Microsoft Defender for Storage

31 Topics

Become a Microsoft Defender for Cloud Ninja
[Last update: 04/08/2025] All content was reviewed and updated for the month of April 2025. This blog post has a curation of many Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender) resources, organized in a format that can help you to go from absolutely no knowledge in Microsoft Defender for Cloud, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Microsoft Defender for Cloud. On November 2nd, at Microsoft Ignite 2021, Microsoft announced the rebrand of Azure Security Center and Azure Defender for Microsoft Defender for Cloud. To learn more about this change, read this article. Every month we are adding new updates to this article, and you can track it by checking the red date besides the topic. If you already study all the modules and you are ready for the knowledge check, follow the procedures below: To obtain the Defender for Cloud Ninja Certificate 1. Take this knowledge check here, where you will find questions about different areas and plans available in Defender for Cloud. 2. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again. Note: it can take up to 24 hours for you to receive your certificate via email. To obtain the Defender for Servers Ninja Certificate (Introduced in 08/2023) 1. Take this knowledge check here, where you will find only questions related to Defender for Servers. 2. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again. Note: it can take up to 24 hours for you to receive your certificate via email. Modules To become an Microsoft Defender for Cloud Ninja, you will need to complete each module. The content of each module will vary, refer to the legend to understand the type of content before clicking in the topic’s hyperlink. The table below summarizes the content of each module: Module Description 0 - CNAPP In this module you will familiarize yourself with the concepts of CNAPP and how to plan Defender for Cloud deployment as a CNAPP solution. 1 – Introducing Microsoft Defender for Cloud and Microsoft Defender Cloud plans In this module you will familiarize yourself with Microsoft Defender for Cloud and understand the use case scenarios. You will also learn about Microsoft Defender for Cloud and Microsoft Defender Cloud plans pricing and overall architecture data flow. 2 – Planning Microsoft Defender for Cloud In this module you will learn the main considerations to correctly plan Microsoft Defender for Cloud deployment. From supported platforms to best practices implementation. 3 – Enhance your Cloud Security Posture In this module you will learn how to leverage Cloud Security Posture management capabilities, such as Secure Score and Attack Path to continuous improvement of your cloud security posture. This module includes automation samples that can be used to facilitate secure score adoption and operations. 4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud In this module you will learn how to use the cloud security posture management capabilities available in Microsoft Defender for Cloud, which includes vulnerability assessment, inventory, workflow automation and custom dashboards with workbooks. 5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud In this module you will learn about the regulatory compliance dashboard in Microsoft Defender for Cloud and give you insights on how to include additional standards. In this module you will also familiarize yourself with Azure Blueprints for regulatory standards. 6 – Cloud Workload Protection Platform Capabilities in Azure Defender In this module you will learn how the advanced cloud capabilities in Microsoft Defender for Cloud work, which includes JIT, File Integrity Monitoring and Adaptive Application Control. This module also covers how threat protection works in Microsoft Defender for Cloud, the different categories of detections, and how to simulate alerts. 7 – Streaming Alerts and Recommendations to a SIEM Solution In this module you will learn how to use native Microsoft Defender for Cloud capabilities to stream recommendations and alerts to different platforms. You will also learn more about Azure Sentinel native connectivity with Microsoft Defender for Cloud. Lastly, you will learn how to leverage Graph Security API to stream alerts from Microsoft Defender for Cloud to Splunk. 8 – Integrations and APIs In this module you will learn about the different integration capabilities in Microsoft Defender for Cloud, how to connect Tenable to Microsoft Defender for Cloud, and how other supported solutions can be integrated with Microsoft Defender for Cloud. 9 - DevOps Security In this module you will learn more about DevOps Security capabilities in Defender for Cloud. You will be able to follow the interactive guide to understand the core capabilities and how to navigate through the product. 10 - Defender for APIs In this module you will learn more about the new plan announced at RSA 2023. You will be able to follow the steps to onboard the plan and validate the threat detection capability. 11 - AI Posture Management and Workload Protection In this module you will learn more about the risks of Gen AI and how Defender for Cloud can help improve your AI posture management and detect threats against your Gen AI apps. Module 0 - Cloud Native Application Protection Platform (CNAPP) Improving Your Multi-Cloud Security with a CNAPP - a vendor agnostic approach Microsoft CNAPP Solution Planning and Operationalizing Microsoft CNAPP Understanding Cloud Native Application Protection Platforms (CNAPP) Cloud Native Applications Protection Platform (CNAPP) Microsoft CNAPP eBook Understanding CNAPP Module 1 - Introducing Microsoft Defender for Cloud What is Microsoft Defender for Cloud? A New Approach to Get Your Cloud Risks Under Control Getting Started with Microsoft Defender for Cloud Implementing a CNAPP Strategy to Embed Security From Code to Cloud Boost multicloud security with a comprehensive code to cloud strategy A new name for multi-cloud security: Microsoft Defender for Cloud Common questions about Defender for Cloud MDC Cost Calculator Module 2 – Planning Microsoft Defender for Cloud Features for IaaS workloads Features for PaaS workloads Built-in RBAC Roles in Microsoft Defender for Cloud Enterprise Onboarding Guide Assigning Permissions in Microsoft Defender for Cloud Design Considerations for Log Analytics Workspace Onboarding on-premises machines using Windows Admin Center Understanding Security Policies in Microsoft Defender for Cloud Creating Custom Policies Centralized Policy Management in Microsoft Defender for Cloud using Management Groups Planning Data Collection for IaaS VMs Microsoft Defender for Cloud PoC Series – Microsoft Defender for Resource Manager Microsoft Defender for Cloud PoC Series – Microsoft Defender for Storage How to Effectively Perform an Microsoft Defender for Cloud PoC Microsoft Defender for Cloud PoC Series – Microsoft Defender for App Service Considerations for Multi-Tenant Scenario Microsoft Defender for Cloud PoC Series – Microsoft Defender CSPM Microsoft Defender for DevOps GitHub Connector - Microsoft Defender for Cloud PoC Series Grant tenant-wide permissions to yourself Simplifying Onboarding to Microsoft Defender for Cloud with Terraform Module 3 – Enhance your Cloud Security Posture Azure Secure Score vs. Microsoft Secure Score How Secure Score affects your governance Enhance your Secure Score in Microsoft Defender for Cloud Security recommendations Resource exemption Customizing Endpoint Protection Recommendation in Microsoft Defender for Cloud Deliver a Security Score weekly briefing Send Microsoft Defender for Cloud Recommendations to Azure Resource Stakeholders Secure Score Reduction Alert Average Time taken to remediate resources Improved experience for managing the default Azure security policies Security Policy Enhancements in Defender for Cloud Create custom recommendations and security standards Secure Score Overtime Workbook Automation Artifacts for Secure Score Recommendations Remediation Scripts Module 4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud CSPM in Defender for Cloud Take a Proactive Risk-Based Approach to Securing your Cloud Native Applications Predict future security incidents! Cloud Security Posture Management with Microsoft Defender Software inventory filters added to asset inventory Drive your organization to security actions using Governance experience Managing Asset Inventory in Microsoft Defender for Cloud Vulnerability Assessment Workbook Template Vulnerability Assessment for Containers Improvements in Continuous Export feature Implementing Workflow Automation Workflow Automation Artifacts Creating Custom Dashboard for Microsoft Defender for Cloud Using Microsoft Defender for Cloud API for Workflow Automation What you need to know when deleting and re-creating the security connector(s) in Defender for Cloud Connect AWS Account with Microsoft Defender for Cloud Video Demo - Connecting AWS accounts Microsoft Defender for Cloud PoC Series - Multi-cloud with AWS Onboarding your AWS/GCP environment to Microsoft Defender for Cloud with Terraform How to better manage cost of API calls that Defender for Cloud makes to AWS Connect GCP Account with Microsoft Defender for Cloud Protecting Containers in GCP with Defender for Containers Video Demo - Connecting GCP Accounts Microsoft Defender for Cloud PoC Series - Multicloud with GCP All You Need to Know About Microsoft Defender for Cloud Multicloud Protection Custom recommendations for AWS and GCP 31 new and enhanced multicloud regulatory standards coverage Azure Monitor Workbooks integrated into Microsoft Defender for Cloud and three templates provided How to Generate a Microsoft Defender for Cloud exemption and disable policy report Cloud security posture and contextualization across cloud boundaries from a single dashboard Best Practices to Manage and Mitigate Security Recommendations Defender CSPM Defender CSPM Plan Options Cloud Security Explorer Identify and remediate attack paths Agentless scanning for machines Cloud security explorer and Attack path analysis Governance Rules at Scale Governance Improvements Data Security Aware Posture Management A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis Understanding data aware security posture capability Agentless Container Posture Agentless Container Posture Management Microsoft Defender for Cloud - Automate Notifications when new Attack Paths are created Proactively secure your Google Cloud Resources with Microsoft Defender for Cloud Demystifying Defender CSPM Discover and Protect Sensitive Data with Defender for Cloud Defender for cloud's Agentless secret scanning for virtual machines is now generally available! Defender CSPM Support for GCP Data Security Dashboard Agentless Container Posture Management in Multicloud Agentless malware scanning for servers Recommendation Prioritization Unified insights from Microsoft Entra Permissions Management Defender CSPM Internet Exposure Analysis Future-Proofing Cloud Security with Defender CSPM ServiceNow's integration now includes Configuration Compliance module 🚀 Suggested Labs: Improving your Secure Posture Connecting a GCP project Connecting an AWS project Defender CSPM Agentless container posture through Defender CSPM Contextual Security capabilities for AWS using Defender CSPM Module 5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud Understanding Regulatory Compliance Capabilities in Microsoft Defender for Cloud Adding new regulatory compliance standards Regulatory Compliance workbook Regulatory compliance dashboard now includes Azure Audit reports Microsoft cloud security benchmark: Azure compute benchmark is now aligned with CIS! Updated naming format of Center for Internet Security (CIS) standards in regulatory compliance CIS Azure Foundations Benchmark v2.0.0 in regulatory compliance dashboard Spanish National Security Framework (Esquema Nacional de Seguridad (ENS)) added to regulatory compliance dashboard for Azure 🚀 Suggested Lab: Regulatory Compliance Module 6 – Cloud Workload Protection Platform Capabilities in Microsoft Defender for Clouds Understanding Just-in-Time VM Access Implementing JIT VM Access File Integrity Monitoring in Microsoft Defender Understanding Threat Protection in Microsoft Defender Microsoft Defender for Servers Demystifying Defender for Servers Onboarding directly (without Azure Arc) to Defender for Servers Agentless secret scanning for virtual machines in Defender for servers P2 & DCSPM Vulnerability Management in Defender for Cloud File Integrity Monitoring using Microsoft Defender for Endpoint Microsoft Defender for Containers Basics of Defender for Containers Secure your Containers from Build to Runtime AWS ECR Coverage in Defender for Containers Upgrade to Microsoft Defender Vulnerability Management End to end container security with unified SOC experience Binary drift detection episode Binary drift detection Cloud Detection Response experience Exploring the Latest Container Security Updates from Microsoft Ignite 2024 Unveiling Kubernetes lateral movement and attack paths with Microsoft Defender for Cloud Onboarding Docker Hub and JFrog Artifactory Improvements in Container’s Posture Management New AKS Security Dashboard in Defender for Cloud Microsoft Defender for Storage Protect your storage resources against blob-hunting Malware Scanning in Defender for Storage Microsoft Defender for SQL New Defender for SQL VA Microsoft Defender for SQL Anywhere New autoprovisioning process for SQL Server on machines plan Defender for Open-Source Relational Databases Multicloud Microsoft Defender for KeyVault Microsoft Defender for AppService Microsoft Defender for Resource Manager Understanding Security Incident Security Alert Correlation Alert Reference Guide 'Copy alert JSON' button added to security alert details pane Alert Suppression Simulating Alerts in Microsoft Defender for Cloud Alert validation Simulating alerts for Windows Simulating alerts for Linux Simulating alerts for Containers Simulating alerts for Storage Simulating alerts for Microsoft Key Vault Simulating alerts for Microsoft Defender for Resource Manager Integration with Microsoft Defender for Endpoint Auto-provisioning of Microsoft Defender for Endpoint unified solution Resolve security threats with Microsoft Defender for Cloud Protect your servers and VMs from brute-force and malware attacks with Microsoft Defender for Cloud Filter security alerts by IP address Alerts by resource group Defender for Servers Security Alerts Improvements 🚀 Suggested Labs: Workload Protections Agentless container vulnerability assessment scanning Microsoft Defender for Cloud database protection Protecting On-Prem Servers in Defender for Cloud Defender for Storage Module 7 – Streaming Alerts and Recommendations to a SIEM Solution Continuous Export capability in Microsoft Defender for Cloud Deploying Continuous Export using Azure Policy Connecting Microsoft Sentinel with Microsoft Defender for Cloud Closing an Incident in Azure Sentinel and Dismissing an Alert in Microsoft Defender for Cloud Microsoft Sentinel bi-directional alert synchronization 🚀 Suggested Lab: Exporting Microsoft Defender for Cloud information to a SIEM Module 8 – Integrations and APIs Integration with Tenable Integrate security solutions in Microsoft Defender for Cloud Defender for Cloud integration with Defender EASM Defender for Cloud integration with Defender TI REST APIs for Microsoft Defender for Cloud Obtaining Secure Score via REST API Using Graph Security API to Query Alerts in Microsoft Defender for Cloud Automate(d) Security with Microsoft Defender for Cloud and Logic Apps Automating Cloud Security Posture and Cloud Workload Protection Responses Module 9 – DevOps Security Overview of Microsoft Defender for Cloud DevOps Security DevOps Security Interactive Guide Configure the Microsoft Security DevOps Azure DevOps extension Configure the Microsoft Security DevOps GitHub action Automate SecOps to Developer Communication with Defender for DevOps Compliance for Exposed Secrets Discovered by DevOps Security Automate DevOps Security Recommendation Remediation DevOps Security Workbook Remediating Security Issues in Code with Pull Request Annotations Code to Cloud Security using Microsoft Defender for DevOps GitHub Advanced Security for Azure DevOps alerts in Defender for Cloud Securing your GitLab Environment with Microsoft Defender for Cloud Bridging the Gap Between Code and Cloud with Defender for Cloud Integrate Defender for Cloud CLI with CI/CD pipelines Code Reachability Analysis 🚀 Suggested Labs: Onboarding Azure DevOps to Defender for Cloud Onboarding GitHub to Defender for Cloud Module 10 – Defender for APIs What is Microsoft Defender for APIs? Onboard Defender for APIs Validating Microsoft Defender for APIs Alerts API Security with Defender for APIs Microsoft Defender for API Security Dashboard Exempt functionality now available for Defender for APIs recommendations Create sample alerts for Defender for APIs detections Defender for APIs reach GA Increasing API Security Testing Visibility Boost Security with API Security Posture Management 🚀 Suggested Lab: Defender for APIs Module 11 – AI Posture Management and Workload Protection Secure your AI applications from code to runtime with Microsoft Defender for Cloud AI security posture management AI threat protection Secure your AI applications from code to runtime Data and AI security dashboard Protecting Azure AI Workloads using Threat Protection for AI in Defender for Cloud 🚀 Suggested Lab: Security for AI workloads Are you ready to take your knowledge check? If so, click here. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again. Note: it can take up to 24 hours for you to receive your certificate via email. Other Resources Microsoft Defender for Cloud Labs Become an Microsoft Sentinel Ninja Become an MDE Ninja Cross-product lab (Defend the Flag) Release notes (updated every month) Important upcoming changes Have a great time ramping up in Microsoft Defender for Cloud and becoming a Microsoft Defender for Cloud Ninja!! Reviewer: Tom Janetscheck, Senior PM
YuriDiogenes
Aug 25, 2020 Place Microsoft Defender for Cloud Blog
319KViews
63likes
34Comments
Monthly news - June 2023
This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month.
StanislavBelov
Jun 05, 2023 Place Microsoft Defender for Cloud Blog
166KViews
1like
0Comments
Deploy Microsoft Defender for Cloud via Terraform
Terraform is an Infrastructure as a Code tool created by Hashicorp. It’s used to manage your infrastructure in Azure, as well as other clouds. In this article, we’ll be showing you how to deploy Microsoft Defender for Cloud (MDC) using Terraform from scratch.
Liana_Anca_Tomescu
Jul 01, 2022 Place Microsoft Defender for Cloud Blog
51KViews
6likes
14Comments
Microsoft Defender for Cloud Cost Estimation Dashboard
This blog was updated on April 16 th , 2023 to reflect the latest version of the Cost Estimation workbook. Microsoft Defender for Cloud provides advanced threat detection capabilities across your cloud workloads. This includes comprehensive coverage plans for compute, PaaS and data resources in your environment. Before enabling Defender for Cloud across subscriptions, customers are often interested in having a cost estimation to make sure the cost aligns with the team’s budget. We previously released the Microsoft Defender for Storage Price Estimation Workbook, which was widely and positively received by customers. Based on customer feedback, we have extended this offering by creating one comprehensive workbook that covers most Microsoft Defender for Cloud plans. This includes Defender for Containers, App Service, Servers, Storage, Cloud Security Posture Management and Databases. The Cost Estimation workbook is out-of-the box and can be found in the Defender for Cloud portal. After reading this blog and using the workbook, be sure to leave your feedback to be considered for future enhancements. Please remember these numbers are only estimated based on retail prices and do not provide actual billing data. For reference on how these prices are calculated, visit the Pricing—Microsoft Defender | Microsoft Azure. Overview The cost estimation workbook provides a consolidated price estimation for Microsoft Defender for Cloud plans based on the resource telemetry in your organization’s environment. The workbook allows you to select which subscriptions you would like to estimate the price for as well as the Defender Plans. In a single pane of glass, organizations can see the estimated cost per plan on each subscription as well as the grand total for all the selected subscriptions and plans. To see which plans are currently being used on the subscription, consider using the coverage workbook. Defender Cloud Security Posture Management (CSPM) Defender CSPM protects all resources across your subscriptions, but billing only applies to Compute, Databases and Storage accounts. Billable workloads include VMs, Storage accounts, open-source relational databases and SQL PaaS & Servers on machines. See here for more information regarding pricing. On the backend, the workbook checks to see how many billable resources were detected and if any of the above plans are enabled on the subscription. It then takes the number of billable resources and multiplies it by the Defender CSPM price. Defender for App Service The estimation for Defender for App Services is based on the retail price of $14.60 USD per App Service per month. Check out the Defender for App Service Price Estimation Dashboard for a more detailed view on estimated pricing with information such as CPU time and a list of App Services detected. Defender for Containers The estimation for Defender for Containers is calculated based on the average number of worker nodes in the cluster during the past 30 days. For a more detailed view on containers pricing such as average vCores detected and the number of image scans included, consider also viewing the stand-alone Defender for Containers Cost Estimation Workbook. Defender for Databases Pricing for Defender for Databases includes Defender for SQL Databases and Defender for open-source relational databases (OSS DBs). This includes PostgreSQL, MySQL and MariaDB. All estimations are based on the retail price of $15 USD per resource per month. On the backend, the workbook runs a query to find all SQL databases and OSS DBs in the selected subscriptions and multiplies the total amount by 15 to get the estimated monthly cost. Defender for Key Vault Defender for Key Vault cost estimation is not included in the out of the box workbook, however, a stand-alone workbook is available in the Defender for Cloud GitHub. The Defender for Key Vault dashboard considers all Key Vaults with or without Defender for Key Vault enabled on the selected subscriptions. The calculations are based on the retail price of $0.02 USD per 10k transactions. The “Estimated Cost (7 days)” column takes the total Key Vault transactions of the last 7 days, divides them by 10K and multiples them by 0.02. In “Estimated Monthly Price”, the results of “Estimated Cost (7 days)” are multiplied by 4.35 to get the monthly estimate. Defender for Servers Defender for Servers includes two plan options, Plan 1 and Plan 2. The workbook gives you the option to toggle between the two plans to see the difference in how they would effect pricing. Plan 1 is currently charged at $5 per month where as Plan 2 is currently charged at $15. Defender for Storage The Defender for Storage workbook allows you to estimate the cost of the two pricing plans: the legacy per-transaction plan and the new per-storage plan. The workbook looks at historical file and blob transaction data on supported storage types such as Blob Storage, Azure Files, and Azure Data Lake Storage Gen 2. We have released a new version of this workbook, and you can find it here: Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation and learn more about the storage workbook in Microsoft Defender for Storage – Price Estimation blog post. Limitations Azure Monitor Metrics data backends have limits and the number of requests to fetch data might time out. To solve this, narrow your scope by reducing the selected subscriptions and Defender plans. The workbook currently only includes Azure resources. Acknowledgements Special thanks to everyone who contributed to different versions of this workbook: Fernanda Vela, Helder Pinto, Lili Davoudian, Sarah Kriwet, Safeena Begum Lepakshi, Tom Janetscheck, Amit Biton, Ahmed Masalha, Keren Damari, Nir Sela, Mark Kendrick, Yaniv Shasha, Mauricio Zaragoza, Kafeel Tahir, Mary Lieb, Chris Tucci, Brian Roosevelt References: What is Microsoft Defender for Cloud? - Microsoft Defender for Cloud | Microsoft Learn Pricing—Microsoft Defender | Microsoft Azure Workbooks gallery in Microsoft Defender for Cloud | Microsoft Docs Pricing Calculator | Microsoft Azure Microsoft Defender for Key Vault Price Estimation Workbook Microsoft Defender for App Services Price Estimation Workbook Microsoft Defender for Containers Cost Estimation Workbook Coverage Workbook
Future_Kortor
Mar 04, 2022 Place Microsoft Defender for Cloud Blog
42KViews
8likes
5Comments
Protect your storage resources against blob-hunting
How to detect, investigate and prevent blob-hunting. Learn about the top blob-hunting questions and explain how Microsoft Defender for Storage detects and prevents this type of threat.
