Monthly news - March 2023
Published Mar 06 2023 04:10 AM 3,828 Views
Microsoft

Microsoft Defender for Cloud

Monthly news

March 2023 Edition

teaser.png

This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from February 2023.

Legend:
Product videos.png Product videos webcast recordings.png Webcasts (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External content Product improvements.png Product improvements Public Preview sign-up.png Announcements
 Microsoft Defender for Cloud
webcast recordings.png Watch two new episodes of the Defender for Cloud in the Field show about Defender for Servers and Governance capabilities improvements.
Product improvements.png An improved version of the cloud security explorer includes a refreshed user experience that removes query friction dramatically, added the ability to run multicloud and multi-resource queries, and embedded documentation for each query option. The Cloud Security Explorer now allows you to run cloud-abstract queries across resources. You can use either the pre-built query templates or use the custom search to apply filters to build your query.
GitHub.png Microsoft Defender for Cloud Labs have been updated and now include the new Defender CSPM capabilities. Our labs project help you get ramped up with Microsoft Defender for Cloud and provide hands-on practical experience for product features, capabilities, and scenarios.
Public Preview sign-up.png A new community workbook "Active Recommendations" has been added to the Defender for Cloud's library. This workbook will show active recommendations including the time it has been open for a particular resource. It's available with Foundational CSPM (no need to have Defender CSPM enabled) and allows to filter by severity and cloud environment.
Blogs on MS.png Learn how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency.
Blogs on MS.png Threat actors use tools to exfiltrate sensitive information from exposed storage resources open to unauthenticated public access. This process is called blob-hunting, also known as Container Enumeration on Leaky Buckets. It is a common collection tactic, easy to do, cheap to carry out, does not require authentication, and there is no shortage of open-source tools that help facilitate and automate its process. Microsoft Defender for Storage detects blob-hunting attempts and other malicious activities by monitoring unusual activities from unexpected sources.
Blogs on MS.png Microsoft Defender for Cloud is a unified solution for cloud security posture management (CSPM), cloud workload protection (CWP), and DevOps security management. Customers using Microsoft Defender for Cloud may want to consume the detailed security alerts, recommendations, secure score controls, and regulatory compliance checks outside of the portal for additional analysis. This blog will walk through different scenarios and methods to retrieve Defender for Cloud data, including exporting to Security Incident Event Management (SIEM) solutions, Log Analytics workspaces, CSV files, and alternative locations via an automated script.
Blogs on MS.png Defender for Containers protects your Kubernetes clusters by continuously assessing them to get visibility into misconfigurations and help mitigate identified threats. To get insight into the workload configuration on the cluster, the Azure Policy for Kubernetes is deployed as part of the Defender for Containers plan. The Azure Policy for Kubernetes extends the Gatekeeper v3 admission controller webhook for OPA. Gatekeeper is needed to check if the policy is correct before enforcing it. On Azure Kubernetes Service (AKS), it is deployed as an add-on. For Arc Enabled Kubernetes, which includes on-premises clusters and clusters hosted in Google Cloud or Amazon Web Services, it is deployed as an extension. In this blog, we will go more into detail about how Azure Policy for Kubernetes, uses Gatekeeper with OPA in the Defender for Containers plan.
webcast recordings.png Join us for an "Ask Microsoft Anything (AMA)" event to connect with members of the Defender for Cloud product group who will be on hand to answer your questions and listen to feedback.
Blogs on MS.png Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Georgia Banking Company – a thriving fast growing community bank – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
Blogs on MS.png Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML.

 

 

Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe

 

Co-Authors
Version history
Last update:
‎Mar 23 2023 01:25 PM
Updated by: