Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Azure Defender Plan for DevOps(Preview) missingHello Jake, There is no Defender for DevOps plan to enable yet, as we are still in public preview. The Defender for DevOps configuration for now starts to happen when you create a connector. See the steps from the lab https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2014-Config%20Azure%20ADO%20in%20DfD.mdRe: Relationship to Well Architected Framework (WAF) Security RecommendationsThe relationship is that both use Azure Security Benchmark as their foundation.Re: Combining Security Center for multiple tenants tjshaw yes, see Cross-tenant management in Azure Security Center | Microsoft Docs Re: Best Practices for Compliance ScoreLast month we released the Workflow Automation for Regulatory Compliance. More info at https://docs.microsoft.com/en-us/azure/security-center/release-notes#workflow-automations-can-be-triggered-by-changes-to-regulatory-compliance-assessments-in-preview Regarding the webinar, thanks for the suggestion.Re: Secure score evaluation in companies in the sector glenmcleroy that works for O365 Secure Score and are not applicable for Azure Secure Score. Re: Secure score evaluation in companies in the sector Hello Elias01 - the ASC Secure Score doesn't take in consideration the industry verticals. The score is purely calculated based on the aggregation of security recommendations into security controls, and these recommendations are specifically for the workloads that are available in the subscription. Re: Security Center Recommendations SecureDuck it depends on the type of recommendation. For example, "no recommendation" in the UI for JIT VM could be caused by: Missing NSG - The just-in-time solution requires an NSG to be in place. Classic VM - Security Center just-in-time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just-in-time solution. Other - A VM is in this category if the just-in-time solution is turned off in the security policy of the subscription or the resource group, or if the VM is missing a public IP and doesn't have an NSG in place. Check the recommendation and review the documentation for the potential reasons that an item show as not recommended: https://docs.microsoft.com/en-us/azure/security-center/ Re: How to implement os recommendations LA1976 GPO is the recommended way to implement these settings. Regarding this statement "why not be able to download the json from the portal to have it converted to DSC or GPO" <== this capability is not currently available. We are revisiting this UI, and we should bring some changes to the way these recommendations can be implemented. I don't have a ETA to share, but changes are coming to this experience. Thanks for sharing your feedback! Re: How to collect Security Data and generate a report from an Azure Subscription to check compliance palchak enable Azure Security Center in your subscription, upgrade it to Standard tier (upgrade is free for 30 days) and wait for ASC to scan the resources available in the subscription and generate the security recommendations. Here a quick tutorial on how to onboard ASC https://docs.microsoft.com/en-us/azure/security-center/security-center-get-started Re: Removing servers from ASC endakelly usually it takes 24 hours to refresh, if you are experiencing this behavior (3 days), I recommend you to open a support ticket with Microsoft CSS to investigate this behavior. Re: Security The Next Generation Catch-22 Valon_Kolica Netteligent - Fileless attack detection is natively available in Windows Defender ATP, more info here https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/fileless-threats Re: azure saml claims Thanks for loop me in, Valon_Kolica but unfortunately that's not my area of expertise. Re: Combining Security Center for multiple tenants Hello Valon_Kolica and @stevecatmull Currently Azure Security Center doesn't support multiple tenants, but this feature is on the roadmap and should be coming this year. Re: Antimalware Hybrid Licensing Stefan Schörling - got more details from the Antimalware PM: Microsoft antimalware service in Azure is not SCEP. It's Microsoft antimalware for Azure. SCEP is system center endpoint protection and the only way you get it / deploy it is via system center (not free). Re: Antimalware Hybrid Licensing Hello Stefan Schörling , sorry the delay. In summary (update now): Microsoft antimalware service in Azure is not SCEP. It's Microsoft antimalware for Azure. SCEP is system center endpoint protection and the only way you get it / deploy it is via system center. Re: Antimalware Hybrid Licensing Stefan Schörling the info that I received from the Antimalware PM was for Azure, but let me double check again and see if applies to on-premises as well. Re: Antimalware Hybrid Licensing Hello Ryan Heffernan , unfortunately I don't know the answer here since antimalware license is not my domain. I will send this question to the right PM internally and will CC you. Re: Security Center Playbooks and Azure Functions Integration with Firewalls Thanks for sharing it. If you need the steps to create this Playbook, check it here.
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagMicrosoft Security Exposure Management Ninja Training This blog post has a curation of many Microsoft security exposure management (MSEM) resources, organized in a format that can help you to go from absolutely no knowledge in MSEM, to designing and imp...A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud Introduction In this blog, I discuss the importance of proactive security posture management, how security teams can be organized for security posture management, how roles and responsibilities can...New Ransomware Recommendation Dashboard in Microsoft Defender for Cloud The new Ransomware recommendations dashboard is an Azure workbook that provides you visibility into what security recommendations you should prioritize to reduce the likelihood of getting compromised...A new name for multi-cloud security: Microsoft Defender for Cloud Insights into the new product name "Microsoft Defender for Cloud". Microsoft Defender for Cloud PoC Series – Microsoft Defender for Resource Manager Introduction In this blog, we guide you through conducting a Proof of Concept (PoC) for Microsoft Defender for Resource Manager, part of Microsoft Defender for Cloud. This service provides advanced...Planning your Multi-Cloud Adoption with Microsoft Defender for Cloud [11/2/2021 Update - The article below leverages the legacy AWS Connector. For more information about the new AWS Connector released at Ignite 2021, watch this presentation from Ignite] Accordin...Detecting who is changing Alert Suppression rules in Azure Defender One common characteristic of recent attacks is the attempt to evade detection by using different techniques. To evade security software and analyst tools, some malware will enumerate the target syste...Azure Network Security using Microsoft Defender for Cloud integration with Azure Firewall Manager Written in collaboration with Mohit_Kumar (Senior PM CxE Azure Network Security Team) Current challenges Recent attacks are a great reminder that security hygiene should be your number one pr...Validating Microsoft Defender for Resource Manager Alerts This document is provided “as is.” MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. This document does not provide you with any legal rights to any intellectual property in...Querying your Secure Score Across Multiple Subscriptions in Microsoft Defender for Cloud Although the capability to query the Secure Score using API was already available and we already published some automations to leverage this capability, now you can also query your Secure Score using...
MicrosoftMicrosoftMicrosoftMicrosoft