Eitan_Shteinberg
Feb 06, 2023 Place Microsoft Defender for Cloud Blog
35KViews
12likes
0Comments
Microsoft Defender for Storage – Price Estimation Dashboard
Blog post updated on April 17th, 2024. Estimate the cost of Microsoft Defender for Storage Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects potential threats to your storage accounts. It helps prevent the three major impacts on your data and workload: malicious file uploads, sensitive data exfiltration, and data corruption. This blog post explains how to use a new workbook that helps you estimate the cost of Microsoft Defender for Storage and add-ons, like Malware Scanning, based on your current storage usage. Prerequisites To use the cost estimation workbook, you need the following: At least one Azure subscription with Storage Accounts (Defender for Storage is not required) Access to the Azure portal Subscription or resource-level reader permission At least Workbook Contributor permissions on the targeted resource group to save the workbook Access the cost estimation workbook The workbook is available in the Microsoft Defender for Cloud’s GitHub repository. You can access it directly from this link. Deploy it Go to the Workbook’s location Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation at main · Azure/Microsoft-Defender-for-Cloud (github.com) In the ReadMe.md file, click the button “Deploy to Azure” This will take you to the Azure portal and the template settings will display for you to fill them. The subscription, resource group and region are required for you to Review + Create. After clicking on “Review + Create” the workbook will show in your resource group. Click on it and then on “Open Workbook”. How it looks like The workbook will display the following information in the tab “Defender for Storage coverage”: Column name Description Subscription Subscription name in the scope. In trial True/False value if the subscription has a free trial. Is enabled Enabled/Disabled value if there’s a Defender for Storage plan enabled. DF-Storage plan The Defender for Storage plan enabled at the subscription-level or if it’s disabled. Malware scanning enabled True/False value if the Defender for Storage add-on Malware Scanning enabled at the subscription-level. For Classic plans, it will show in blank since this feature is not available there. Malware scanning cap The cap setting value at the subscription level. Sensitive data discovery enabled True/False value if the Defender for Storage add-on Sensitive Data Discovery is enabled at the subscription-level. For Classic plans, it will show in blank since this feature is not available there. The tab “Cost estimation” will display the following information: Column name Description Subscription Subscription name in the scope. Storage account Storage account name in the scope. Estimated monthly transactions Transactions taken from a 7-day usage-sample and then used for a 30-day result. Overage transactions Total transactions that are more or equal to 73M. Storage account cost Cost without considering overage. This is $10 USD. Estimated overage charge Overage transactions cost Estimated monthly cost (activity monitoring) “Storage account cost” + “Estimated overage charge” Estimated monthly uploaded GBs 7-day ingress bytes taken from microsoft.storage/storageaccounts/blobservices-Transaction-Ingress; then this is extrapolated to estimate the monthly total based on a standard 30-day month, and finally, it converts this monthly total from bytes to gigabytes using the factor 1073741824 (bytes per gigabyte). The APIs in the filter are: AppendFile, CopyBlob, CreatePathFile, FlushFile, PutBlob, PutBlock, PutBlockFromURL, PutBlockList. Estimated malware scanning cost Cost considering “Estimated monthly uploaded GBs”. Malware Scanning cost is currently $0.15 USD per GB scanned. Note: You can filter the results by subscription and storage account. Workbook estimation limitations This tool estimates malware scanning costs based on the total volume of blobs uploaded, as indicated by Blob Ingress metrics. Please consider the following: Multiple scans: Specific upload methods, such as PutBlockList operations, may trigger multiple scans for a single blob (e.g., when writing logs to the same blob). This tool does not accurately capture the additional costs from multiple scans triggered by such operations. Index Tag costs: Costs associated with blob index tags, which store scan times and results on supported blobs, are not included in these estimates. Learn more on index tags costs in the Azure Storage Blobs Pricing page. Blob size: The estimation accounts for all uploaded blobs; however, only blobs smaller than 2GB are actually scanned. Good to know Note: Resources protected before March 28, 2023, are protected by Defender for Storage (classic) plan. Customers who protected storage accounts prior to this (under the per-transaction or per-storage account plans) are encouraged to migrate to the new plan to enjoy enhanced capabilities. Please note that after March 28, 2023, all new subscriptions created through the Azure portal will enable the new Defender for Storage (per-storage account plan) by default. Learn about migrating to the new plan. The cost of Defender for Storage is based on the number of storage accounts within a subscription. Storage accounts that have less than 73 million monthly transactions, are billed at $10 USD each. Storage accounts with higher transaction volume (above 73M monthly transactions) will experience an overage charge of $0.1492 per additional 1 million transactions. This PowerShell script helps you enumerate all storage accounts in your environment and get the transaction metrics for the last week. Calculating across several large subscriptions or a tenant To pull Blob and File Transactions from each Storage Account in larger subscriptions or across a tenant use this PowerShell script. The Price Estimation used in the script is calculated differently from the workbook described in this blog post. Note that the PowerShell script does not currently estimate the add-on Malware Scanning. This will come in the next couple of weeks. Known Issues Azure Monitor Metrics data backends have limits and probably the number of requests to fetch data across Storage Accounts might time out. To solve this, you will need to narrow the scope (reduce the selected Storage Accounts). Errors might reflect by showing 0 transactions in Files and Blobs. To verify this error, go to Edit Mode and the "Timed out" message will be displayed in the query. If you don’t have permissions to read on the storage accounts, there might be an error like this: Contributors: Eitan Shteinberg, Fernanda Vela, Rogério Barros, Hasan Abo-Shally, Dick Lake, Shay Amar, Daniela Villareal, Reviewer: Yuri Diogenes References: Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation at main · Azure/Microsoft-Defender-for-Cloud (github.com) Pricing—Microsoft Defender for Cloud | Microsoft Azure Pricing Calculator | Microsoft Azure Microsoft Defender for Storage - the benefits and features | Microsoft Docs Azure-Security-Center/Powershell scripts/Read Azure Storage Transaction Metrics at main · Azure/Azur... Microsoft-Defender-for-Cloud/Powershell scripts/Storage Price Estimation Script at main · Azure/Micr...
Fernanda_Vela
Jun 09, 2021 Place Microsoft Defender for Cloud Blog
35KViews
9likes
4Comments
E2E Bootstrap Solution for Malicious File Scanning Using Microsoft Defender for Storage in Azure
This blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for storage malware scanning.
Srinivas_Nalla
Nov 03, 2023 Place Microsoft Defender for Cloud Blog
18KViews
2likes
0Comments
Malware Scanning for cloud storage GA announcement | prevent malicious content distribution
How to prevent malicious content distribution from your cloud storage a scalable, built-in, and agentless solution
Inbal_Argov
Jul 26, 2023 Place Microsoft Defender for Cloud Blog
18KViews
1like
2Comments
Announcing Defender CSPM GA & new data security capabilities in Microsoft Defender for Cloud
Announcing Defender CSPM GA and new data security capabilities in Microsoft Defender for Cloud, our comprehensive multicloud CNAPP
giladelyashar
Mar 28, 2023 Place Microsoft Defender for Cloud Blog
17KViews
7likes
2Comments
Simplifying Onboarding to Microsoft Defender for Cloud with Terraform
Learn how to onboard Microsoft Defender for Cloud with Terraform in a few easy steps using our new Terraform module.
Asaf_Nakash
Nov 27, 2023 Place Microsoft Defender for Cloud Blog
10KViews
4likes
2Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505307000"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Deleted","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1747138110664":{"__typename":"CachedAsset","id":"pages-1747138110664","value":[{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747138110664,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1747138110080":{"__typename":"CachedAsset","id":"theme:customTheme1-1747138110080","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#D13A1F","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#717171","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0069D4","secondary":"#333333","bodyText":"#1E1E1E","bodyBg":"#FFFFFF","info":"#409AE2","success":"#41C5AE","warning":"#FCC844","danger":"#BC341B","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Segoe UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1745505307000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1745505307000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1745505307000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"Category:category:communities":{"__typename":"Category","id":"category:communities","entityType":"CATEGORY","displayId":"communities","nodeType":"category","depth":1,"title":"Communities","shortTitle":"Communities","parent":{"__ref":"Category:category:top"}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Category:category:products-services":{"__typename":"Category","id":"category:products-services","entityType":"CATEGORY","displayId":"products-services","nodeType":"category","depth":2,"title":"Products","description":"","avatar":null,"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:communities"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:gxcuf89792"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:communities"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"theme":{"__ref":"Theme:customTheme1"},"tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:o365.prod:pages/tags/TagPage:category:products-services-1747138108206":{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/tags/TagPage:category:products-services-1747138108206","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1747138032520":{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1747138032520","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":[],"linkType":"EXTERNAL","id":"external-link","url":"/Directory","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft365","params":{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft365-copilot-link","params":{"categoryId":"Microsoft365Copilot"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-teams","params":{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-securityand-compliance","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"azure","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-content_management-link","params":{"categoryId":"Content_Management"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"exchange","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows-server","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"outlook","params":{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-endpoint-manager","params":{"categoryId":"microsoftintune"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-2","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities","url":"/","target":"BLANK"},{"children":[{"linkType":"INTERNAL","id":"a-i","params":{"categoryId":"AI"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"education-sector","params":{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"partner-community","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"i-t-ops-talk","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"healthcare-and-life-sciences","params":{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-mechanics","params":{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"public-sector","params":{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-m-b","params":{"categoryId":"MicrosoftforNonprofits"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"io-t","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"startupsat-microsoft","params":{"categoryId":"StartupsatMicrosoft"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"driving-adoption","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-1","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities-1","url":"/","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external","url":"/Blogs","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external-1","url":"/Events","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft-learn-1","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-learn-blog","params":{"boardId":"MicrosoftLearnBlog","categoryId":"MicrosoftLearn"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external-10","url":"https://learningroomdirectory.microsoft.com/","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-3","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-4","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-5","url":"https://docs.microsoft.com/learn/topics/sci/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-6","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-7","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-8","url":"https://docs.microsoft.com/learn/teams/?wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-9","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-2","url":"https://docs.microsoft.com/learn/azure/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"microsoft-learn","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"community-info-center","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","controllerHighlightColor":"hsla(30, 100%, 50%)","linkFontWeight":"400","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkBoxShadowHover":"none","linkFontSize":"14px","backgroundOpacity":0.8,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","hamburgerColor":"var(--lia-nav-controller-icon-color)","linkTextBorderBottom":"none","brandLogoHeight":"30px","linkBgHoverColor":"transparent","linkLetterSpacing":"normal","collapseMenuDividerOpacity":0.16,"dropdownPaddingBottom":"15px","paddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"1px solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","collapseMenuDividerBg":"var(--lia-nav-link-color)","linkColor":"var(--lia-bs-body-color)","linkJustifyContent":"flex-start","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-body-color)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","linkPaddingX":"10px","linkPaddingY":"5px","paddingTop":"15px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkBgColor":"transparent","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.HeroBanner","props":{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.HeroBanner"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.MicrosoftFooter","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1745505307000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.HeroBanner-en-us-1747150703342":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-us-1747150703342","value":{"component":{"id":"custom.widget.HeroBanner","template":{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your search term(s) and then press return key to complete a search.","blogs.sidebar.pagetitle":"Latest Blogs | Microsoft Tech Community","followThisNode":"Follow this node","unfollowThisNode":"Unfollow this node"},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.HeroBanner","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.MicrosoftFooter-en-us-1747150703342":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-us-1747150703342","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\n min-width: 280px;\n font-size: 15px;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.c-uhff-link {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.c-uhff {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.c-uhff-nav {\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n .c-heading-4 {\n color: #616161;\n word-break: break-word;\n font-size: 15px;\n line-height: 20px;\n padding: 36px 0 4px;\n font-weight: 600;\n }\n .c-uhff-nav-row {\n .c-uhff-nav-group {\n display: block;\n float: left;\n min-height: 1px;\n vertical-align: text-top;\n padding: 0 12px;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.c-list.f-bare {\n font-size: 11px;\n line-height: 16px;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 8px 0;\n margin: 0;\n }\n }\n }\n }\n}\n.c-uhff-base {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 30px 5% 16px;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.c-uhff-ccpa {\n font-size: 11px;\n line-height: 16px;\n float: left;\n margin: 3px 0;\n }\n a.c-uhff-ccpa:hover {\n text-decoration: underline;\n }\n ul.c-list {\n font-size: 11px;\n line-height: 16px;\n float: right;\n margin: 3px 0;\n color: #616161;\n li {\n padding: 0 24px 4px 0;\n display: inline-block;\n }\n }\n .c-list.f-bare {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 30px 24px 16px;\n }\n}\n\n.social-share {\n position: fixed;\n top: 60%;\n transform: translateY(-50%);\n left: 0;\n z-index: 1000;\n}\n\n.sharing-options {\n list-style: none;\n padding: 0;\n margin: 0;\n display: block;\n flex-direction: column;\n background-color: white;\n width: 43px;\n border-radius: 0px 7px 7px 0px;\n}\n.linkedin-icon {\n border-top-right-radius: 7px;\n}\n.linkedin-icon:hover {\n border-radius: 0;\n}\n.social-share-rss-image {\n border-bottom-right-radius: 7px;\n}\n.social-share-rss-image:hover {\n border-radius: 0;\n}\n\n.social-link-footer {\n position: relative;\n display: block;\n margin: -2px 0;\n transition: all 0.2s ease;\n}\n.social-link-footer:hover .linkedin-icon {\n border-radius: 0;\n}\n.social-link-footer:hover .social-share-rss-image {\n border-radius: 0;\n}\n\n.social-link-footer img {\n width: 40px;\n height: auto;\n transition: filter 0.3s ease;\n}\n\n.social-share-list {\n width: 40px;\n}\n.social-share-rss-image {\n width: 40px;\n}\n\n.share-icon {\n border: 2px solid transparent;\n display: inline-block;\n position: relative;\n}\n\n.share-icon:hover {\n opacity: 1;\n border: 2px solid white;\n box-sizing: border-box;\n}\n\n.share-icon:hover .label {\n opacity: 1;\n visibility: visible;\n border: 2px solid white;\n box-sizing: border-box;\n border-left: none;\n}\n\n.label {\n position: absolute;\n left: 100%;\n white-space: nowrap;\n opacity: 0;\n visibility: hidden;\n transition: all 0.2s ease;\n color: white;\n border-radius: 0 10 0 10px;\n top: 50%;\n transform: translateY(-50%);\n height: 40px;\n border-radius: 0 6px 6px 0;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px 5px 20px 8px;\n margin-left: -1px;\n}\n.linkedin {\n background-color: #0474b4;\n}\n.facebook {\n background-color: #3c5c9c;\n}\n.twitter {\n background-color: white;\n color: black;\n}\n.reddit {\n background-color: #fc4404;\n}\n.mail {\n background-color: #848484;\n}\n.bluesky {\n background-color: white;\n color: black;\n}\n.rss {\n background-color: #ec7b1c;\n}\n#RSS {\n width: 40px;\n height: 40px;\n}\n\n@media (max-width: 991px) {\n .social-share {\n display: none;\n }\n}\n","texts":{"New tab":"What's New","New 1":"Surface Laptop Studio 2","New 2":"Surface Laptop Go 3","New 3":"Surface Pro 9","New 4":"Surface Laptop 5","New 5":"Surface Studio 2+","New 6":"Copilot in Windows","New 7":"Microsoft 365","New 8":"Windows 11 apps","Store tab":"Microsoft Store","Store 1":"Account Profile","Store 2":"Download Center","Store 3":"Microsoft Store Support","Store 4":"Returns","Store 5":"Order tracking","Store 6":"Certified Refurbished","Store 7":"Microsoft Store Promise","Store 8":"Flexible Payments","Education tab":"Education","Edu 1":"Microsoft in education","Edu 2":"Devices for education","Edu 3":"Microsoft Teams for Education","Edu 4":"Microsoft 365 Education","Edu 5":"How to buy for your school","Edu 6":"Educator Training and development","Edu 7":"Deals for students and parents","Edu 8":"Azure for students","Business tab":"Business","Bus 1":"Microsoft Cloud","Bus 2":"Microsoft Security","Bus 3":"Dynamics 365","Bus 4":"Microsoft 365","Bus 5":"Microsoft Power Platform","Bus 6":"Microsoft Teams","Bus 7":"Microsoft Industry","Bus 8":"Small Business","Developer tab":"Developer & IT","Dev 1":"Azure","Dev 2":"Developer Center","Dev 3":"Documentation","Dev 4":"Microsoft Learn","Dev 5":"Microsoft Tech Community","Dev 6":"Azure Marketplace","Dev 7":"AppSource","Dev 8":"Visual Studio","Company tab":"Company","Com 1":"Careers","Com 2":"About Microsoft","Com 3":"Company News","Com 4":"Privacy at Microsoft","Com 5":"Investors","Com 6":"Diversity and inclusion","Com 7":"Accessiblity","Com 8":"Sustainibility"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_MicrosoftFooter_context-uhf_105bp_1 {\n min-width: 17.5rem;\n font-size: 0.9375rem;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-link_105bp_12 {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff_105bp_12 {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.custom_widget_MicrosoftFooter_c-uhff-nav_105bp_35 {\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n .custom_widget_MicrosoftFooter_c-heading-4_105bp_49 {\n color: #616161;\n word-break: break-word;\n font-size: 0.9375rem;\n line-height: 1.25rem;\n padding: 2.25rem 0 0.25rem;\n font-weight: 600;\n }\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_105bp_57 {\n .custom_widget_MicrosoftFooter_c-uhff-nav-group_105bp_58 {\n display: block;\n float: left;\n min-height: 0.0625rem;\n vertical-align: text-top;\n padding: 0 0.75rem;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.custom_widget_MicrosoftFooter_c-list_105bp_78.custom_widget_MicrosoftFooter_f-bare_105bp_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 0.5rem 0;\n margin: 0;\n }\n }\n }\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff-base_105bp_94 {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 1.875rem 5% 1rem;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: left;\n margin: 0.1875rem 0;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107:hover {\n text-decoration: underline;\n }\n ul.custom_widget_MicrosoftFooter_c-list_105bp_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: right;\n margin: 0.1875rem 0;\n color: #616161;\n li {\n padding: 0 1.5rem 0.25rem 0;\n display: inline-block;\n }\n }\n .custom_widget_MicrosoftFooter_c-list_105bp_78.custom_widget_MicrosoftFooter_f-bare_105bp_78 {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 1.875rem 1.5rem 1rem;\n }\n}\n.custom_widget_MicrosoftFooter_social-share_105bp_138 {\n position: fixed;\n top: 60%;\n transform: translateY(-50%);\n left: 0;\n z-index: 1000;\n}\n.custom_widget_MicrosoftFooter_sharing-options_105bp_146 {\n list-style: none;\n padding: 0;\n margin: 0;\n display: block;\n flex-direction: column;\n background-color: white;\n width: 2.6875rem;\n border-radius: 0 0.4375rem 0.4375rem 0;\n}\n.custom_widget_MicrosoftFooter_linkedin-icon_105bp_156 {\n border-top-right-radius: 7px;\n}\n.custom_widget_MicrosoftFooter_linkedin-icon_105bp_156:hover {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n border-bottom-right-radius: 7px;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162:hover {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169 {\n position: relative;\n display: block;\n margin: -0.125rem 0;\n transition: all 0.2s ease;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169:hover .custom_widget_MicrosoftFooter_linkedin-icon_105bp_156 {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169:hover .custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169 img {\n width: 2.5rem;\n height: auto;\n transition: filter 0.3s ease;\n}\n.custom_widget_MicrosoftFooter_social-share-list_105bp_188 {\n width: 2.5rem;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n width: 2.5rem;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195 {\n border: 2px solid transparent;\n display: inline-block;\n position: