Microsoft Defender for Cloud Onboarding workbook V2
Published May 23 2023 04:09 AM 9,219 Views
Microsoft

The Defender for Cloud Onboarding Workbook V2 is the latest version of this workbook that was originally published August 2022. You can read more about the purpose of this workbook in this post.

 

What’s New:

 

The Defender Plans Onboarded Tab - displays the subscriptions that are onboarded to a Defender plan, status of the Defender Plan, and the resources deployed in the subscription. You can click on the status of the Defender Plan to On / Off on the subscription.

 

Vasavi_Pasula_0-1684821655380.png

 

You will be directed to the Defender Plans Blade on your selected Subscription. You can notice the status of each Defender Plan is On/Off, and the Resource quantity column displays the Resources deployed in the subscription. You can edit the status of the selected Defender Plan from here and click on save. Please be noted that Foundational CSPM is by default “On” on all subscriptions.

 

Vasavi_Pasula_1-1684821655391.png

 

The CSPM Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender CSPM Plan on the subscription, and the resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription.

 

Vasavi_Pasula_2-1684821655393.png

 

The Agentless Capabilities covered under Defender CSPM displays the Status is On/Off. “Not Available” indicates the required Defender Plan is not enabled, and hence the capability is not available. You can click on the On/Off status on the subscription to edit the Agentless capability.

 

Vasavi_Pasula_3-1684821655395.png

 

Edit the Status On/Off, and click “Continue” and “Save” the settings

 

Vasavi_Pasula_4-1684821655405.png

 

The API Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender for APIs Plan on the subscription, and the APIM resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription.

 

Vasavi_Pasula_5-1684821655408.png

 

The APIM resources overview displays the APIM resources deployed in the subscription, and their Public Network Access is Enabled/Disabled, and if the APIM is deployed into a VNET.

 

Vasavi_Pasula_6-1684821655410.png

 

The Onboard API collections displays if  all the API collections in an APIM are onboarded to Defender for APIs. Click on “Not Onboarded” to onboard the API collection.

 

Vasavi_Pasula_7-1684821655414.png

 

You are directed to the assessment “Azure API Management APIs should be onboarded to Defender for APIs”. Select the API Endpoints under the Unhealthy resources and click on “Fix”

 

Vasavi_Pasula_8-1684821655419.png

 

The Storage Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender for Storage Plan on the subscription, and the Storage Account resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription. The Agentless capabilities like Data Sensitivity Discovery, Malware Scanning are only available with the DefenderForStorageV2Plan. “Not Available” indicates that the required plan is not enabled.

 

Vasavi_Pasula_9-1684821655428.png

 

The Containers Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender for Containers Plan on the subscription, and the Container resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription. The Agentless capability Container Registries VA is available with both the Defender For Containers Plan and Defender CSPM Plan. “Not Available” indicates that the required plan is not enabled.

 

Vasavi_Pasula_10-1684821655434.png

 

The Devops Tab - displays the Github Connectors and Azure Devops Connectors onboarded to the subscription

 

Vasavi_Pasula_11-1684821655437.png

 

The Github repositories that need to be enabled for Code Scanning, Secret scanning, Depandabot scanning are displayed. Click on “Unhealthy” status to enable scanning.

 

Vasavi_Pasula_12-1684821655440.png

 

You are directed to the relevant Recommendation. Select the Unhealthy resources and assign Owner to remediate the Recommendation.

 

Vasavi_Pasula_13-1684821655443.png

 

The AWS Tab - displays the the AWS Connectors deployed in the subscription, yhe status of the Defender Plans on the AWS Connector. You can click on the status of the Defender Plan to On/Off on the Connector.

 

Vasavi_Pasula_14-1684821655445.png

 

AWS Agentless capabilities like "Agentless VM scanning", "Data Sensitivity Discovery" are displayed.

 

Vasavi_Pasula_15-1684821655447.png

 

You are directed to the AWS Defender plans blade. You can edit the Defender plan on the AWS connector and click on “Configure access”

 

Vasavi_Pasula_16-1684821655456.png

 

When the Defender Plan settings are edited on the AWS connector, you need to download the cloud formation template and update the AWS environment. This is a required step to reflect your changes on the AWS connector, to the AWS environment.

 

Vasavi_Pasula_17-1684821655460.png

 

The GCP Tab - displays the the GCP Connectors deployed in the subscription, the status of the Defender Plans on the GCP Connector. You can click on the status of the Defender Plan to On/Off on the Connector.

 

Vasavi_Pasula_18-1684821655463.png

 

You are directed to the GCP Defender plans blade. You can edit the Defender plan on the GCP connector and click on “Configure access” and “Update”

 

Vasavi_Pasula_19-1684821655469.png

 

 

How to Deploy

The Defender for Cloud Onboarding Workbook is available in the Microsoft Defender for Cloud GitHub Repo page, under Workbooks and can be accessed directly with its Defender for Cloud Onboarding Workbook V2

The workbook can be deployed quickly in the Azure Commercial and Gov cloud environments by clicking the respective “Deploy to Azure” buttons on the workbook page.

 

Additional Resources

Acknowledgements

  • Many thanks to Yuri Diogenes  & Safeena Begum in supporting my initiative and suggesting feedbacks.

 

 

1 Comment
Co-Authors
Version history
Last update:
‎May 22 2023 11:15 PM
Updated by: