different Azure Defender plans and test configurations around alerts such as SIEM connection, and integrated all the alerts into the Azure Resource Graph enabling customers to explore, filter, and gain additional insights on top of their alerts programmatically using KQL query language.
Our recent improvements around alerts complement the major improvements we introduced last year allowing security teams to better investigate and response to Azure Defender alerts.
Here is a screenshot of Azure Security Center’s improved alerts experience:
In the new Workbooks area in Security Center, customers can leverage out of the box reports created as Azure Workbooks on topics like Secure Score over time, vulnerabilities and system updates. In addition, customers can create their own custom reports on top of Security Center data using Azure Workbooks or pick up workbook templates created by our community, share those across their organization and leverage to relay security status and insights across the organization.
As always - don’t forget to enable Azure Defender for all your cloud services and especially for virtual machines, storage, and SQL databases. Make sure you are actively working to improve your secure score to improve your security posture and please continue to reach out with feedback as we are here to help you protect your businesses from constantly evolving threats.