relative;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195:hover {\n opacity: 1;\n border: 2px solid white;\n box-sizing: border-box;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195:hover .custom_widget_MicrosoftFooter_label_105bp_207 {\n opacity: 1;\n visibility: visible;\n border: 2px solid white;\n box-sizing: border-box;\n border-left: none;\n}\n.custom_widget_MicrosoftFooter_label_105bp_207 {\n position: absolute;\n left: 100%;\n white-space: nowrap;\n opacity: 0;\n visibility: hidden;\n transition: all 0.2s ease;\n color: white;\n border-radius: 0 10 0 0.625rem;\n top: 50%;\n transform: translateY(-50%);\n height: 2.5rem;\n border-radius: 0 0.375rem 0.375rem 0;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 1.25rem 0.3125rem 1.25rem 0.5rem;\n margin-left: -0.0625rem;\n}\n.custom_widget_MicrosoftFooter_linkedin_105bp_156 {\n background-color: #0474b4;\n}\n.custom_widget_MicrosoftFooter_facebook_105bp_237 {\n background-color: #3c5c9c;\n}\n.custom_widget_MicrosoftFooter_twitter_105bp_240 {\n background-color: white;\n color: black;\n}\n.custom_widget_MicrosoftFooter_reddit_105bp_244 {\n background-color: #fc4404;\n}\n.custom_widget_MicrosoftFooter_mail_105bp_247 {\n background-color: #848484;\n}\n.custom_widget_MicrosoftFooter_bluesky_105bp_250 {\n background-color: white;\n color: black;\n}\n.custom_widget_MicrosoftFooter_rss_105bp_254 {\n background-color: #ec7b1c;\n}\n#custom_widget_MicrosoftFooter_RSS_105bp_1 {\n width: 2.5rem;\n height: 2.5rem;\n}\n@media (max-width: 991px) {\n .custom_widget_MicrosoftFooter_social-share_105bp_138 {\n display: none;\n }\n}\n","tokens":{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_105bp_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_105bp_12","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_105bp_12","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_105bp_35","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_105bp_49","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_105bp_57","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_105bp_58","c-list":"custom_widget_MicrosoftFooter_c-list_105bp_78","f-bare":"custom_widget_MicrosoftFooter_f-bare_105bp_78","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_105bp_94","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107","social-share":"custom_widget_MicrosoftFooter_social-share_105bp_138","sharing-options":"custom_widget_MicrosoftFooter_sharing-options_105bp_146","linkedin-icon":"custom_widget_MicrosoftFooter_linkedin-icon_105bp_156","social-share-rss-image":"custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162","social-link-footer":"custom_widget_MicrosoftFooter_social-link-footer_105bp_169","social-share-list":"custom_widget_MicrosoftFooter_social-share-list_105bp_188","share-icon":"custom_widget_MicrosoftFooter_share-icon_105bp_195","label":"custom_widget_MicrosoftFooter_label_105bp_207","linkedin":"custom_widget_MicrosoftFooter_linkedin_105bp_156","facebook":"custom_widget_MicrosoftFooter_facebook_105bp_237","twitter":"custom_widget_MicrosoftFooter_twitter_105bp_240","reddit":"custom_widget_MicrosoftFooter_reddit_105bp_244","mail":"custom_widget_MicrosoftFooter_mail_105bp_247","bluesky":"custom_widget_MicrosoftFooter_bluesky_105bp_250","rss":"custom_widget_MicrosoftFooter_rss_105bp_254","RSS":"custom_widget_MicrosoftFooter_RSS_105bp_1"}},"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1745505307000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1745505307000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745505307000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1722894000155":"Recent Discussions","title@instance:1727367112619":"Recent Blog Articles","title@instance:1727367069748":"Recent Discussions","title@instance:1727366213114":"Latest Discussions","title@instance:1727899609720":"","title@instance:1727363308925":"Latest Discussions","title@instance:1737115580352":"Latest Articles","title@instance:1720453418992":"Recent Discssions","title@instance:1727365950181":"Latest Blog Articles","title@instance:bmDPnI":"Latest Blog Articles","title@instance:IiDDJZ":"Latest Blog Articles","title@instance:1721244347979":"Latest blog posts","title@instance:1728383752171":"Related Content","title@instance:1722893956545":"Latest Skilling Resources","title@instance:dhcgCU":"Latest Discussions"},"localOverride":false},"Category:category:Exchange":{"__typename":"Category","id":"category:Exchange","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":{"__typename":"Category","id":"category:EducationSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":{"__typename":"Category","id":"category:PublicSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":{"__typename":"Category","id":"category:microsoft365","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftLearn":{"__typename":"Category","id":"category:MicrosoftLearn","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:MicrosoftLearnBlog":{"__typename":"Blog","id":"board:MicrosoftLearnBlog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:AI":{"__typename":"Category","id":"category:AI","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftforNonprofits":{"__typename":"Category","id":"category:MicrosoftforNonprofits","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:StartupsatMicrosoft":{"__typename":"Category","id":"category:StartupsatMicrosoft","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Microsoft365Copilot":{"__typename":"Category","id":"category:Microsoft365Copilot","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":{"__typename":"Category","id":"category:Windows","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Content_Management":{"__typename":"Category","id":"category:Content_Management","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoftintune":{"__typename":"Category","id":"category:microsoftintune","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:1608761":{"__typename":"Conversation","id":"conversation:1608761","topic":{"__typename":"BlogTopicMessage","uid":1608761},"lastPostingActivityTime":"2025-04-09T07:37:29.088-07:00","solved":false},"Category:category:microsoft-defender-for-cloud":{"__typename":"Category","id":"category:microsoft-defender-for-cloud","displayId":"microsoft-defender-for-cloud"},"Blog:board:MicrosoftDefenderCloudBlog":{"__typename":"Blog","id":"board:MicrosoftDefenderCloudBlog","displayId":"MicrosoftDefenderCloudBlog","nodeType":"board","conversationStyle":"BLOG","title":"Microsoft Defender for Cloud Blog","shortTitle":"Microsoft Defender for Cloud Blog","parent":{"__ref":"Category:category:microsoft-defender-for-cloud"}},"User:user:124214":{"__typename":"User","uid":124214,"login":"YuriDiogenes","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMjQyMTQtMjk0ODRpNkQwNzBDNjFBRDY2REM2Nw"},"id":"user:124214"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xNjA4NzYxLTMyMzQwN2k0OUZGOEVEQUUyQzMxMzky?revision=97\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xNjA4NzYxLTMyMzQwN2k0OUZGOEVEQUUyQzMxMzky?revision=97","title":"Ninja4.JPG","associationType":"TEASER","width":902,"height":458,"altText":"Ninja4.JPG"},"BlogTopicMessage:message:1608761":{"__typename":"BlogTopicMessage","subject":"Become a Microsoft Defender for Cloud Ninja","conversation":{"__ref":"Conversation:conversation:1608761"},"id":"message:1608761","revisionNum":97,"uid":1608761,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:124214"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" ","introduction":"","metrics":{"__typename":"MessageMetrics","views":319100},"postTime":"2020-08-25T13:06:30.746-07:00","lastPublishTime":"2025-04-09T07:37:29.088-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" [Last update: 04/08/2025] All content was reviewed and updated for the month of April 2025. \n \n This blog post has a curation of many Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender) resources, organized in a format that can help you to go from absolutely no knowledge in Microsoft Defender for Cloud, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Microsoft Defender for Cloud. On November 2nd, at Microsoft Ignite 2021, Microsoft announced the rebrand of Azure Security Center and Azure Defender for Microsoft Defender for Cloud. To learn more about this change, read this article. \n \n Every month we are adding new updates to this article, and you can track it by checking the red date besides the topic. If you already study all the modules and you are ready for the knowledge check, follow the procedures below: \n \n To obtain the Defender for Cloud Ninja Certificate \n 1. Take this knowledge check here, where you will find questions about different areas and plans available in Defender for Cloud. \n 2. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again. \n Note: it can take up to 24 hours for you to receive your certificate via email. \n \n To obtain the Defender for Servers Ninja Certificate (Introduced in 08/2023) \n 1. Take this knowledge check here, where you will find only questions related to Defender for Servers. \n 2. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again. \n Note: it can take up to 24 hours for you to receive your certificate via email. \n \n Modules \n To become an Microsoft Defender for Cloud Ninja, you will need to complete each module. The content of each module will vary, refer to the legend to understand the type of content before clicking in the topic’s hyperlink. The table below summarizes the content of each module: \n \n \n Module \n \n Description \n \n 0 - CNAPP \n \n In this module you will familiarize yourself with the concepts of CNAPP and how to plan Defender for Cloud deployment as a CNAPP solution. \n \n 1 – Introducing Microsoft Defender for Cloud and Microsoft Defender Cloud plans \n \n In this module you will familiarize yourself with Microsoft Defender for Cloud and understand the use case scenarios. You will also learn about Microsoft Defender for Cloud and Microsoft Defender Cloud plans pricing and overall architecture data flow. \n \n 2 – Planning Microsoft Defender for Cloud \n \n In this module you will learn the main considerations to correctly plan Microsoft Defender for Cloud deployment. From supported platforms to best practices implementation. \n \n 3 – Enhance your Cloud Security Posture \n \n In this module you will learn how to leverage Cloud Security Posture management capabilities, such as Secure Score and Attack Path to continuous improvement of your cloud security posture. This module includes automation samples that can be used to facilitate secure score adoption and operations. \n \n 4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud \n \n In this module you will learn how to use the cloud security posture management capabilities available in Microsoft Defender for Cloud, which includes vulnerability assessment, inventory, workflow automation and custom dashboards with workbooks. \n \n 5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud \n \n In this module you will learn about the regulatory compliance dashboard in Microsoft Defender for Cloud and give you insights on how to include additional standards. In this module you will also familiarize yourself with Azure Blueprints for regulatory standards. \n \n 6 – Cloud Workload Protection Platform Capabilities in Azure Defender \n \n In this module you will learn how the advanced cloud capabilities in Microsoft Defender for Cloud work, which includes JIT, File Integrity Monitoring and Adaptive Application Control. This module also covers how threat protection works in Microsoft Defender for Cloud, the different categories of detections, and how to simulate alerts. \n \n 7 – Streaming Alerts and Recommendations to a SIEM Solution \n \n In this module you will learn how to use native Microsoft Defender for Cloud capabilities to stream recommendations and alerts to different platforms. You will also learn more about Azure Sentinel native connectivity with Microsoft Defender for Cloud. Lastly, you will learn how to leverage Graph Security API to stream alerts from Microsoft Defender for Cloud to Splunk. \n \n 8 – Integrations and APIs \n \n In this module you will learn about the different integration capabilities in Microsoft Defender for Cloud, how to connect Tenable to Microsoft Defender for Cloud, and how other supported solutions can be integrated with Microsoft Defender for Cloud. \n \n 9 - DevOps Security \n \n In this module you will learn more about DevOps Security capabilities in Defender for Cloud. You will be able to follow the interactive guide to understand the core capabilities and how to navigate through the product. \n \n 10 - Defender for APIs \n \n In this module you will learn more about the new plan announced at RSA 2023. You will be able to follow the steps to onboard the plan and validate the threat detection capability. \n \n 11 - AI Posture Management and Workload Protection \n \n In this module you will learn more about the risks of Gen AI and how Defender for Cloud can help improve your AI posture management and detect threats against your Gen AI apps. \n \n \n \n Module 0 - Cloud Native Application Protection Platform (CNAPP) \n \n Improving Your Multi-Cloud Security with a CNAPP - a vendor agnostic approach \n Microsoft CNAPP Solution \n Planning and Operationalizing Microsoft CNAPP \n Understanding Cloud Native Application Protection Platforms (CNAPP) \n Cloud Native Applications Protection Platform (CNAPP) \n Microsoft CNAPP eBook \n Understanding CNAPP \n \n Module 1 - Introducing Microsoft Defender for Cloud \n \n What is Microsoft Defender for Cloud? \n A New Approach to Get Your Cloud Risks Under Control \n Getting Started with Microsoft Defender for Cloud \n Implementing a CNAPP Strategy to Embed Security From Code to Cloud \n Boost multicloud security with a comprehensive code to cloud strategy \n A new name for multi-cloud security: Microsoft Defender for Cloud \n Common questions about Defender for Cloud \n MDC Cost Calculator \n \n Module 2 – Planning Microsoft Defender for Cloud \n \n Features for IaaS workloads \n Features for PaaS workloads \n Built-in RBAC Roles in Microsoft Defender for Cloud \n Enterprise Onboarding Guide \n Assigning Permissions in Microsoft Defender for Cloud \n Design Considerations for Log Analytics Workspace \n Onboarding on-premises machines using Windows Admin Center \n Understanding Security Policies in Microsoft Defender for Cloud \n Creating Custom Policies \n Centralized Policy Management in Microsoft Defender for Cloud using Management Groups \n Planning Data Collection for IaaS VMs\n \n Microsoft Defender for Cloud PoC Series – Microsoft Defender for Resource Manager \n Microsoft Defender for Cloud PoC Series – Microsoft Defender for Storage How to Effectively Perform an Microsoft Defender for Cloud PoC \n Microsoft Defender for Cloud PoC Series – Microsoft Defender for App Service Considerations for Multi-Tenant Scenario \n Microsoft Defender for Cloud PoC Series – Microsoft Defender CSPM \n Microsoft Defender for DevOps GitHub Connector - Microsoft Defender for Cloud PoC Series \n \n \n Grant tenant-wide permissions to yourself \n Simplifying Onboarding to Microsoft Defender for Cloud with Terraform \n \n Module 3 – Enhance your Cloud Security Posture \n \n Azure Secure Score vs. Microsoft Secure Score \n How Secure Score affects your governance \n Enhance your Secure Score in Microsoft Defender for Cloud \n Security recommendations \n Resource exemption \n Customizing Endpoint Protection Recommendation in Microsoft Defender for Cloud \n Deliver a Security Score weekly briefing \n Send Microsoft Defender for Cloud Recommendations to Azure Resource Stakeholders \n Secure Score Reduction Alert \n Average Time taken to remediate resources \n Improved experience for managing the default Azure security policies \n Security Policy Enhancements in Defender for Cloud \n Create custom recommendations and security standards \n Secure Score Overtime Workbook \n Automation Artifacts for Secure Score Recommendations \n Remediation Scripts \n \n Module 4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud \n \n CSPM in Defender for Cloud \n Take a Proactive Risk-Based Approach to Securing your Cloud Native Applications \n Predict future security incidents! Cloud Security Posture Management with Microsoft Defender \n Software inventory filters added to asset inventory \n Drive your organization to security actions using Governance experience \n Managing Asset Inventory in Microsoft Defender for Cloud \n Vulnerability Assessment Workbook Template \n Vulnerability Assessment for Containers \n Improvements in Continuous Export feature \n Implementing Workflow Automation \n Workflow Automation Artifacts \n Creating Custom Dashboard for Microsoft Defender for Cloud \n Using Microsoft Defender for Cloud API for Workflow Automation \n What you need to know when deleting and re-creating the security connector(s) in Defender for Cloud \n Connect AWS Account with Microsoft Defender for Cloud\n \n Video Demo - Connecting AWS accounts \n Microsoft Defender for Cloud PoC Series - Multi-cloud with AWS \n Onboarding your AWS/GCP environment to Microsoft Defender for Cloud with Terraform \n How to better manage cost of API calls that Defender for Cloud makes to AWS \n \n \n Connect GCP Account with Microsoft Defender for Cloud\n \n Protecting Containers in GCP with Defender for Containers \n Video Demo - Connecting GCP Accounts \n Microsoft Defender for Cloud PoC Series - Multicloud with GCP \n \n \n All You Need to Know About Microsoft Defender for Cloud Multicloud Protection \n Custom recommendations for AWS and GCP \n 31 new and enhanced multicloud regulatory standards coverage \n Azure Monitor Workbooks integrated into Microsoft Defender for Cloud and three templates provided \n How to Generate a Microsoft Defender for Cloud exemption and disable policy report \n Cloud security posture and contextualization across cloud boundaries from a single dashboard \n Best Practices to Manage and Mitigate Security Recommendations \n \n \n \n Defender CSPM\n \n Defender CSPM Plan Options \n Cloud Security Explorer \n Identify and remediate attack paths \n Agentless scanning for machines \n Cloud security explorer and Attack path analysis \n Governance Rules at Scale \n Governance Improvements \n Data Security Aware Posture Management \n A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud \n Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis \n Understanding data aware security posture capability \n Agentless Container Posture \n Agentless Container Posture Management \n Microsoft Defender for Cloud - Automate Notifications when new Attack Paths are created \n Proactively secure your Google Cloud Resources with Microsoft Defender for Cloud \n Demystifying Defender CSPM \n Discover and Protect Sensitive Data with Defender for Cloud \n Defender for cloud's Agentless secret scanning for virtual machines is now generally available! \n Defender CSPM Support for GCP \n Data Security Dashboard \n Agentless Container Posture Management in Multicloud \n Agentless malware scanning for servers \n Recommendation Prioritization \n Unified insights from Microsoft Entra Permissions Management \n Defender CSPM Internet Exposure Analysis \n Future-Proofing Cloud Security with Defender CSPM \n ServiceNow's integration now includes Configuration Compliance module \n \n \n \n 🚀 Suggested Labs: \n \n Improving your Secure Posture \n Connecting a GCP project \n Connecting an AWS project \n Defender CSPM \n Agentless container posture through Defender CSPM \n Contextual Security capabilities for AWS using Defender CSPM \n \n Module 5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud \n \n \n Understanding Regulatory Compliance Capabilities in Microsoft Defender for Cloud \n Adding new regulatory compliance standards \n Regulatory Compliance workbook \n Regulatory compliance dashboard now includes Azure Audit reports \n Microsoft cloud security benchmark: Azure compute benchmark is now aligned with CIS! \n Updated naming format of Center for Internet Security (CIS) standards in regulatory compliance \n CIS Azure Foundations Benchmark v2.0.0 in regulatory compliance dashboard \n Spanish National Security Framework (Esquema Nacional de Seguridad (ENS)) added to regulatory compliance dashboard for Azure \n \n 🚀 Suggested Lab: Regulatory Compliance \n Module 6 – Cloud Workload Protection Platform Capabilities in Microsoft Defender for Clouds \n \n Understanding Just-in-Time VM Access \n Implementing JIT VM Access \n File Integrity Monitoring in Microsoft Defender \n Understanding Threat Protection in Microsoft Defender \n Microsoft Defender for Servers\n \n Demystifying Defender for Servers \n Onboarding directly (without Azure Arc) to Defender for Servers \n Agentless secret scanning for virtual machines in Defender for servers P2 & DCSPM \n Vulnerability Management in Defender for Cloud \n File Integrity Monitoring using Microsoft Defender for Endpoint \n \n \n Microsoft Defender for Containers\n \n Basics of Defender for Containers \n Secure your Containers from Build to Runtime \n AWS ECR Coverage in Defender for Containers \n Upgrade to Microsoft Defender Vulnerability Management \n End to end container security with unified SOC experience \n Binary drift detection episode \n Binary drift detection \n Cloud Detection Response experience \n Exploring the Latest Container Security Updates from Microsoft Ignite 2024 \n Unveiling Kubernetes lateral movement and attack paths with Microsoft Defender for Cloud \n Onboarding Docker Hub and JFrog Artifactory \n Improvements in Container’s Posture Management \n New AKS Security Dashboard in Defender for Cloud \n \n \n Microsoft Defender for Storage\n \n Protect your storage resources against blob-hunting \n Malware Scanning in Defender for Storage \n \n \n Microsoft Defender for SQL \n \n New Defender for SQL VA \n \n \n Microsoft Defender for SQL Anywhere \n \n New autoprovisioning process for SQL Server on machines plan \n \n \n Defender for Open-Source Relational Databases Multicloud \n Microsoft Defender for KeyVault \n Microsoft Defender for AppService \n Microsoft Defender for Resource Manager \n Understanding Security Incident \n Security Alert Correlation \n Alert Reference Guide \n 'Copy alert JSON' button added to security alert details pane \n Alert Suppression \n Simulating Alerts in Microsoft Defender for Cloud\n \n Alert validation \n Simulating alerts for Windows \n Simulating alerts for Linux \n Simulating alerts for Containers \n Simulating alerts for Storage \n Simulating alerts for Microsoft Key Vault \n Simulating alerts for Microsoft Defender for Resource Manager \n \n \n Integration with Microsoft Defender for Endpoint\n \n Auto-provisioning of Microsoft Defender for Endpoint unified solution \n \n \n Resolve security threats with Microsoft Defender for Cloud \n Protect your servers and VMs from brute-force and malware attacks with Microsoft Defender for Cloud \n Filter security alerts by IP address \n Alerts by resource group \n Defender for Servers Security Alerts Improvements \n \n 🚀 Suggested Labs: \n \n Workload Protections \n Agentless container vulnerability assessment scanning \n Microsoft Defender for Cloud database protection \n Protecting On-Prem Servers in Defender for Cloud \n Defender for Storage \n \n Module 7 – Streaming Alerts and Recommendations to a SIEM Solution \n \n Continuous Export capability in Microsoft Defender for Cloud \n Deploying Continuous Export using Azure Policy \n Connecting Microsoft Sentinel with Microsoft Defender for Cloud \n Closing an Incident in Azure Sentinel and Dismissing an Alert in Microsoft Defender for Cloud \n Microsoft Sentinel bi-directional alert synchronization \n \n 🚀 Suggested Lab: Exporting Microsoft Defender for Cloud information to a SIEM \n Module 8 – Integrations and APIs \n \n Integration with Tenable \n Integrate security solutions in Microsoft Defender for Cloud \n Defender for Cloud integration with Defender EASM \n Defender for Cloud integration with Defender TI \n REST APIs for Microsoft Defender for Cloud \n Obtaining Secure Score via REST API \n Using Graph Security API to Query Alerts in Microsoft Defender for Cloud \n Automate(d) Security with Microsoft Defender for Cloud and Logic Apps \n Automating Cloud Security Posture and Cloud Workload Protection Responses \n \n Module 9 – DevOps Security \n \n Overview of Microsoft Defender for Cloud DevOps Security \n DevOps Security Interactive Guide \n Configure the Microsoft Security DevOps Azure DevOps extension \n Configure the Microsoft Security DevOps GitHub action \n Automate SecOps to Developer Communication with Defender for DevOps \n Compliance for Exposed Secrets Discovered by DevOps Security \n Automate DevOps Security Recommendation Remediation \n DevOps Security Workbook \n Remediating Security Issues in Code with Pull Request Annotations \n Code to Cloud Security using Microsoft Defender for DevOps \n GitHub Advanced Security for Azure DevOps alerts in Defender for Cloud \n Securing your GitLab Environment with Microsoft Defender for Cloud \n Bridging the Gap Between Code and Cloud with Defender for Cloud \n Integrate Defender for Cloud CLI with CI/CD pipelines \n Code Reachability Analysis \n \n 🚀 Suggested Labs: \n \n Onboarding Azure DevOps to Defender for Cloud \n Onboarding GitHub to Defender for Cloud \n \n Module 10 – Defender for APIs \n \n What is Microsoft Defender for APIs? \n Onboard Defender for APIs \n Validating Microsoft Defender for APIs Alerts \n API Security with Defender for APIs \n Microsoft Defender for API Security Dashboard \n Exempt functionality now available for Defender for APIs recommendations \n Create sample alerts for Defender for APIs detections \n Defender for APIs reach GA \n Increasing API Security Testing Visibility \n Boost Security with API Security Posture Management \n \n 🚀 Suggested Lab: Defender for APIs \n Module 11 – AI Posture Management and Workload Protection \n \n Secure your AI applications from code to runtime with Microsoft Defender for Cloud \n AI security posture management \n AI threat protection \n Secure your AI applications from code to runtime \n Data and AI security dashboard \n Protecting Azure AI Workloads using Threat Protection for AI in Defender for Cloud \n \n 🚀 Suggested Lab: Security for AI workloads \n \n Are you ready to take your knowledge check? If so, click here. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got it wrong, study more and take the assessment again. \n Note: it can take up to 24 hours for you to receive your certificate via email. \n \n Other Resources \n \n Microsoft Defender for Cloud Labs \n Become an Microsoft Sentinel Ninja \n Become an MDE Ninja \n Cross-product lab (Defend the Flag) \n Release notes (updated every month) \n Important upcoming changes \n \n \n Have a great time ramping up in Microsoft Defender for Cloud and becoming a Microsoft Defender for Cloud Ninja!! \n \n \n Reviewer: \n \n Tom Janetscheck, Senior PM \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"20861","kudosSumWeight":63,"repliesCount":34,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xNjA4NzYxLTMyMzQwN2k0OUZGOEVEQUUyQzMxMzky?revision=97\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3838969":{"__typename":"Conversation","id":"conversation:3838969","topic":{"__typename":"BlogTopicMessage","uid":3838969},"lastPostingActivityTime":"2023-06-05T05:51:22.868-07:00","solved":false},"User:user:117322":{"__typename":"User","uid":117322,"login":"StanislavBelov","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMTczMjItMjEyMTM4aUVCOTNBNzA0MTU1NzkxMzk"},"id":"user:117322"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0ODA5N2k4OENFM0RERTVFREFENzA1?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0ODA5N2k4OENFM0RERTVFREFENzA1?revision=11","title":"teaser.png","associationType":"TEASER","width":336,"height":192,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0ODA5OGlEQkM2NEMyQTUzNzQ1Qjk4?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0ODA5OGlEQkM2NEMyQTUzNzQ1Qjk4?revision=11","title":"teaser.png","associationType":"BODY","width":336,"height":192,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUwN2kxNEU2NTExREMwOEZDOTg4?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUwN2kxNEU2NTExREMwOEZDOTg4?revision=11","title":"Product videos.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2MGk1QTcxMTdBOUM5ODE0OEIz?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2MGk1QTcxMTdBOUM5ODE0OEIz?revision=11","title":"webcast recordings.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2NGk1NjU2M0VDOUQ2RjVGODVB?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2NGk1NjU2M0VDOUQ2RjVGODVB?revision=11","title":"Docs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2M2kzMEExQTVERkM4NzYwNEVF?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2M2kzMEExQTVERkM4NzYwNEVF?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUwOGkzQ0UxRTJGRkY2NkVDQTNE?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUwOGkzQ0UxRTJGRkY2NkVDQTNE?revision=11","title":"GitHub.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk3MGk0Mzk2QjM0QkMzNTY0NzdF?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk3MGk0Mzk2QjM0QkMzNTY0NzdF?revision=11","title":"External.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2MWk3RUNBMDkxQkUyNkU0RTA0?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2MWk3RUNBMDkxQkUyNkU0RTA0?revision=11","title":"Product improvements.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2Mmk5MzA5OEUzRTEwRjNFRjc2?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2Mmk5MzA5OEUzRTEwRjNFRjc2?revision=11","title":"Public Preview sign-up.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUxNWlCQzQwMTExNTZEQTAwMjJC?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUxNWlCQzQwMTExNTZEQTAwMjJC?revision=11","title":"webcast recordings.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0M2kyMjY4QUVEQzVDNkU0NjdG?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0M2kyMjY4QUVEQzVDNkU0NjdG?revision=11","title":"Public Preview sign-up.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ2NDg5N2k5MDE0RUU1RDJEQzY4NjYy?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ2NDg5N2k5MDE0RUU1RDJEQzY4NjYy?revision=11","title":"GitHub.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0NGk0RkRDQTVGMTdCNTUxMzM1?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0NGk0RkRDQTVGMTdCNTUxMzM1?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0NWk1RERGQjZGMzRCNkE3QkZB?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0NWk1RERGQjZGMzRCNkE3QkZB?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk1M2lGNjJDRTQ2QUI5MTNEQ0Y5?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk1M2lGNjJDRTQ2QUI5MTNEQ0Y5?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMWk1QjJFMDQ4QjZBOTlBOTRG?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMWk1QjJFMDQ4QjZBOTlBOTRG?revision=11","title":"Product improvements.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMmkxRURCNTJFNEY1QkEzQTA3?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMmkxRURCNTJFNEY1QkEzQTA3?revision=11","title":"Product improvements.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMGlEQjlEMDg4MDAwNjk5QkQ4?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMGlEQjlEMDg4MDAwNjk5QkQ4?revision=11","title":"Product improvements.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzNWk3QjgyNzZDN0QyNTM5RTdD?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzNWk3QjgyNzZDN0QyNTM5RTdD?revision=11","title":"Public Preview sign-up.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzNmlBNENDNTU3RjYxMDI0NUI2?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzNmlBNENDNTU3RjYxMDI0NUI2?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzOGlEMEJGODg0REQ2M0M0OTdD?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzOGlEMEJGODg0REQ2M0M0OTdD?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjkzM2k4QzY1ODg2OTcxQUI3OTg0?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjkzM2k4QzY1ODg2OTcxQUI3OTg0?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk1Nmk1MDREMkJFNDQ4NDg3RTFG?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk1Nmk1MDREMkJFNDQ4NDg3RTFG?revision=11","title":"Blogs on MS.png","associationType":"BODY","width":39,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ2NTIzMmlCNzFGOEIyMTk3Q0Q2NTJE?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ2NTIzMmlCNzFGOEIyMTk3Q0Q2NTJE?revision=11","title":"webcast recordings.png","associationType":"BODY","width":39,"height":39,"altText":null},"BlogTopicMessage:message:3838969":{"__typename":"BlogTopicMessage","subject":"Monthly news - June 2023","conversation":{"__ref":"Conversation:conversation:3838969"},"id":"message:3838969","revisionNum":11,"uid":3838969,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:117322"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This is our monthly \"What's new\" blog post, summarizing product updates and various new assets we released over the past month. \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":165929},"postTime":"2023-06-05T05:40:45.171-07:00","lastPublishTime":"2023-06-05T05:51:22.868-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n \n \n \n \n \n \n \n Microsoft Defender for Cloud \n Monthly news \n June 2023 Edition \n \n \n \n \n \n \n \n \n \n This is our monthly \"What's new\" blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from May 2023. \n \n \n \n \n \n \n \n Legend: \n \n \n \n Product videos \n \n Webcasts (recordings) \n \n Docs on Microsoft \n \n Blogs on Microsoft \n \n \n \n GitHub \n \n External content \n \n Product improvements \n \n Announcements \n \n \n \n \n \n \n \n \n \n \n Microsoft Defender for Cloud \n \n \n \n Watch new episodes of the Defender for Cloud in the Field show to learn about API Security with Defender for APIs, how to create custom recommendations for AWS and GCP, and new data-aware security posture capabilities in Defender for Cloud. \n \n \n \n We're announcing the release of Vulnerability Assessment for Linux images in Azure container registries powered by Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM. This release includes daily scanning of images. Findings used in the Security Explorer and attack paths rely on MDVM Vulnerability Assessment instead of the Qualys scanner. \n \n \n \n We're seeking your feedback on Defender for APIs. In this form you will be able to share feedback with the product team about your experience with the Defender for APIs capabilities. The survey will take approximately 6 minutes to complete. Thank you! \n \n \n \n \n \n \n \n The Defender for Cloud Onboarding Workbook V2 is the latest version of this workbook that was originally published August 2022. Please review this blog post to learn what has changed. This workbook helps you track which Azure subscriptions under your Tenant are onboarded with Defender for Cloud. Also, it lists the resources deployed into these subscriptions that can be protected by the Defender for Cloud workload protection plans, and it checks if any required agents are missing for the workload protection. \n \n \n \n Microsoft Defender for APIs, a new plan in Defender for Cloud, offers full lifecycle protection, detection, and response coverage for APIs published in Azure API Management. One of the main capabilities is the ability to detect exploits of the OWASP API Top 10 vulnerabilities through runtime observations of anomalies using machine learning-based and rule-based detections. This blog will outline the steps for simulating an action that will trigger an alert for one of your API endpoints through Defender for APIs. \n \n \n \n Microsoft Defender for Cloud is a Cloud Native Application Protection Platform (CNAPP) that offers crucial insights and protective measures through its Attack Path risk analysis feature. A frequent requirement from customers is the ability to receive notifications whenever new attack paths are detected. This article presents an automated solution utilizing Azure Logic Apps to address this need. By deploying a custom Logic App using an Azure Resource Manager (ARM) template, organizations can establish a streamlined notification system for newly reported attack paths by Microsoft Defender for Cloud. This solution guarantees that security teams receive prompt alerts, empowering them to promptly respond and safeguard their cloud resources efficiently. \n \n \n \n Defender for DevOps Code and IaC has expanded its recommendation coverage in Microsoft Defender for Cloud to include Azure DevOps security findings for the following two recommendations:\n \n Code repositories should have code scanning findings resolved \n Code repositories should have infrastructure as code scanning findings resolved \n \nPreviously, coverage for Azure DevOps security scanning only included the secrets recommendation. \n \n \n \n Recently, we’ve added agentless container security posture capabilities in the Defender Cloud Security Posture Management (CSPM) plan. Previously, to discover parts of the Kubernetes estate, the Defender Profile, deployed as part of the Defender for Containers plan, needed to be deployed on each cluster. Defender CSPM now collects inventory of the Kubernetes cluster, without the use of an agent and without dependency on Defender for Containers. These insights are included as part of the Cloud Security Explorer and Attack Path Analysis. However, security posture management is not enough to get full visibility into potential threats and security risks. Defender for Containers and its’ agent-based capabilities are significant in detecting near real time threats on the cluster. In this blog, we highlight how Defender CSPM and Defender for Containers can be used to help organizations secure their containerized environments in the cloud. \n \n \n \n Agentless scanning for VMs now supports processing of instances with encrypted disks in AWS, using both CMK and PMK. This extended support increases coverage and visibility over your cloud estate without impacting your running workloads. Support for encrypted disks maintains the same zero impact method on running instances.\n \n For new customers enabling agentless scanning in AWS - encrypted disks coverage is built in and supported by default. \n For existing customers that already have an AWS connector with agentless scanning enabled, you'll need to reapply the CloudFormation stack to your onboarded AWS accounts to update and add the new permissions that are required to process encrypted disks. The updated CloudFormation template includes new assignments that allow Defender for Cloud to process encrypted disks. \n \n \n \n \n \n Defender for DevOps has expanded its Pull Request (PR) annotation coverage in Azure DevOps to include Infrastructure as Code (IaC) misconfigurations that are detected in ARM and Bicep templates. Developers can now see annotations for IaC misconfigurations directly in their PRs. Developers can also remediate critical security issues before the infrastructure is provisioned into cloud workloads. To simplify remediation, developers are provided with a severity level, misconfiguration description, and remediation instructions within each annotation. \n \n \n \n To help you manage your AWS CloudTrail costs and compliance needs, you can now select which AWS regions to scan when you add or edit a cloud connector. You can now scan selected specific AWS regions or all available regions (default), when you onboard your AWS accounts to Defender for Cloud. \n \n \n \n Microsoft Defender Vulnerability Management (MDVM) is now enabled as the default, built-in solution for all subscriptions protected by Defender for Servers that don't already have a VA solution selected. If a subscription has a VA solution enabled on any of its VMs, no changes are made and MDVM won't be enabled by default on the remaining VMs in that subscription. You can choose to enable a VA solution on the remaining VMs on your subscriptions. \n \n \n \n In today’s application development landscape, organizations are widely adopting Infrastructure-as-Code (IaC) technology to automate the provisioning and management of resources to support cloud native applications and workloads across their multi-cloud environments. By utilizing IaC, organizations can manage infrastructures with the same versioning, testing, and automation processes that they use for their application code, leading to more reliable, efficient, and secure operations. In this blog, you will learn how to identify and remediate critical misconfigurations in your Infrastructure-as-Code templates with Defender for DevOps. \n \n \n \n Have you ever found yourself in a situation where you wanted to determine which AWS resources are missing a tag? You can accomplish this use case using custom recommendations for AWS workloads in Defender for Cloud. The following steps solve the problem of creating a custom recommendation that identifies which Amazon RDS instances are missing a tag, but they can be applied to other use cases too. To learn more about this feature, please check out this article. \n \n \n \n Securing container images is essential to ensure data protection, reduce the risk of data breaches, and improve regulatory compliance. By understanding potential vulnerabilities, businesses can create a robust security strategy to protect their containerized applications, thereby safeguarding their sensitive data, reputation, and customer trust. In this blog we discuss how Microsoft Defender for Cloud Security Posture Management (DCSPM) can help you identify and remediate vulnerabilities in your container image repositories. \n \n \n \n Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Newington College – an Australian primary and secondary school – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment. \n \n \n \n Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds. \n \n \n \n \n \nNote: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe\n \n \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9279","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0ODA5N2k4OENFM0RERTVFREFENzA1?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0ODA5OGlEQkM2NEMyQTUzNzQ1Qjk4?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUwN2kxNEU2NTExREMwOEZDOTg4?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2MGk1QTcxMTdBOUM5ODE0OEIz?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2NGk1NjU2M0VDOUQ2RjVGODVB?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2M2kzMEExQTVERkM4NzYwNEVF?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUwOGkzQ0UxRTJGRkY2NkVDQTNE?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk3MGk0Mzk2QjM0QkMzNTY0NzdF?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2MWk3RUNBMDkxQkUyNkU0RTA0?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzU2Mmk5MzA5OEUzRTEwRjNFRjc2?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0NzUxNWlCQzQwMTExNTZEQTAwMjJC?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0M2kyMjY4QUVEQzVDNkU0NjdG?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ2NDg5N2k5MDE0RUU1RDJEQzY4NjYy?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0NGk0RkRDQTVGMTdCNTUxMzM1?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk0NWk1RERGQjZGMzRCNkE3QkZB?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk1M2lGNjJDRTQ2QUI5MTNEQ0Y5?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMWk1QjJFMDQ4QjZBOTlBOTRG?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMmkxRURCNTJFNEY1QkEzQTA3?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzMGlEQjlEMDg4MDAwNjk5QkQ4?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzNWk3QjgyNzZDN0QyNTM5RTdD?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzNmlBNENDNTU3RjYxMDI0NUI2?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjgzOGlEMEJGODg0REQ2M0M0OTdD?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ3NjkzM2k4QzY1ODg2OTcxQUI3OTg0?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ0Nzk1Nmk1MDREMkJFNDQ4NDg3RTFG?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODM4OTY5LTQ2NTIzMmlCNzFGOEIyMTk3Q0Q2NTJE?revision=11\"}"}}],"totalCount":25,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3563710":{"__typename":"Conversation","id":"conversation:3563710","topic":{"__typename":"BlogTopicMessage","uid":3563710},"lastPostingActivityTime":"2023-11-17T08:50:34.805-08:00","solved":false},"User:user:1130578":{"__typename":"User","uid":1130578,"login":"Liana_Anca_Tomescu","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMTMwNTc4LTMzOTM2NGkyOEY0OTcxOTJGNEM3NjU3"},"id":"user:1130578"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYzNzEwLTM5MzQxNGk1RUJDRTg0NzVEQUM1NTky?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYzNzEwLTM5MzQxNGk1RUJDRTg0NzVEQUM1NTky?revision=5","title":"MSFT_SCI_Threat_Protection_01.jpg","associationType":"TEASER","width":539,"height":301,"altText":null},"BlogTopicMessage:message:3563710":{"__typename":"BlogTopicMessage","subject":"Deploy Microsoft Defender for Cloud via Terraform","conversation":{"__ref":"Conversation:conversation:3563710"},"id":"message:3563710","revisionNum":5,"uid":3563710,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:1130578"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Terraform is an Infrastructure as a Code tool created by Hashicorp. It’s used to manage your infrastructure in Azure, as well as other clouds. In this article, we’ll be showing you how to deploy Microsoft Defender for Cloud (MDC) using Terraform from scratch. \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":51024},"postTime":"2022-07-01T12:46:03.069-07:00","lastPublishTime":"2023-07-07T08:53:16.979-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Terraform is an Infrastructure as a Code tool created by Hashicorp. It’s used to manage your infrastructure in Azure, as well as other clouds. In this article, we’ll be showing you how to deploy Microsoft Defender for Cloud (MDC) using Terraform from scratch. This way if you use Terraform, it’s recommended that you stick entirely with Terraform and don’t use any other management methods such as the Azure Portal. \n \n As part of using Terraform to manage MDC, you will need to setup the Terraform configuration in a workspace including the Azure Resource Manager (RM) provider which configures your Azure resources. In this workspace, you’ll have the following files: \n \n \n Main.tf: The declarative configuration of the state of your MDC deployment. This is where all the updates for your Azure resources are performed, including the deployment of MDC. \n Variables.tf: Contains different values per environment e.g., development vs production environment. \n Outputs.tf: Declares information that you only determine after deployment \n \n \n The following commands for Terraform are most crucial for you to know: \n \n \n Terraform init \n \n \n \n Summary: Initialize Terraform. \n Typically run this once or just when adding in new providers or new versions \n This will parse through all the workspace files to create an initial state of determining what is needed e.g., plugins referenced in the Main.tf file e.g., azure plugin. \n Result: Once you run this file It will download these files to a terraform subfolder called .terraform subfolder where it will store the Azure RM provider. \n \n \n \n Terraform plan \n \n \n \n Summary: View the changes that will be applied. \n Creates an execution plan of the actions needed to make the current state match the desired configuration in the terraform files. \n No changes in Azure will be made with this command, it will just show you me what will be done but won’t do any of the changes. \n \n \n \n Terraform apply \n \n \n \n Summary: Applies the changes from main.tf to your Azure environment. \n \n \n Setup Terraform environment \n \n Go to Downloads | Terraform by HashiCorp and download the Terraform file relevant to your device. \n Then move the downloaded Terraform application in a directory of your choice. \n You will need to add the path that Terraform is found in as an environment variable if you’re using Windows. If this still doesn’t work, then use the following command: \n \n \n \n $env:PATH =$env:PATH+\";'<path to Terraform installation directory>”\" \n \n \n \n Go to the Microsoft Defender for Cloud GitHub repository and clone the Terraform configuration to the same directory. \n Open the directory that you just cloned in Visual Studio Code or your preferred source code editor. \n In the terminal of the editor, test that Terraform has been installed correctly by using the following command: \n \n \n \n terraform -version \n \n \n Now you have confirmed that Terraform has been correctly installed. \n \n Azure RM provider \n \n To manage Azure resources with Terraform, you need to use the Azure RM provider. In some situations, where an Azure RM REST API endpoint is not supported by the Azure RM provider, you can use the AzAPI provider to get full access to the Azure REST API. In a providers.tf file, you will place the following Terraform declarations, which state you are going to work with a minimum or specific Terraform provider version: \n \n \n terraform {\n\n required_version = \">=0.12\"\n \n required_providers {\n azurerm = {\n source = \"hashicorp/azurerm\"\n version = \"~>3.61\"\n }\n azapi = {\n source = \"Azure/azapi\"\n version = \"=1.6.0\"\n }\n }\n}\n\nprovider \"azurerm\" {\n features {}\n} \n \n \n This providers declaration will be used next by the Terraform initialization procedure to set itself up for Azure management. See more guidance on this provider in the Terraform resources for MDC section. \n \n Configure Terraform \n \n \n First thing you need to do is logging in to Azure, using the following command (your web browser will open up a new tab asking you to sign in with your Azure credentials): \n \n \n \n az login \n \n \n 2. You will need to initialize Terraform to prepare the current working directory to be used with Terraform and to install the required providers, using the following command: \n \n \n terraform init \n \n \n \n Run the following command to determine what changes are required in Azure to match the Main.tf file: \n \n \n \n terraform plan \n \n \n This allows you to see what changes are different from your main.tf and what is in your Azure environment. All the Azure configuration should go in the main.tf file. \n \n \n When you’re satisfied with the proposed changes, then you run the following command to actually apply the changes: \n \n \n \n terraform apply \n \n \n You now have the configuration needed for MDC. \n You can make further changes to your main.tf file which will be incorporated to your Azure environment when you run the terraform apply command again. \n \n Note: Once you start using Terraform to deploy your Azure resources, it’s a best practise to continue using terraform for this. Try to avoid using the Azure Portal UI to make further changes as that may cause issues in your Terraform configuration. \n \n Terraform resources for MDC \n \n There are many Terraform resources available for setting up MDfC. You can browse for them in the Azure RM Terraform provider documentation. You will notice they appear aggregated under “Security Center”, which was the previous brand for MDfC. In this section, you will learn which Terraform resources to use for each MDfC setup step, for a particular Azure subscription. \n Many of the Terraform examples below are going to reference the current Azure subscription ID we are working with. This is done by means of a data declaration which stores the current Azure subscription properties: \n \n \n data \"azurerm_subscription\" \"current\" {} \n \n \n Note: The example code below should go into your main.tf file. \n \n Enabling the default Microsoft Cloud Security Benchmark Policy initiative \n \n After an Azure Subscription is registered for the Microsoft.Security resource provider – this should have at least happened automatically after you ran terraform init –, MDC will eventually enable the default Azure Policy initiative for Microsoft Cloud Security Benchmark, which fuels its Security Posture recommendations. As this will happen only after some hours, you may want to leverage Terraform to enable it yourself and speed things up. \n \n \n resource \"azurerm_subscription_policy_assignment\" \"mcsb_assignment\" {\n name = \"mcsb\"\n display_name = \"Microsoft Cloud Security Benchmark\"\n policy_definition_id = \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\n subscription_id = data.azurerm_subscription.current.id\n} \n \n \n We are using the Policy Assignment resource applied at the Subscription level and we are referring to the Microsoft Cloud Security Benchmark Policy Initiative ID. You will notice the use of the data.azurerm_subscription.current data resource we declared earlier, to populate the Subscription ID. \n \n Enabling MDC Plans \n \n Now that we’ve already set up Security Posture, let’s move on to Workload Protection. After choosing which Defender Plans you want to enable, you’ll declare a Terraform resource for each plan. \n \n \n resource \"azurerm_security_center_subscription_pricing\" \"mdc_arm\" {\n tier = \"Standard\"\n resource_type = \"Arm\"\n subplan = \"PerApiCall\"\n}\n\nresource \"azurerm_security_center_subscription_pricing\" \"mdc_servers\" {\n tier = \"Standard\"\n resource_type = \"VirtualMachines\"\n subplan = \"P2\"\n}\n\nresource \"azurerm_security_center_subscription_pricing\" \"mdc_cspm\" {\n tier = \"Standard\"\n resource_type = \"CloudPosture\"\n}\n\nresource \"azurerm_security_center_subscription_pricing\" \"mdc_storage\" {\n tier = \"Standard\"\n resource_type = \"StorageAccounts\"\n subplan = \"DefenderForStorageV2\"\n} \n \n \n In the examples above, we are enabling Defender for ARM and Defender for Servers (P2), Defender CSPM, and Defender for Storage (V2). For other plans, check out the Terraform documentation. \n \n Enabling plan settings \n \n Some Microsoft Defender for Cloud plans include additional settings, such as Defender CSPM (Agentless Scanning, Sensitive Data Discovery, etc.) or Defender for Servers (Defender for Endpoint integration). In the case of Defender CSPM settings, the Azure RM Terraform provider does not support it yet and we must fall back to the AzAPI provider instead, which provides us with full access to the Azure Resource Manager REST API. \n \n \n resource \"azurerm_security_center_setting\" \"setting_mde\" {\n setting_name = \"WDATP\"\n enabled = true\n}\n\nresource \"azapi_resource\" \"setting_agentless_vm\" {\n type = \"Microsoft.Security/vmScanners@2022-03-01-preview\"\n name = \"default\"\n parent_id = data.azurerm_subscription.current.id\n body = jsonencode({\n properties = {\n scanningMode = \"Default\"\n }\n })\n schema_validation_enabled = false\n}\n\nresource \"azapi_update_resource\" \"setting_cspm\" {\n type = \"Microsoft.Security/pricings@2023-01-01\"\n name = \"CloudPosture\"\n parent_id = data.azurerm_subscription.current.id\n body = jsonencode({\n properties = {\n pricingTier = \"Standard\"\n extensions = [\n {\n name = \"SensitiveDataDiscovery\"\n isEnabled = \"True\"\n },\n {\n name = \"ContainerRegistriesVulnerabilityAssessments\"\n isEnabled = \"True\"\n },\n {\n name = \"AgentlessDiscoveryForKubernetes\"\n isEnabled = \"True\"\n }\n ]\n }\n })\n} \n \n \n The first resource enables Microsoft Defender for Servers integration with Microsoft Defender for Endpoint (including auto-provisioning of the MDE extension). The second resource enables the Agentless VM scanning feature of Defender CSPM/Defender for Servers. The third resource controls the Defender CSPM extensions for the different agentless scanners for sensitive data, container registries and Kubernetes – it does it thanks to the azapi_update_resource resource type, but you could also use azapi_resource instead, which would fully replace the usage of the Defender CSPM plan declaration we did before for the mdc_cspm resource. \n \n Setting up security contacts \n \n If MDC needs to notify you about a security incident, it’s a good idea to have e-mail and phone contacts set up. \n \n \n resource \"azurerm_security_center_contact\" \"mdc_contact\" {\n email = \"john.doe@contoso.com\"\n phone = \"+351919191919\"\n alert_notifications = true\n alerts_to_admins = true\n} \n \n \n The phone property is the only optional one. The alert_notifications property enables/disables sending notifications to the security contact, while the alerts_to_admins is about sending notifications to the Azure Subscription administrators. \n \n Enabling Log Analytics agent auto-provisioning \n \n OK, now that we have set the basics up, let’s configure more advanced features, such as auto-provisioning Log Analytics agents, in the context of the Defender for Servers plan. This involves multiple steps and Azure resources. First, we must turn auto-provisioning on: \n \n \n resource \"azurerm_security_center_auto_provisioning\" \"auto-provisioning\" {\n auto_provision = \"On\"\n} \n \n \n There’s a specific resource for that and it’s very simple to deal with. It’s just an On/Off property. Next, we are going to associate Defender for Servers to a specific Log Analytics workspace. \n \n \n resource \"azurerm_security_center_workspace\" \"la_workspace\" {\n scope = data.azurerm_subscription.current.id\n workspace_id = \"/subscriptions/<subscription id>/resourcegroups/<resource group name>/providers/microsoft.operationalinsights/workspaces/<workspace name>\"\n} \n \n \n The declaration above will work for an existing Log Analytics workspace. If you want to create the Log Analytics workspace together with MDC, you will use a slightly different approach: \n \n \n resource \"azurerm_resource_group\" \"security_rg\" {\n name = \"security-rg\"\n location = \"West Europe\"\n}\n\nresource \"azurerm_log_analytics_workspace\" \"la_workspace\" {\n name = \"mdc-security-workspace\"\n location = azurerm_resource_group.security_rg.location\n resource_group_name = azurerm_resource_group.security_rg.name\n sku = \"PerGB2018\"\n}\n\nresource \"azurerm_security_center_workspace\" \"la_workspace\" {\n scope = data.azurerm_subscription.current.id\n workspace_id = azurerm_log_analytics_workspace.la_workspace.id\n} \n \n \n In the declarations above, we create a Resource Group and Log Analytics Workspace and then reference its ID it in the MDC workspace resource. You just need to adjust the Resource Group location and Log Analytics SKU to your requirements. \n \n Enabling Vulnerability Assessment auto-provisioning \n \n Depending on the Vulnerability Assessment provider you choose for Defender for Servers, you will follow different approaches. For Microsoft Defender Vulnerability Management (part of Microsoft Defender for Endpoint), you simply create a Microsoft.Security/serverVulnerabilityAssessmentsSettings resource: \n \n resource \"azapi_resource\" \"DfSMDVMSettings\" {\n type = \"Microsoft.Security/serverVulnerabilityAssessmentsSettings@2022-01-01-preview\"\n name = \"AzureServersSetting\"\n parent_id = data.azurerm_subscription.current.id\n body = jsonencode({\n properties = {\n selectedProvider = \"MdeTvm\"\n }\n kind = \"AzureServersSetting\"\n })\n schema_validation_enabled = false\n} \n \n For Qualys, Vulnerability Assessment auto-provisioning is configured with the help of an Azure Policy assignment. \n \n \n resource \"azurerm_subscription_policy_assignment\" \"va-auto-provisioning\" {\n name = \"mdc-va-autoprovisioning\"\n display_name = \"Configure machines to receive a vulnerability assessment provider\"\n policy_definition_id = \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\"\n subscription_id = data.azurerm_subscription.current.id\n identity {\n type = \"SystemAssigned\"\n }\n location = \"West Europe\"\n parameters = <<PARAMS\n{ \"vaType\": { \"value\": \"default\" } }\nPARAMS\n}\n\nresource \"azurerm_role_assignment\" \"va-auto-provisioning-identity-role\" {\n scope = data.azurerm_subscription.current.id\n role_definition_id = \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\n principal_id = azurerm_subscription_policy_assignment.va-auto-provisioning.identity[0].principal_id\n} \n \n \n In the example above, we chose the Qualys vulnerability assessment (default value for the vaType Policy parameter). We are also assigning the Security Admin role to the Managed Identity that will be used to perform the automatic provisioning of the Vulnerability Assessment solution. \n \n Configuring Continuous Export settings \n \n The last Terraform resource for MDC we cover in this article is the one allowing you to configure Continuous Export settings. You have many configuration possibilities available. In the example below, we are exporting to a specific Log Analytics workspace High/Medium Security Alerts and all the Secure Score controls. We are referring to a Log Analytics workspace ID that was declared in the same Main.tf file. \n \n \n resource \"azurerm_security_center_automation\" \"la-exports\" {\n name = \"ExportToWorkspace\"\n location = azurerm_resource_group.security_rg.location\n resource_group_name = azurerm_resource_group.security_rg.name\n\n action {\n type = \"loganalytics\"\n resource_id = azurerm_log_analytics_workspace.la_workspace.id\n }\n\n source {\n event_source = \"Alerts\"\n rule_set {\n rule {\n property_path = \"Severity\"\n operator = \"Equals\"\n expected_value = \"High\"\n property_type = \"String\"\n }\n rule {\n property_path = \"Severity\"\n operator = \"Equals\"\n expected_value = \"Medium\"\n property_type = \"String\"\n }\n }\n }\n\n source {\n event_source = \"SecureScores\"\n }\n\n source {\n event_source = \"SecureScoreControls\"\n }\n\n scopes = [ data.azurerm_subscription.current.id ]\n} \n \n \n Final considerations \n \n Given the stateful nature of Terraform-based deployments, you should bear in mind the following: \n \n \n Some MDC settings and plans may have already been set before your first MDC Terraform deployment. In this case, Terraform may ask you to import the resource into the Terraform state, with the help of the import command. \n Depending on the resource type, removing it from the Terraform file does not necessarily mean it will result in a resource deletion in Azure. Some MDC settings are not removable and, for those, the Terraform provider has a different behavior, which can be turning off the setting or simply leaving it unchanged. Likewise, calling the Terraform destroy command on your code may not necessarily remove all the MDC options you previously set. Please, check the Terraform documentation for each resource. \n \n \n Huge thanks to the reviewers of this post: \n Safeena Begum Lepakshi, Senior Program Manager, Microsoft Defender for Cloud \n Vasavi_Pasula , Senior Program Manager, Microsoft Defender for Cloud \n @Yuri Diogenes , Principal PM Manager, Microsoft Defender for Cloud \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"18307","kudosSumWeight":6,"repliesCount":14,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYzNzEwLTM5MzQxNGk1RUJDRTg0NzVEQUM1NTky?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3247622":{"__typename":"Conversation","id":"conversation:3247622","topic":{"__typename":"BlogTopicMessage","uid":3247622},"lastPostingActivityTime":"2023-08-07T08:42:42.260-07:00","solved":false},"User:user:754905":{"__typename":"User","uid":754905,"login":"Future_Kortor","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS03NTQ5MDUtbHpOT0Vr?image-coordinates=0%2C408%2C2448%2C2856"},"id":"user:754905"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5M2k0NzZEMDE2OUU3MEE4RDc1?revision=17\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5M2k0NzZEMDE2OUU3MEE4RDc1?revision=17","title":"new cost estimation.png","associationType":"BODY","width":2189,"height":1248,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5Mmk3NzhERTk1MUI0OERERkUz?revision=17\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5Mmk3NzhERTk1MUI0OERERkUz?revision=17","title":"serversworkbook.png","associationType":"BODY","width":1655,"height":446,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5MWlFQzVENDM0Nzk0ODg3NkUw?revision=17\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5MWlFQzVENDM0Nzk0ODg3NkUw?revision=17","title":"storageworkbook.png","associationType":"BODY","width":624,"height":330,"altText":null},"BlogTopicMessage:message:3247622":{"__typename":"BlogTopicMessage","subject":"Microsoft Defender for Cloud Cost Estimation Dashboard","conversation":{"__ref":"Conversation:conversation:3247622"},"id":"message:3247622","revisionNum":17,"uid":3247622,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:754905"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":41800},"postTime":"2022-03-04T09:11:25.670-08:00","lastPublishTime":"2023-08-07T08:42:42.260-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" This blog was updated on April 16 th , 2023 to reflect the latest version of the Cost Estimation workbook. \n \n Microsoft Defender for Cloud provides advanced threat detection capabilities across your cloud workloads. This includes comprehensive coverage plans for compute, PaaS and data resources in your environment. Before enabling Defender for Cloud across subscriptions, customers are often interested in having a cost estimation to make sure the cost aligns with the team’s budget. We previously released the Microsoft Defender for Storage Price Estimation Workbook, which was widely and positively received by customers. Based on customer feedback, we have extended this offering by creating one comprehensive workbook that covers most Microsoft Defender for Cloud plans. This includes Defender for Containers, App Service, Servers, Storage, Cloud Security Posture Management and Databases. \n \n The Cost Estimation workbook is out-of-the box and can be found in the Defender for Cloud portal. \n \n \n After reading this blog and using the workbook, be sure to leave your feedback to be considered for future enhancements. Please remember these numbers are only estimated based on retail prices and do not provide actual billing data. For reference on how these prices are calculated, visit the Pricing—Microsoft Defender | Microsoft Azure. \n \n Overview \n The cost estimation workbook provides a consolidated price estimation for Microsoft Defender for Cloud plans based on the resource telemetry in your organization’s environment. The workbook allows you to select which subscriptions you would like to estimate the price for as well as the Defender Plans. In a single pane of glass, organizations can see the estimated cost per plan on each subscription as well as the grand total for all the selected subscriptions and plans. \n To see which plans are currently being used on the subscription, consider using the coverage workbook. \n \n Defender Cloud Security Posture Management (CSPM) \n Defender CSPM protects all resources across your subscriptions, but billing only applies to Compute, Databases and Storage accounts. Billable workloads include VMs, Storage accounts, open-source relational databases and SQL PaaS & Servers on machines. See here for more information regarding pricing. \n \n On the backend, the workbook checks to see how many billable resources were detected and if any of the above plans are enabled on the subscription. It then takes the number of billable resources and multiplies it by the Defender CSPM price. \n Defender for App Service \n The estimation for Defender for App Services is based on the retail price of $14.60 USD per App Service per month. Check out the Defender for App Service Price Estimation Dashboard for a more detailed view on estimated pricing with information such as CPU time and a list of App Services detected. \n \n Defender for Containers \n The estimation for Defender for Containers is calculated based on the average number of worker nodes in the cluster during the past 30 days. For a more detailed view on containers pricing such as average vCores detected and the number of image scans included, consider also viewing the stand-alone Defender for Containers Cost Estimation Workbook. \n \n Defender for Databases \n Pricing for Defender for Databases includes Defender for SQL Databases and Defender for open-source relational databases (OSS DBs). This includes PostgreSQL, MySQL and MariaDB. All estimations are based on the retail price of $15 USD per resource per month. On the backend, the workbook runs a query to find all SQL databases and OSS DBs in the selected subscriptions and multiplies the total amount by 15 to get the estimated monthly cost. \n \n Defender for Key Vault \n Defender for Key Vault cost estimation is not included in the out of the box workbook, however, a stand-alone workbook is available in the Defender for Cloud GitHub. The Defender for Key Vault dashboard considers all Key Vaults with or without Defender for Key Vault enabled on the selected subscriptions. The calculations are based on the retail price of $0.02 USD per 10k transactions. The “Estimated Cost (7 days)” column takes the total Key Vault transactions of the last 7 days, divides them by 10K and multiples them by 0.02. In “Estimated Monthly Price”, the results of “Estimated Cost (7 days)” are multiplied by 4.35 to get the monthly estimate. \n \n Defender for Servers \n \n \n Defender for Servers includes two plan options, Plan 1 and Plan 2. The workbook gives you the option to toggle between the two plans to see the difference in how they would effect pricing. Plan 1 is currently charged at $5 per month where as Plan 2 is currently charged at $15. \n \n Defender for Storage \n \n \n \n \n The Defender for Storage workbook allows you to estimate the cost of the two pricing plans: the legacy per-transaction plan and the new per-storage plan. The workbook looks at historical file and blob transaction data on supported storage types such as Blob Storage, Azure Files, and Azure Data Lake Storage Gen 2. We have released a new version of this workbook, and you can find it here: Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation and learn more about the storage workbook in Microsoft Defender for Storage – Price Estimation blog post. \n \n Limitations \n Azure Monitor Metrics data backends have limits and the number of requests to fetch data might time out. To solve this, narrow your scope by reducing the selected subscriptions and Defender plans. \n The workbook currently only includes Azure resources. \n \n Acknowledgements \n Special thanks to everyone who contributed to different versions of this workbook: Fernanda Vela, Helder Pinto, Lili Davoudian, Sarah Kriwet, Safeena Begum Lepakshi, Tom Janetscheck, Amit Biton, Ahmed Masalha, Keren Damari, Nir Sela, Mark Kendrick, Yaniv Shasha, Mauricio Zaragoza, Kafeel Tahir, Mary Lieb, Chris Tucci, Brian Roosevelt \n \n \n \n References: \n What is Microsoft Defender for Cloud? - Microsoft Defender for Cloud | Microsoft Learn \n Pricing—Microsoft Defender | Microsoft Azure \n Workbooks gallery in Microsoft Defender for Cloud | Microsoft Docs \n Pricing Calculator | Microsoft Azure \n Microsoft Defender for Key Vault Price Estimation Workbook \n Microsoft Defender for App Services Price Estimation Workbook \n Microsoft Defender for Containers Cost Estimation Workbook \n Coverage Workbook \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6710","kudosSumWeight":8,"repliesCount":5,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5M2k0NzZEMDE2OUU3MEE4RDc1?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5Mmk3NzhERTk1MUI0OERERkUz?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMjQ3NjIyLTQ2MDk5MWlFQzVENDM0Nzk0ODg3NkUw?revision=17\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3735238":{"__typename":"Conversation","id":"conversation:3735238","topic":{"__typename":"BlogTopicMessage","uid":3735238},"lastPostingActivityTime":"2023-02-06T11:33:54.901-08:00","solved":false},"User:user:1173538":{"__typename":"User","uid":1173538,"login":"Eitan_Shteinberg","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMTczNTM4LTMxNDY2OWkxMTI2NjExRkZFQ0Y5NkE5"},"id":"user:1173538"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODc3OWkyRjE5NjhBRjdBMzU5NzM3?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODc3OWkyRjE5NjhBRjdBMzU5NzM3?revision=1","title":"image1.png","associationType":"BODY","width":1380,"height":469,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU2MWlBREI5QjlCREFDRjYxRjQ0?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU2MWlBREI5QjlCREFDRjYxRjQ0?revision=1","title":"Blob access.png","associationType":"BODY","width":545,"height":331,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU3MmlDMDdDRTZBNUI3MjY0QjQx?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU3MmlDMDdDRTZBNUI3MjY0QjQx?revision=1","title":"Blob exposure paths.png","associationType":"BODY","width":978,"height":390,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2MmlEN0YzNUVEOEExRTRDOTFF?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2MmlEN0YzNUVEOEExRTRDOTFF?revision=1","title":"Resolve-DNS PowerShell.gif","associationType":"BODY","width":979,"height":512,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2M2lDRUY2MUM4MDJDRTA4QkY4?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2M2lDRUY2MUM4MDJDRTA4QkY4?revision=1","title":"Python wordlist-based DNS subdomain scanner.gif","associationType":"BODY","width":602,"height":484,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU4MmlBREE5N0M0OTkxNTJBNkVF?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU4MmlBREE5N0M0OTkxNTJBNkVF?revision=1","title":"Google Dorking.png","associationType":"BODY","width":473,"height":39,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU4NGk1MDk4MUVDOTRDQzUzMUZG?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU4NGk1MDk4MUVDOTRDQzUzMUZG?revision=1","title":"wordlist example.png","associationType":"BODY","width":681,"height":309,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjY3MGkwNDY3Q0FGQThDNDlGNEQ3?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjY3MGkwNDY3Q0FGQThDNDlGNEQ3?revision=1","title":"GET request.png","associationType":"BODY","width":940,"height":859,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2Nmk3RkRCMTBGMjhFODY0OTZD?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2Nmk3RkRCMTBGMjhFODY0OTZD?revision=1","title":"Enumerating blob containers in exposed storage accounts.gif","associationType":"BODY","width":1012,"height":357,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjY3OWlGQzI2NDIyMzM4RjkxMkUy?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjY3OWlGQzI2NDIyMzM4RjkxMkUy?revision=1","title":"Misconfigured storage accounts.png","associationType":"BODY","width":751,"height":439,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NGlGMEUxQzkzOUU3QjdENEI2?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NGlGMEUxQzkzOUU3QjdENEI2?revision=1","title":"image11.png","associationType":"BODY","width":1636,"height":781,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NWlEMjMzQ0Y0NjUzMkUxQTcw?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NWlEMjMzQ0Y0NjUzMkUxQTcw?revision=1","title":"image12.png","associationType":"BODY","width":1272,"height":275,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NmkzNEVBRkExOTFEMkRCNkMz?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NmkzNEVBRkExOTFEMkRCNkMz?revision=1","title":"image13.png","associationType":"BODY","width":944,"height":345,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0N2k3QTgwMkVFQUYwQTk2QzRG?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0N2k3QTgwMkVFQUYwQTk2QzRG?revision=1","title":"image14.png","associationType":"BODY","width":1253,"height":762,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0OGk0OUE4MENDMzA2RDI4QTdG?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0OGk0OUE4MENDMzA2RDI4QTdG?revision=1","title":"image15.png","associationType":"BODY","width":1024,"height":1125,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0OWk2NzhBNUNCNDQzMUNFNjEz?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0OWk2NzhBNUNCNDQzMUNFNjEz?revision=1","title":"image16.png","associationType":"BODY","width":1524,"height":791,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1MGkwQUU5MjQ1RDBGNUQ0QUY5?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1MGkwQUU5MjQ1RDBGNUQ0QUY5?revision=1","title":"image17.png","associationType":"BODY","width":1262,"height":771,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1M2kyNTM0OEJFRUVGMDM2Mjg4?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1M2kyNTM0OEJFRUVGMDM2Mjg4?revision=1","title":"image18.png","associationType":"BODY","width":765,"height":711,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1NWk0QTJCNTY5NzFGMkFERUI0?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1NWk0QTJCNTY5NzFGMkFERUI0?revision=1","title":"image19.png","associationType":"BODY","width":814,"height":510,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1Nmk0QTQ1N0M0NDM5NzM2QzQ0?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1Nmk0QTQ1N0M0NDM5NzM2QzQ0?revision=1","title":"image20.png","associationType":"BODY","width":1146,"height":483,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1N2k4QTNEMDJDOTM0QkVFRjNB?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1N2k4QTNEMDJDOTM0QkVFRjNB?revision=1","title":"image21.png","associationType":"BODY","width":767,"height":219,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1OGkwMEFBM0FERTM5QURBM0JC?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1OGkwMEFBM0FERTM5QURBM0JC?revision=1","title":"image22.png","associationType":"BODY","width":1262,"height":756,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjkxMmlCODZGNzBEN0Q4RjlENUE3?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjkxMmlCODZGNzBEN0Q4RjlENUE3?revision=1","title":"Create alert rule.png","associationType":"BODY","width":604,"height":397,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjkxNWk0QjhCNkFDRjE4OTk5MDA0?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjkxNWk0QjhCNkFDRjE4OTk5MDA0?revision=1","title":"Storage subscription.png","associationType":"BODY","width":627,"height":291,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU2MGkwNTE1OTEwQzc2RjE4RjE5?revision=1\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU2MGkwNTE1OTEwQzc2RjE4RjE5?revision=1","title":"Containers list.png","associationType":"BODY","width":747,"height":318,"altText":null},"BlogTopicMessage:message:3735238":{"__typename":"BlogTopicMessage","subject":"Protect your storage resources against blob-hunting","conversation":{"__ref":"Conversation:conversation:3735238"},"id":"message:3735238","revisionNum":1,"uid":3735238,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:1173538"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" How to detect, investigate and prevent blob-hunting. Learn about the top blob-hunting questions and explain how Microsoft Defender for Storage detects and prevents this type of threat. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":35200},"postTime":"2023-02-06T11:33:54.901-08:00","lastPublishTime":"2023-02-06T11:33:54.901-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n \n \n How to detect, investigate and prevent blob-hunting \n \n \n \n \n \n \n Why is it important to understand blob-hunting? \n \n 1. Exfiltrating sensitive information from misconfigured resources is one of the top 3 cloud storage services* threats, and threat actors are continuously hunting storage objects because it’s easy, cheap, and there’s much to find. In some cases, they target your storage accounts. \n \n 2. Most people think they don’t have misconfigured storage resources. Most people do. Misconfiguration by end-users is a common problem; if you are safe today, there might still be a mistake tomorrow. \n \n 3. There are quick and effective ways to harden your security posture and prevent these threats from happening. \n \n \n \n \n \n * Cloud storage services such as Azure Blob Storage, Amazon S3, and GCP Cloud Storage \n \n Threat actors use tools to exfiltrate sensitive information from exposed storage resources open to unauthenticated public access. This process is called blob-hunting, also known as Container Enumeration on Leaky Buckets. It is a common collection tactic, easy to do, cheap to carry out, does not require authentication, and there is no shortage of open-source tools that help facilitate and automate its process. \n \n Numerous data breaches across storage services in all cloud providers originated from mistakenly exposing data to public access due to configuration errors in access to the storage objects or mistakenly uploading sensitive content to an already publicly accessible storage container. \n \n Some tools can help detect storage resources open to public access, but there are always human errors, and prevention alone is not enough. \n \n \n \n \n \n Error continues to be a dominant trend and is responsible for 13% of breaches \n - 2022 Data Breach Investigation Report by Verizon \n \n \n \n \n \n This is where Microsoft Defender for Storage comes into play: it detects blob-hunting attempts and other malicious activities by monitoring unusual activities from unexpected sources. It alerts you on time with the relevant information to help you understand what happened and helps you harden your configurations to prevent attacks from happening in the future. \n \n This post will cover the top blob-hunting questions and explain how Microsoft Defender for Storage detects and prevents this type of threat: \n \n What’s blob-hunting and how it is achieved \n \n Top methods and tools used by threat actors \n \n \n How Microsoft Defender for Storage helps detect and prevent these attempts \n \n How to investigate blob-hunting attempts and what red flags to monitor \n How to protect storage accounts against sensitive information leakage \n How to use Microsoft Sentinel to look for blob-hunting attempts proactively \n \n To better understand Azure Storage, how it’s built, and its access policies, you can go to the Background - Azure Storage accounts and access levels section at the bottom of this post. \n \n \n What’s blob-hunting, and how exactly is it achieved? \n \n Blob-hunting is the act of guessing the URL of containers or blobs open to unauthenticated public access with the intent of exposing data from them. The following conditions must be met to successfully expose and exfiltrate data from storage accounts, and they are controlled by the owners of the storage accounts (or the users/applications with the appropriate permissions): \n \n \n \n \n Public network access to the storage account is enabled for all networks (allow internet access). \n The storage account configuration settings allow public access. \n The blob container access level allows public access (set to ‘Container’ or ’Blob’ level). \n The threat actor correctly guessed the URL of the container or the blob:\n \n Storage account name \n Container name \n Blob name \n \n \n \n There are several ways to expose blobs, with different starting points: \n \n \n \n \n The first starting point is brute-force guessing the names of storage accounts and discovering them when there’s little or no prior knowledge of their existence. \n The second starting point begins after threat actors already know the names of storage accounts. For example, attackers can find names online through search engines and can then start brute-force guessing the names of the containers. \n The third starting point is brute-forcing the way into the blobs by guessing the entire URL – the account, container, and blob names. This is usually the case when the container access level is set to 'Blob' and threat actors can't discover and enumerate blobs but can access them if they have the full URL. When this is the case, it usually means that the threat actor has targeted the resources and has information about it. \n \n If the threat actors have discovered the storage account, they can start brute-force guessing the container names. If containers are found, when the access level is set to ‘Container’, they can enumerate (list) all blobs within the containers and exfiltrate that data. \n \n The last starting point is interesting because if threat actors somehow found a blob URL or blobs were exposed during the brute-force guessing of the full URL, now they know that the account and container names they guessed or found exist. From that point, it’s possible to discover and expose other containers and, specifically, blobs within the discovered container. \n \n While there are other attack vectors, these are the main ones. We will focus on the steps of exposing the storage account name, container name, and blob name. \n \n \n A breakdown of the blob-hunting process implemented by threat actors \n \n Finding storage account names \n \n Public storage accounts have a URL of a public endpoint (more information in the Background section), which means that it's possible to guess storage accounts names by performing DNS queries on the URL and examining the response: \n \n \n \n \n https://<<storage-account-name>>.blob.core.windows.net \n \n \n \n \n There are multiple ways to query the DNS, and the simplest ones are to use the nslookup command line in the CLI or the Resolve-DnsName cmdlet in PowerShell, for example: \n \n \n \n Threat actors enumerate multiple accounts at a time by automating the search for storage accounts with scripts that use a combination of custom/generic wordlists, DNS queries, and search engine APIs to guess and find storage accounts. \n \n The following is an example of enumeration using the python script of dnscan in combination with a custom wordlist: \n \n \n \n It is also possible to find storage accounts using search engines, such as Google Dorking and Shodan. The following is a basic example of Google Dorking. By adding more filters, threat actors can pinpoint the search for sensitive information: \n \n \n \n Exposing container names \n \n Once the storage account name is known, threat actors can start looking for containers open to public access. As with the storage account names, to map and expose containers, threat actors manually guess the container names or use wordlists of known names that usually imply containers that store sensitive data, such as: 'audit', 'dbbackup', 'vulnerability-assessment', etc. The following is a wordlist example of possible container names taken from one of the blob-hunting tools: \n \n \n \n This is the part where the container access level determines if a container can be listed, which means that if someone discovers a container, they can list all the blobs within it. \n \n Threat actors use the Blob service's REST API GET requests to validate that containers exist. List Blobs and Get Container Properties are the most common operations used to validate if the container exists and is open to public access. \n \n These operation types are quite different. If the container access level allows it, ListBlobs lists all the blobs within containers, and GetContainerProperties returns the properties of the container without listing the blobs within (smaller signature). \n \n Using the container URL, it is also possible to guess the names of containers with REST requests from the browser or other API platforms. For example, the following GET request verifies that the container exists and returns all the stored blobs. You can test it yourselves: \n https://mediaprod1.blob.core.windows.net/audio?restype=container&comp=list \n \n \n \n Note: If the access level is set to ‘Blob’, the blobs within the container can be publicly accessible, but querying the container and performing operations on it (such as listing the blobs or getting the properties of the container) will return a ContainerNotFound 404 error-code, which helps mask the blobs within the container. \n \n Exposing and enumerating blob names \n \n Once threat actors discover the names of storage accounts and the containers within them, they can start trying to expose the data stored in the blobs (objects). They first try to use the ListBlobs operation, which lists all the blobs within the containers if the access level to the container permits it (set to 'Public' access level). If the container access level is set to 'Blob', listing the container will not work, leaving threat actors with the option to brute-force guess the blob names (the account and container names are already known). \n In cases where the blob containers are not discoverable, threat actors can try brute-force guessing the full URL, but it will be harder. \n \n The flow of a full blob-hunting attack \n \n Common blob-hunting attacks are automated using dedicated tools such as feroxbuster, MicroBurst, and Gobuster. These tools allow easy discovery of storage account names, and if these attempts are successful, threat actors can follow two approaches: \n \n Guess container names, thus exposing containers open to public access when the containers access level is set to ‘Container’ and then exposing the blobs within. \n Use a brute-force approach of guessing blob URLs and exposing specific blobs when the containers’ access level is set to 'Blob' and does not give away their existence, name, or properties, and does not enable listing blobs inside it even if the container name is known. After public blob URLs have been exposed, threat actors can exfiltrate the data. \n \n The following is a basic example of using MicroBurst to guess container names of a known account (from our example – ‘mediaprod1’) by using a generic wordlist, exposing blobs by listing the blobs of the exposed containers, and downloading an exposed blob: \n \n \n \n Who can hunt blobs? \n \n Blob-hunting is easy to achieve, cheap in terms of resource usage, does not require authentication, and can originate from any local machine or VM. In some cases, the blob-hunting activities originate from cloud resources. \n \n Blob-hunting can be an ad-hoc activity or a continuous effort to search the web for exposed cloud storage resources in cloud services like Azure Blob Storage, Amazon S3 Buckets, and GCP Files. There are searchable websites with databases for exposed content to check infrastructures for breaches. Unfortunately, these sites attract malicious actors who wish to take advantage of the data found there or from similar sources. \n \n It is not uncommon to find that the source of blob-hunting activities is infected and controlled bots that are part of botnets. It is also common for the threat actors to mask their identity behind Tor exit nodes, which helps hide the source and makes it difficult to investigate and connect it to other activities. \n \n \n How does Microsoft Defender for Storage help detect and prevent these blob-hunting attempts? \n \n Microsoft Defender for Storage detects blob hunters trying to discover resources open to public access and attempt to expose blobs with sensitive data so that you can block them and remediate your posture. The service does this by continuously analyzing the telemetry stream generated by Azure Storage services without the necessity of turning on the diagnostic logs, accessing the data, and impacting performance. When potentially malicious activities are detected, security alerts are generated. These alerts are displayed in Microsoft Defender for Cloud with the details on the suspicious activity, the threat actor, the access method, affected resources, performed operation types, MITRE ATT&CK tactic, potential causes, proper investigation steps, and instructions on how to remediate the threat and improve the security posture. These alerts can also be exported to any SIEM solution. \n \n \n \n The following security alerts are a subset of the Microsoft Defender for Storage detection suite and can be triggered in different stages of the full blob-hunting attack path. These alerts inform you if malicious attempts to expose blobs were carried out, if someone accessed the containers, and if data was exfiltrated. They also provide a heads-up if containers with potentially sensitive information are misconfigured. \n \n \n Successful and failed scanning attempts detection \n \n There are three flavors of scanning-related (blob-hunting) alerts. They usually indicate a collection attack, where the threat actor tries to list blobs by guessing container names in the hope of finding open storage containers with sensitive data in them: \n \n \n “Publicly accessible storage containers successfully discovered” detects successful discoveries of publicly open storage containers in the storage account performed by a scanning script or tool. An example of the alert (screenshot taken from Defender for Cloud in the Azure Portal): \n \"Publicly accessible storage containers unsuccessfully scanned\" detects a series of failed attempts to scan for publicly open storage containers performed in the last hour. Detecting failed threat actor attempts means detecting early. \n “Publicly accessible storage containers with potentially sensitive data have been exposed” detects the successful scanning of containers with names indicating they might contain sensitive data. Containers are flagged as potentially sensitive by comparing their names to container names that statistically have low public exposure, suggesting they might store sensitive information. \n \n Scanning alerts contain information on the scanning source, what was scanned successfully, and what failed attempts were made to scan private or non-existent containers. The alert also indicates if the scanning activity originated from a Tor exit node or if the IP address is suspicious because it is associated with other malicious activities (data enriched by Microsoft Threat Intelligence). \n \n \n Unusual unauthenticated access to containers detection \n \n \n “Unusual unauthenticated access to a storage container” detects unusual unauthenticated read access to storage accounts that are usually authenticated. It is considered unusual when a storage account open to public access with only authenticated read requests (by examining the access history) suddenly receives unauthenticated read requests. In the scope of blob-hunting, this might indicate that a threat actor has accessed the account after successfully exposing blobs. \n “Unusual application accessed a storage account” detects unusual applications that access the account compared to recent activity. In the scope of blob-hunting, this might indicate that a threat actor has accessed the account after successfully exposing blobs. \n \n \n \n Data exfiltration detection \n \n There are two flavors to the data exfiltration detection alert. In the scope of blob-hunting attacks, the alerts are triggered if unusual exfiltration activities occur after successful scanning attempts: \n \n “Unusual amount of data extracted from a storage account (amount of data anomaly)” detects unusually large amounts of data extracted from the account compared to recent activity. \n “Unusual amount of data extracted from a storage account (number of blobs anomaly)” detects an unusually large number of blobs that have been extracted from the account compared to recent activity. \n \n \n \n Containers access levels misconfiguration detection \n \n The following alert is triggered on possible access level configuration errors to prevent public exposure of sensitive data: \n \n Storage account with potentially sensitive data has been detected with a publicly exposed container” indicates that a possible misconfiguration has occurred if the access policy of a container with a name usually attributed to private containers storing sensitive information has been changed from ‘Private’ to ‘Public’, allowing unauthenticated access. \n \n \n To learn more, visit the Microsoft Defender for Storage security alerts documentation. \n \n \n How to investigate blob-hunting attempts, and what red flags to look for \n \n By examining the storage account's data plane logs, you will notice that blob-hunting activities are characterized by repeated anonymous (unauthenticated) attempts to get information from storage resources by guessing URLs. Most of these attempts result in 404 error codes (resource not found), but they may also be successful, meaning that storage containers have been discovered and even possibly that blobs have been enumerated. \n \n The following instructions are the general steps we recommend for investigating blob-hunting-related alerts. If the resource (diagnostic) logs are enabled on the compromised storage account, it helps deepen the investigation process: \n \n \n Look for who is responsible for the activity to rule out the possibility of a false positive\n \n Look at the actor information inside the alert: source IP address, location, ASN, organization, and User Agent. Indicators of known applications or users can result from a faulty application that performed multiple failed read attempts to different containers. If this is the case, you can ignore the alert. \n Examine if there's threat intelligence information within the IP entity. If so, Microsoft flagged this IP address as suspicious, and the address is associated with direct or indirect malicious activities. \n \n In most cases, you should not rule out familiar or private IP addresses too quickly. They may indicate compromised identities or a breached environment. But specifically, since authentication is not required in the blob-hunting of storage resources scenario, it is unlikely that the source originated from your environment. If this is the case and the activity is repeated from an unknown source, this might be a true positive blob-hunting activity. \n \n \n \n \n Damage control – In case you didn't rule out the possibility it's a false positive, the assumption is that the activity is malicious, so the first step to take is to do damage control, and in case there was a data breach, perform quick mitigation steps: \n \n \n Look at the “List of containers successfully scanned” field in the alert to understand which containers were successfully discovered. \n \n \n Is there sensitive data inside the discovered containers? \n \n \n Are there other publicly open containers within the same account that may contain sensitive information? \n \n \n See if the container access level was changed from ‘Private’ to ‘Public’ and its access level is misconfigured. You can also check whether you received a “Storage account with potentially sensitive data has been detected with a publicly exposed container” alert before this alert – this may indicate that content in the container is sensitive. \n \n \n \n Look for what the threat actor did\n \n Determine whether the containers that have been discovered were accessed after the discovery. In the alert, you can look at the \"Size of extracted data\" field to understand if the threat actor downloaded content from the container. You can also look at the \"Operation Types\" to understand the other operations the threat actor performed during that activity. \n If the containers were only discovered and not accessed, it does not mean access attempts won't happen later. Ensure there's no sensitive content inside, no applications or users that might write sensitive content in the future, and that the access level to the container is the intended access level. \n Examine the storage account “change analysis” workbook to see if any suspicious changes were made to the account. You can access it from the Azure Portal by going to the Workbooks blade of the storage account and clicking on the “Changes (preview)” workbook. You can find more information here. \n Examine the Activity logs to see if someone performed unusual control plane operations on the account, such as listing storage access keys. These operations require authenticated access and help understand if a possible larger-scale breach was made to the account. It also displays the identity of the user who performed the operations. \n Look for more alerts that may be related. An example is if there’s an alert indicating a possible configuration error in the access level of the container. Start from the same container, then the storage account, and move up to higher levels. \n \n \n Investigate further (in case you have diagnostic logs enabled) \n \n Query the diagnostic logs for all activities originating from the IP address across all your storage accounts. Do not limit the investigation to a container within a specific account. The IP address is hard to spoof, but it can originate from Tor exit nodes and change during the threat actor's activity resulting in multiple IP addresses. \n Check for other suspicious activities that originated from other IP addresses. In some cases, you may be able to match other IP addresses with the same user agent from the alert (it is useful when the user agent is unusual). It can give you an indication of other blob-hunting-related activities. But be aware that threat actors can change the User Agent quite easily, so don't rely on it too much when filtering information. It can also change during different operations on the container (such as exfiltrating data with different tools). \n \n \n \n Investigate further (in case you don’t have diagnostic logs enabled) \n \n \n If you don’t have diagnostic logs enabled on the resource, you can still detect anonymous requests from client applications using Azure Metrics Explorer. This helps you understand whether there were unauthenticated requests, how many, and when. \n \n \n Using the filter, you can look for unauthenticated requests (Authenticate Type), look for repeated failed attempts (Response Type), and filter by different operation types so you can detect successful anonymous GetBlob operations after a series of failed unauthenticated requests. The Metrics information does not include context on the source of the requests and does not let you filter at the container level. \n \n \n \n \n \n \n Red flags to pay attention to during the investigation process \n \n If any of these signals arise during the investigation process, a faster escalation is required to prevent a possible data breach: \n \n Discovered containers contain sensitive data, or they have names/tags/properties indicating they might contain sensitive information. \n Data has been extracted from the containers. \n There is threat intelligence information on the source IP address in the security alert – this makes the IP address suspicious. \n Prior to the scanning alert, the \"Storage account with potentially sensitive data has been detected with a publicly exposed container\" alert was triggered on the container. This may indicate a possible misconfiguration of a container with sensitive data inside. \n At the time of the scanning alert or after it, one or more of the following alerts have been triggered: Unusual unauthenticated access, unusual application, and data exfiltration alerts – these alerts may indicate the access to the account, and that exfiltration of data has occurred. \n \n \n \n How to protect your storage account against blob-hunting \n \n It can take up to an hour to immensely improve your posture with prevention steps that help protect your accounts against blob-hunting in your storage resources: \n \n Microsoft Defender for Storage provides security recommendations that help you identify and quickly block public access to multiple storage accounts at a time. For example: \n If public access is not a requirement for your business application, you can, and you should block all unauthenticated public access at the account level in the configuration page by opening the configuration blade in the storage account and disabling the public access: You can check the public access setting for multiple accounts in your subscription with Azure Resource Graph Explorer in the Azure portal: In the case that public access to the account is required:\n \n Start by identifying the current open containers. You can achieve this by going to the Azure Portal / Storage Explorer and seeing if your container's access level is the intended access level. You can also achieve this by using the PowerShell script to list all the containers and their access levels, for example: There are also dedicated open-source tools such as BlobHunter and Az-Blob-Attacker that help find open containers within your environment. \n \n Minimize the number of containers that allow public access. \n \n \n Reduce the access level to 'Blob' from 'Container' wherever possible. It will make the process of hunting blobs and exposing them much more difficult. \n \n \n Make sure no sensitive information is inside containers that allow public access. \n \n \n Manage the remaining containers that allow public access by ensuring that applications or users cannot upload sensitive information and that users with write permissions know that the uploaded data will be publicly accessible. \n \n \n Consider changing the names of the containers to unrecognizable names (you can use randomly generated names as well) or adding random prefixes/suffixes to the container names. Changing the names will limit the effectiveness of blob-hunting tools based on word lists. \n \n \n If you do not wish to receive scanning alerts – you can apply suppression rules to dismiss them at your desired scope. \n \n \n \n Enable Diagnostic Settings on the account. Logs can help monitor the account and perform detailed investigations on the account. They are disabled by default and cost money. \n Follow the instructions to prevent anonymous public read access to containers and blobs. \n Consider allowing traffic only from specific virtual networks and IP addresses to secure and control the level of network access to your storage accounts by configuring firewalls and virtual networks. \n \n If the alerts are recurring on the same IP addresses, consider blocking them with the networking rules. \n \n \n You can also configure Monitor alert rules that notify you when a certain number of anonymous requests are made against your storage account. \n \n \n Consider applying an Azure Resource Manager Read-only lock to prevent users from modifying the configuration of storage accounts. \n \n For more security best practices for Blob storage, visit the Security recommendations for Blob storage documentation. \n \n \n How to proactively look for blob-hunting with Microsoft Sentinel \n \n When diagnostic settings are enabled, you can proactively hunt blob enumeration activity using Microsoft Sentinel. The following two queries can be executed within Microsoft Sentinel to detect suspicious enumeration activity. \n \n The first query combines the IP address and User Agent to create a unique identifier. This identifier is then used to detect enumeration activity by aggregating activity based on the unique user identifier into sessions. By default, this hunting query will detect any single user who has enumerated at least 10 files and has a failure rate of over 50%. When calculating the sessions of activity using row_window_session(), the query will group any requests that occur within 30 seconds of each other and span a maximum time window of 12 hours. Each parameter can be modified at the top of the query depending on your hunting requirements. \n \n let maxTimeBetweenRequests = 30s;\nlet maxWindowTime = 12h;\nlet timeRange = 30d;\nlet authTypes = dynamic([\"Anonymous\"]);\n//\nStorageBlobLogs\n| where TimeGenerated > ago(timeRange)\n// Collect anonymous requests to storage\n| where AuthenticationType has_any(authTypes)\n| where Uri !endswith \"favicon.ico\"\n| where Category =~ \"StorageRead\"\n// Process the filepath out of the request URI\n| extend FilePath = array_slice(split(split(Uri, \"?\")[0], \"/\"), 3, -1)\n| extend FullPath = strcat(\"/\", strcat_array(FilePath, \"/\"))\n// Extract the IP address, removing the port used\n| extend CallerIpAddress = tostring(split(CallerIpAddress, \":\")[0])\n// Ignore private IP addresses\n| where not(ipv4_is_private(CallerIpAddress))\n| project\n TimeGenerated,\n AccountName,\n FullPath,\n CallerIpAddress,\n UserAgentHeader,\n StatusCode\n| order by TimeGenerated asc \n| serialize \n// Generate sessions of access activity, where each request is within maxTimeBetweenRequests doens't last longer than maxWindowTime\n| extend SessionStarted = row_window_session(TimeGenerated, maxWindowTime, maxTimeBetweenRequests, AccountName != prev(AccountName))\n| order by TimeGenerated asc\n// Summarize the results using the Session start time\n| summarize Paths=make_list(FullPath), Statuses=make_set(StatusCode), CallerIPs=make_list(CallerIpAddress),\n DistinctPathCount=dcount(FullPath), AllRequestsCount=count(), CallerIPCount=dcount(CallerIpAddress), CallerUACount=dcount(UserAgentHeader), SessionEnded=max(TimeGenerated)\n by SessionStarted, AccountName\n// Validate that each path visited is unique, scanners will generally try files once\n| where DistinctPathCount > 1 and DistinctPathCount == AllRequestsCount\n| order by DistinctPathCount\n| extend [\"Duration (Mins)\"] = datetime_diff(\"minute\", SessionEnded, SessionStarted)\n| project-reorder\n SessionStarted,\n SessionEnded,\n ['Duration (Mins)'],\n AccountName,\n DistinctPathCount,\n AllRequestsCount,\n CallerIPCount,\n CallerUACount \n \n \n IP address and User Agent are the only user identifiers available when investigating anonymous access. However, both of these identifiers can be manipulated by the attacker. The attacker can trivially change the User Agent when constructing the request. However, IP addresses are very difficult to spoof. For this reason, threat actors have moved to use residential proxy services, and these services allow the threat actor to use a different IP address with each request. Most of these services are served from residential IP addresses, so they are difficult to identify as part of a VPN network. \n \n The second query does not rely on grouping activity based on the user's IP or User Agent. Instead, this query produces sessions of candidate scanning activity using the row_window_session() function. These results alone are interesting, and in some instances, the time between access can be reduced to as short as 1 second to detect enumeration activity spanning multiple IP addresses. \n After sessions have been identified, the query exploits another aspect of enumeration by checking that each request in the session made a request to a unique file name. By avoiding the use of IP address and User Agent, this query can identify candidate scanning activity originating from a threat actor using volatile IP addresses. \n \n \n let maxTimeBetweenRequests = 30s;\nlet maxWindowTime = 12h;\nlet timeRange = 30d;\nlet authTypes = dynamic([\"Anonymous\"]);\n//\nStorageBlobLogs\n| where TimeGenerated > ago(timeRange)\n// Collect anonymous requests to storage\n| where AuthenticationType has_any(authTypes)\n| where Uri !endswith \"favicon.ico\"\n| where Category =~ \"StorageRead\"\n// Process the filepath out of the request URI\n| extend FilePath = array_slice(split(split(Uri, \"?\")[0], \"/\"), 3, -1)\n| extend FullPath = strcat(\"/\", strcat_array(FilePath, \"/\"))\n// Extract the IP address, removing the port used\n| extend CallerIpAddress = tostring(split(CallerIpAddress, \":\")[0])\n// Ignore private IP addresses\n| where not(ipv4_is_private(CallerIpAddress))\n| project\n TimeGenerated,\n AccountName,\n FullPath,\n CallerIpAddress,\n UserAgentHeader,\n StatusCode\n| order by TimeGenerated asc \n| serialize \n// Generate sessions of access activity, where each request is within maxTimeBetweenRequests doens't last longer than maxWindowTime\n| extend SessionStarted = row_window_session(TimeGenerated, maxWindowTime, maxTimeBetweenRequests, AccountName != prev(AccountName))\n| order by TimeGenerated asc\n// Summarize the results using the Session start time\n| summarize Paths=make_list(FullPath), Statuses=make_set(StatusCode), CallerIPs=make_list(CallerIpAddress),\n DistinctPathCount=dcount(FullPath), AllRequestsCount=count(), CallerIPCount=dcount(CallerIpAddress), CallerUACount=dcount(UserAgentHeader), SessionEnded=max(TimeGenerated)\n by SessionStarted, AccountName\n// Validate that each path visited is unique, scanners will generally try files once\n| where DistinctPathCount > 1 and DistinctPathCount == AllRequestsCount\n| order by DistinctPathCount\n| extend [\"Duration (Mins)\"] = datetime_diff(\"minute\", SessionEnded, SessionStarted)\n| project-reorder\n SessionStarted,\n SessionEnded,\n ['Duration (Mins)'],\n AccountName,\n DistinctPathCount,\n AllRequestsCount,\n CallerIPCount,\n CallerUACount \n \n \n Microsoft Sentinel also makes it possible to identify storage accounts where public access is allowed. The following query can be used to identify containers with Public Access or Public Network Access enabled. \n \n \n AzureActivity\n| where TimeGenerated > ago(30d)\n// Extract storage write events\n| where OperationNameValue =~ \"MICROSOFT.STORAGE/STORAGEACCOUNTS/WRITE\"\n| where ActivityStatusValue =~ \"Start\"\n// Extract public access details from the properties\n| extend RequestProperties = parse_json(tostring(Properties_d[\"requestbody\"]))[\"properties\"]\n| extend PublicAccess = RequestProperties[\"allowBlobPublicAccess\"]\n| extend PublicNetworkAccess = RequestProperties[\"publicNetworkAccess\"]\n| extend ResourceId = iff(isnotempty(_ResourceId), _ResourceId, ResourceId)\n| extend StorageAccount = split(ResourceId, \"/\")[-1]\n| project\n TimeGenerated,\n Account=tostring(StorageAccount),\n ResourceId,\n OperationNameValue,\n PublicAccess,\n PublicNetworkAccess,\n RequestProperties,\n ActivityStatusValue\n| where isnotempty(PublicAccess)\n| summarize\n arg_max(TimeGenerated, PublicAccess),\n arg_max(TimeGenerated, PublicNetworkAccess)\n by Account\n| where PublicAccess == true\n| project LastStatus=TimeGenerated, Account, PublicAccess, PublicNetworkAccess\n| order by LastStatus \n \n \n \n \n Background - Azure Storage accounts and access levels \n \n Azure Storage accounts store data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for the data to be accessible from anywhere globally. Data in the storage account is durable, highly available, secure, and massively scalable. \n \n Azure Blob Storage is one of the most popular services used in storage accounts. It's Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data which doesn't adhere to a particular data model or definition, such as text or binary data. \n \n The cloud provider's APIs make it easy to retrieve data directly from the storage service, and threat actors leverage it to collect and exfiltrate sensitive information from open resources. \n \n Blob storage offers three types of resources: \n \n Storage account – provide a unique namespace for the data. There are no two storage accounts with the same name. \n Container in storage accounts – organizes a set of blobs, like a directory in a file system. A storage account can include an unlimited number of containers, and a container can store an unlimited number of blobs. \n Blob in containers – There are three types of blobs: block blobs that store text and binary data, append blobs that are made up of blocks like block blobs but optimized for append operations, and Page blobs that store random access files. Page blobs store virtual hard drive (VHD) files and serve as disks for Azure virtual machines. \n \n Let's take an example that is used along with this post. We created a storage account named \"mediaprod1\", which has 3 containers named \"pics\", \"vids\", and \"audio\". There are different blobs representing pictures, videos, and audio files in them. The following diagram shows the relationship between the resources: \n \n This is how it looks in the Azure Portal: \n List of blobs within the ‘pics’ container: \n \n The following is important for our topic because this is exactly what threat actors exploit. Every Blob stored in the account has an address that includes a combination of the account name, the blob service name, the container name, and the blob name. This information forms the endpoint URL that allows access to the Blob. The structure is as follows: \n https://<<storage-account-name>>.blob.core.windows.net/<<container-name>>/<<blob-name>> \n If we take our example, the URL to one of the blobs in the ‘mediaprod1’ account looks like this: \n \n \n Accessing the data in storage accounts \n Data is stored in blobs, and access to that data is determined by the networking rules, storage account access configuration, and the access level to the container that stores the data. \n \n Storage accounts are configured by default to allow public access from the Internet, but it is possible to block it. Containers can be set into three different access levels, allowing the resource owners to determine if access to the data can be unauthenticated (also known as anonymous access) or only with authentication, which requires the storage account key, SAS token, or AAD to access the container and blob information. \n \n The three access levels to containers: \n \n Container – Open to public access. Blobs and container data can be read without authentication. It is also possible to enumerate (list) all the blobs within the container without authentication if the storage account and container names are known. \n \n \n Blob – Semi-open to public access. It's impossible to get the container information and enumerate the blobs within them without authentication. But blob data can be read without authentication (anonymously) with its URL, meaning that threat actors can guess the full URL (account name, container name, and blob name) and access the data. This access level is still open to public access but is more restricted than the ‘Container’ access level. \n \n \n \n Private (default) – Requires authentication to access blobs, container data, and enumerate blobs within the container. This is the most secure container access level. In the screenshots below, you can see the container access level configuration of a blob container (in the Azure Portal): \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n MITRE ATT&CK® tactics and techniques covered in this post \n \n \n \n Cloud Infrastructure Discovery (Technique T1580) \n An adversary may attempt to discover available infrastructure and resources within an infrastructure-as-a-service (IaaS) environment. This includes computing resources such as instances, virtual machines, and snapshots, as well as resources of other services, including storage and database services. \n \n \n Cloud Storage Object Discovery (Technique T1619) \n \n Adversaries may enumerate objects in cloud storage infrastructure and use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. After identifying available storage services, adversaries may access the contents/objects stored in cloud infrastructure. \nCloud service providers offer APIs allowing users to enumerate objects stored within cloud storage. Examples include ListObjectsV2 in AWS and List Blobs in Azure. \n \n \n Data from Cloud Storage Object (Technique T1530) \n \n Adversaries may access data objects from improperly secured cloud storage. These solutions differ from other storage solutions (such as SQL or Elasticsearch) because there is no overarching application. Data from these solutions can be retrieved directly using the cloud provider's APIs. \n \n \n \n \n \n \n \n \n \n \n \n \n \n Learn More \n \n \n Learn more on the threat matrix for storage services. \n Get started and learn more about the capabilities and features of Microsoft Defender for Storage. \n Watch the “Defender for Cloud in the Field - Defender for Storage” YouTube episode to learn more about the threat landscape for Azure Storage and how Microsoft Defender for Storage can help detect and mitigate these threats. \n Visit the Microsoft Defender for Cloud website to learn more about the plans and capabilities. \n Subscribe to our YouTube series for product deep dives. \n Follow us at @MSThreatProtect for the latest news and updates on cybersecurity. \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"42271","kudosSumWeight":12,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODc3OWkyRjE5NjhBRjdBMzU5NzM3?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU2MWlBREI5QjlCREFDRjYxRjQ0?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU3MmlDMDdDRTZBNUI3MjY0QjQx?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2MmlEN0YzNUVEOEExRTRDOTFF?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2M2lDRUY2MUM4MDJDRTA4QkY4?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU4MmlBREE5N0M0OTkxNTJBNkVF?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjU4NGk1MDk4MUVDOTRDQzUzMUZG?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjY3MGkwNDY3Q0FGQThDNDlGNEQ3?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODQ2Nmk3RkRCMTBGMjhFODY0OTZD?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjY3OWlGQzI2NDIyMzM4RjkxMkUy?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NGlGMEUxQzkzOUU3QjdENEI2?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NWlEMjMzQ0Y0NjUzMkUxQTcw?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0NmkzNEVBRkExOTFEMkRCNkMz?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0N2k3QTgwMkVFQUYwQTk2QzRG?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0OGk0OUE4MENDMzA2RDI4QTdG?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU0OWk2NzhBNUNCNDQzMUNFNjEz?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1MGkwQUU5MjQ1RDBGNUQ0QUY5?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1M2kyNTM0OEJFRUVGMDM2Mjg4?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1NWk0QTJCNTY5NzFGMkFERUI0?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1Nmk0QTQ1N0M0NDM5NzM2QzQ0?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1N2k4QTNEMDJDOTM0QkVFRjNB?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU1OGkwMEFBM0FERTM5QURBM0JC?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjkxMmlCODZGNzBEN0Q4RjlENUE3?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzNjkxNWk0QjhCNkFDRjE4OTk5MDA0?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzM1MjM4LTQzODU2MGkwNTE1OTEwQzc2RjE4RjE5?revision=1\"}"}}],"totalCount":31,"pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI1","hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:2429724":{"__typename":"Conversation","id":"conversation:2429724","topic":{"__typename":"BlogTopicMessage","uid":2429724},"lastPostingActivityTime":"2024-08-14T08:57:00.128-07:00","solved":false},"User:user:157704":{"__typename":"User","uid":157704,"login":"Fernanda_Vela","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xNTc3MDQtVlFjV2VY?image-coordinates=0%2C62%2C1125%2C1187"},"id":"user:157704"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyNmlFMEVBODhEMEEwODhFNkMz?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyNmlFMEVBODhEMEEwODhFNkMz?revision=10","title":"Fernanda_Vela_0-1713392340937.png","associationType":"BODY","width":2814,"height":1448,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyN2lBODZEQjg3RDE5MTQzOEEx?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyN2lBODZEQjg3RDE5MTQzOEEx?revision=10","title":"Fernanda_Vela_1-1713392340947.png","associationType":"BODY","width":1746,"height":1558,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyNWk0MUNBQUI4RkE4OUI3MzVD?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyNWk0MUNBQUI4RkE4OUI3MzVD?revision=10","title":"Fernanda_Vela_2-1713392340954.png","associationType":"BODY","width":1976,"height":1182,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyOWkyMjE0Mjc4MTk5N0Q5Mzg0?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyOWkyMjE0Mjc4MTk5N0Q5Mzg0?revision=10","title":"Fernanda_Vela_3-1713392340963.png","associationType":"BODY","width":2740,"height":1306,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMGlCQTk5RTBFN0JGNzZEMEQ5?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMGlCQTk5RTBFN0JGNzZEMEQ5?revision=10","title":"Fernanda_Vela_4-1713392340972.png","associationType":"BODY","width":2746,"height":1190,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyOGk5NzVERDI2QTdDMDQ4RTM1?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyOGk5NzVERDI2QTdDMDQ4RTM1?revision=10","title":"Fernanda_Vela_5-1713392340973.png","associationType":"BODY","width":998,"height":66,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMmlEMjBDQjRGRkZGQkJFN0U4?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMmlEMjBDQjRGRkZGQkJFN0U4?revision=10","title":"Fernanda_Vela_6-1713392340974.png","associationType":"BODY","width":366,"height":118,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMWlBRjE5MkM2M0VFQTc3NzBG?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMWlBRjE5MkM2M0VFQTc3NzBG?revision=10","title":"Fernanda_Vela_7-1713392340974.png","associationType":"BODY","width":540,"height":98,"altText":null},"BlogTopicMessage:message:2429724":{"__typename":"BlogTopicMessage","subject":"Microsoft Defender for Storage – Price Estimation Dashboard","conversation":{"__ref":"Conversation:conversation:2429724"},"id":"message:2429724","revisionNum":10,"uid":2429724,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:157704"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":34700},"postTime":"2021-06-09T05:15:05.153-07:00","lastPublishTime":"2024-04-18T01:52:30.917-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Blog post updated on April 17th, 2024. \n \n Estimate the cost of Microsoft Defender for Storage \n Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects potential threats to your storage accounts. It helps prevent the three major impacts on your data and workload: malicious file uploads, sensitive data exfiltration, and data corruption. \n \n This blog post explains how to use a new workbook that helps you estimate the cost of Microsoft Defender for Storage and add-ons, like Malware Scanning, based on your current storage usage. \n Prerequisites \n To use the cost estimation workbook, you need the following: \n \n At least one Azure subscription with Storage Accounts (Defender for Storage is not required) \n Access to the Azure portal \n Subscription or resource-level reader permission \n \n \n At least Workbook Contributor permissions on the targeted resource group to save the workbook \n \n Access the cost estimation workbook \n The workbook is available in the Microsoft Defender for Cloud’s GitHub repository. You can access it directly from this link. \n \n Deploy it \n \n Go to the Workbook’s location Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation at main · Azure/Microsoft-Defender-for-Cloud (github.com) \n In the ReadMe.md file, click the button “Deploy to Azure” \n \n \n \n \n This will take you to the Azure portal and the template settings will display for you to fill them. The subscription, resource group and region are required for you to Review + Create. \n \n \n \n \n After clicking on “Review + Create” the workbook will show in your resource group. \n Click on it and then on “Open Workbook”. \n \n \n \n How it looks like \n \n \n \n \n \n The workbook will display the following information in the tab “Defender for Storage coverage”: \n \n \n \n \n \n Column name \n \n \n Description \n \n \n \n \n Subscription \n \n \n Subscription name in the scope. \n \n \n \n \n In trial \n \n \n True/False value if the subscription has a free trial. \n \n \n \n \n Is enabled \n \n \n Enabled/Disabled value if there’s a Defender for Storage plan enabled. \n \n \n \n \n DF-Storage plan \n \n \n The Defender for Storage plan enabled at the subscription-level or if it’s disabled. \n \n \n \n \n Malware scanning enabled \n \n \n True/False value if the Defender for Storage add-on Malware Scanning enabled at the subscription-level. For Classic plans, it will show in blank since this feature is not available there. \n \n \n \n \n Malware scanning cap \n \n \n The cap setting value at the subscription level. \n \n \n \n \n Sensitive data discovery enabled \n \n \n True/False value if the Defender for Storage add-on Sensitive Data Discovery is enabled at the subscription-level. For Classic plans, it will show in blank since this feature is not available there. \n \n \n \n \n \n \n The tab “Cost estimation” will display the following information: \n \n \n \n \n \n Column name \n \n \n Description \n \n \n \n \n Subscription \n \n \n Subscription name in the scope. \n \n \n \n \n Storage account \n \n \n Storage account name in the scope. \n \n \n \n \n Estimated monthly transactions \n \n \n Transactions taken from a 7-day usage-sample and then used for a 30-day result. \n \n \n \n \n Overage transactions \n \n \n Total transactions that are more or equal to 73M. \n \n \n \n \n Storage account cost \n \n \n Cost without considering overage. This is $10 USD. \n \n \n \n \n Estimated overage charge \n \n \n Overage transactions cost \n \n \n \n \n Estimated monthly cost (activity monitoring) \n \n \n “Storage account cost” + “Estimated overage charge” \n \n \n \n \n Estimated monthly uploaded GBs \n \n \n 7-day ingress bytes taken from microsoft.storage/storageaccounts/blobservices-Transaction-Ingress; then this is extrapolated to estimate the monthly total based on a standard 30-day month, and finally, it converts this monthly total from bytes to gigabytes using the factor 1073741824 (bytes per gigabyte). \n The APIs in the filter are: AppendFile, CopyBlob, CreatePathFile, FlushFile, PutBlob, PutBlock, PutBlockFromURL, PutBlockList. \n \n \n \n \n Estimated malware scanning cost \n \n \n Cost considering “Estimated monthly uploaded GBs”. Malware Scanning cost is currently $0.15 USD per GB scanned. \n \n \n \n \n \n Note: You can filter the results by subscription and storage account. \n \n Workbook estimation limitations \n This tool estimates malware scanning costs based on the total volume of blobs uploaded, as indicated by Blob Ingress metrics. Please consider the following: \n \n Multiple scans: Specific upload methods, such as PutBlockList operations, may trigger multiple scans for a single blob (e.g., when writing logs to the same blob). This tool does not accurately capture the additional costs from multiple scans triggered by such operations. \n Index Tag costs: Costs associated with blob index tags, which store scan times and results on supported blobs, are not included in these estimates. Learn more on index tags costs in the Azure Storage Blobs Pricing page. \n Blob size: The estimation accounts for all uploaded blobs; however, only blobs smaller than 2GB are actually scanned. \n \n \n Good to know \n \n \n \n \n \n \n Note: Resources protected before March 28, 2023, are protected by Defender for Storage (classic) plan. Customers who protected storage accounts prior to this (under the per-transaction or per-storage account plans) are encouraged to migrate to the new plan to enjoy enhanced capabilities. Please note that after March 28, 2023, all new subscriptions created through the Azure portal will enable the new Defender for Storage (per-storage account plan) by default. Learn about migrating to the new plan. \n \n \n \n \n \n \n The cost of Defender for Storage is based on the number of storage accounts within a subscription. Storage accounts that have less than 73 million monthly transactions, are billed at $10 USD each. Storage accounts with higher transaction volume (above 73M monthly transactions) will experience an overage charge of $0.1492 per additional 1 million transactions. \n \n \n \n \n \n \n \n \n \n This PowerShell script helps you enumerate all storage accounts in your environment and get the transaction metrics for the last week. \n \n \n \n \n \n Calculating across several large subscriptions or a tenant \n To pull Blob and File Transactions from each Storage Account in larger subscriptions or across a tenant use this PowerShell script. The Price Estimation used in the script is calculated differently from the workbook described in this blog post. Note that the PowerShell script does not currently estimate the add-on Malware Scanning. This will come in the next couple of weeks. \n \n \n \n Known Issues \n \n Azure Monitor Metrics data backends have limits and probably the number of requests to fetch data across Storage Accounts might time out. To solve this, you will need to narrow the scope (reduce the selected Storage Accounts). \n Errors might reflect by showing 0 transactions in Files and Blobs. To verify this error, go to Edit Mode and the \"Timed out\" message will be displayed in the query. \n If you don’t have permissions to read on the storage accounts, there might be an error like this: \n \n \n \n \n Contributors: Eitan Shteinberg, Fernanda Vela, Rogério Barros, Hasan Abo-Shally, Dick Lake, Shay Amar, Daniela Villareal, \n \n Reviewer: Yuri Diogenes \n \n \n References: \n \n Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation at main · Azure/Microsoft-Defender-for-Cloud (github.com) \n Pricing—Microsoft Defender for Cloud | Microsoft Azure \n Pricing Calculator | Microsoft Azure \n Microsoft Defender for Storage - the benefits and features | Microsoft Docs \n Azure-Security-Center/Powershell scripts/Read Azure Storage Transaction Metrics at main · Azure/Azur... \n Microsoft-Defender-for-Cloud/Powershell scripts/Storage Price Estimation Script at main · Azure/Micr... \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8168","kudosSumWeight":9,"repliesCount":4,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyNmlFMEVBODhEMEEwODhFNkMz?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyN2lBODZEQjg3RDE5MTQzOEEx?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyNWk0MUNBQUI4RkE4OUI3MzVD?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyOWkyMjE0Mjc4MTk5N0Q5Mzg0?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMGlCQTk5RTBFN0JGNzZEMEQ5?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEyOGk5NzVERDI2QTdDMDQ4RTM1?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMmlEMjBDQjRGRkZGQkJFN0U4?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNDI5NzI0LTU3MjEzMWlBRjE5MkM2M0VFQTc3NzBG?revision=10\"}"}}],"totalCount":8,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3972370":{"__typename":"Conversation","id":"conversation:3972370","topic":{"__typename":"BlogTopicMessage","uid":3972370},"lastPostingActivityTime":"2023-11-03T11:29:08.875-07:00","solved":false},"User:user:2121986":{"__typename":"User","uid":2121986,"login":"Srinivas_Nalla","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-9.svg?time=0"},"id":"user:2121986"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTcyMzcwLTUyMjAxN2lBRkEwODgwNUYxODU0MDc5?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTcyMzcwLTUyMjAxN2lBRkEwODgwNUYxODU0MDc5?revision=10","title":"FileUploadMalwareScannerArchitectureUsingMicrosoftDefenderForStorage.jpeg","associationType":"BODY","width":1883,"height":1263,"altText":null},"BlogTopicMessage:message:3972370":{"__typename":"BlogTopicMessage","subject":"E2E Bootstrap Solution for Malicious File Scanning Using Microsoft Defender for Storage in Azure","conversation":{"__ref":"Conversation:conversation:3972370"},"id":"message:3972370","revisionNum":10,"uid":3972370,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:2121986"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for storage malware scanning. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":18421},"postTime":"2023-11-03T11:11:15.235-07:00","lastPublishTime":"2023-11-03T11:29:08.875-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" This blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for storage malware scanning. \n Real-world Scenario: \n \n In a typical complex web application, file uploads are a common occurrence across various application scenarios (for instance an application responsible for handling employee payroll may have one module accepting proof of identity documents from employees for personal information updates and other module handling employee reimbursement requests based on the uploaded expense receipts). \n \n Let's consider a scenario that requires file upload use-cases, and each use-case needs its individual storage account to manage its file uploads. Enabling Microsoft Defender for Storage’s add-on Malware Scanning on the scenario specific storage account can lead to inadvertent invocation of malicious files as developers may have direct access to them for troubleshooting the issues or it may not be the most cost-effective approach for handling scanning across each storage account container. \n \n To address this challenge, we can create a solitary storage account container that remains separate from the storage containers specific to individual application scenarios. We can refer to this as a \"Demilitarized Zone (DMZ) Storage Account Container\", which acts as the frontline defence for processing file uploads originating from different application scenarios. Access to the DMZ container can be highly restricted, ensuring that only malware-free files proceed to the scenario-level storage account containers. At this stage, specific scenario-level processing can be conducted via middleware functions. In the event of malicious file detection within the DMZ container, our malware file processing functions can either delete the file on the spot or transfer it to a Quarantine Storage Account Container, which is accessible exclusively to security analysts. In-Depth Architectural Pattern: \n \n Drawing inspiration from the above use case, we've developed an efficient pattern that revolutionizes the conventional approach to accessing file scan status results via blob index tags. We introduce a Push-based architecture, which promptly notifies connected clients of file scan status. Additionally, it addresses the challenge of invoking supporting APIs to display other functionalities, such as delete or download options, upon successful file uploads to the destination system. \n \n This architectural design leverages the capabilities of various Azure services: \n \n \n Microsoft Defender for Cloud-Enabled Storage Account (DMZ Storage Account Container): This Storage Account Container is where the application uploads multiple scenario specific files. \n \n \n \n Azure SignalR Service: To implement a push-based event notification mechanism, we utilize the Azure SignalR service. The Azure SignalR Hub efficiently manages concurrent connections from thousands to millions of clients and delivers events to actively connected clients at least once. During the file upload process, we connect to the Azure SignalR Hub, and the Azure SignalR service establishes a connection to its server using supported protocols like WebSocket, Server Sent Events or Long Polling, depending on underlying browser compatibility. This enables us to promptly display file scan status to users without requiring page refreshes or prolonged waiting, as opposed to periodically monitoring the presence of file scan index tags on blobs after a file scan. \n \n Read more about Azure SignalR Service here and please note that using Azure SignalR incurs additional cost depending on the chosen plan. Check more on Azure SignalR Pricing here. \n \n \n Azure Event Grid Topic: We employ an Event Grid topic to capture file scan status results from Microsoft Defender for Cloud Storage Malware Scanning, which is enabled at the storage account. The Event Grid Topic offers a wide range of subscription capabilities for multiple channels and Azure services to consume event statuses. In our pattern, we integrate and subscribe this to Azure Functions. Event Grid Topic created can be configured to receive events by navigating to Storage Account > Microsoft Defender for Cloud > Settings > Enable Event Grid > Select the newly created event grid topic from the list. Check the detailed tutorial here for manual creation. We will soon have bicep template ready to automate event grid creation process and configuring it to Defender for Cloud Storage Malware settings, check the bicep template updates here. \n \n Read more about Azure Event Grid Service here and please note that using Azure Event Grid incurs additional cost depending on the chosen plan. Check more on Azure Event Grid Service Pricing here. \n \n \n Azure App Configuration: Azure App Configuration serves as the repository for configuration information necessary for the smooth operation of this architectural pattern. It also stores the configuration required for moving files from the DMZ storage account container to application scenario specific storage account containers once file status becomes available. \n \n Read more about Azure App Configuration Service here and please note that using Azure App Configuration Service incurs additional cost depending on the chosen plan. Check more on Azure App Configuration Service pricing here. \n \n \n Azure Key Vault: For secure storage and retrieval of secrets, we rely on Azure Key Vault and reference them in Azure App Configuration. \n \n Read more about Azure Key Vault Service here and please note that using Azure Key Vault service incurs additional cost depending on the chosen plan. Check more on Azure Key Vault Service pricing here. \n \n \n Architectural Diagram: visio link \n \n \n \n \n Let's delve into the architectural workflow: \n \n \n The user initiates the file upload process through the application, sending the file to the DMZ storage account container. Simultaneously, in the background, the application establishes a connection to the Azure SignalR Hub to monitor file scan statuses. \n Microsoft Defender for Storage’s Malware Scanning, enabled at the DMZ Storage Account, scans for malware in blobs – near-real time - and transmits the scan status to the configured Event Grid Topic. \n The Event Grid Topic has a subscription with an Event Grid Trigger called \"Generic File Status Checker Azure Function\". This function relays the file scan status to the SignalR Hub and takes appropriate actions. If the scan results indicate a non-malicious status “No threats found”, the file is moved from the DMZ storage container to the storage container specific to the application scenario. In the event of a malicious scan result “Malicious”, the file is deleted from the DMZ storage container, and a failure status is promptly relayed to the SignalR Hub. \n Once the scan status becomes available in the SignalR Hub, the connected user, who uploaded the file for a specific scenario, is promptly notified about the file scan result. This notification occurs efficiently without necessitating a screen refresh or causing any undue delays. \n After the file is transferred to the application’s scenario-specific container, developers can create scenario-specific middleware functions to process the files according to their scenario requirements. Subsequently, they can transmit the success or failure status of the scenario-specific processing to the SignalR Hub. \n Once the connecting client receives the status of the scenario-specific processing, the application can invoke supporting APIs to enable more detailed functionalities, such as deletion and efficient downloading of the processed content, all without the need for a screen refresh. \n \n \n Key Generic Components: \n \n The generic bootstrap solution has following components to facilitate the end-to-end experience from file upload process within multiple scenarios of an application to file scan status communication to connected client (Web UI) The below generic components are available for consumption at Microsoft Opensource GitHub Project \n \n Bicep Infra files: Spin up required resources responsible for solution consumption in seconds. Click Here to view Bicep Code \n \n SignalR Negotiate Azure function: Facilitates secured way of establishing connection with SignalR instance in a serverless methodology by exchanging connection string and short lived authentication code. Click Here to view Function Code \n \n SignalRWrapper NPM Package: Code NPM Package Link \n \n The Generic NPM package takes care of establishing connection handshake process with Azure SignalR Service. \n Registers event listeners on interested topics. \n Clients can configure event handlers responsible for processing file malware status \n Connection clean-up. \n \n \n Generic File Scan Status Checker Azure function : Click Here to view Function Code \n \n File scan status is sent to Event grid which will trigger the File Scan status checker function. \n File Scan Status Checker function sends the scan status to SignalR hub. \n and the status checker function moves the file to respective scenario specific container if the status is non-malicious result. \n or else if the status is Malicious then the file is deleted from the DMZ container and appropriate status is sent to SignalR hub. \n \n Detailed Documentation related to code consumption can be found here. \n \n \n Authors: \n Srinivas Nalla, Software Engineer 2, Microsoft Digital \n Ajith Kumar Rai, Software Engineer 2, Microsoft Digital \n Deepika Somagari, Software Engineer 2, Microsoft Digital \n \n Reviewers: \n Arieh Bibliowicz, Principal Software Engineer, Microsoft Defender for Cloud \n Ashish Mathur, Principal Software Engineer, Microsoft Digital \n Fernanda Vela, Product Manager 2, Microsoft Defender for Cloud CXE ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10056","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTcyMzcwLTUyMjAxN2lBRkEwODgwNUYxODU0MDc5?revision=10\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3884470":{"__typename":"Conversation","id":"conversation:3884470","topic":{"__typename":"BlogTopicMessage","uid":3884470},"lastPostingActivityTime":"2025-03-31T05:37:37.199-07:00","solved":false},"User:user:1298000":{"__typename":"User","uid":1298000,"login":"Inbal_Argov","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMjk4MDAwLTQ5MjU2OGlFQTQyRERDMThGQTdCQjcx"},"id":"user:1298000"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjYzNWlGREE2REE5N0NCRDJBNjcw?revision=8\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjYzNWlGREE2REE5N0NCRDJBNjcw?revision=8","title":"Malware Scanning in Defender for Storage.png","associationType":"BODY","width":1284,"height":724,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjI5MGkwMDMwNTk4RkJCQjA3RjBD?revision=8\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjI5MGkwMDMwNTk4RkJCQjA3RjBD?revision=8","title":"Malware Scanning - Tax App.gif","associationType":"BODY","width":2066,"height":1390,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjI4OWk4NDU3RDVCNkI4NDBDMjFF?revision=8\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjI4OWk4NDU3RDVCNkI4NDBDMjFF?revision=8","title":"View and consume malware scanning results.png","associationType":"BODY","width":1280,"height":722,"altText":null},"BlogTopicMessage:message:3884470":{"__typename":"BlogTopicMessage","subject":"Malware Scanning for cloud storage GA announcement | prevent malicious content distribution","conversation":{"__ref":"Conversation:conversation:3884470"},"id":"message:3884470","revisionNum":8,"uid":3884470,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:1298000"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" How to prevent malicious content distribution from your cloud storage a scalable, built-in, and agentless solution ","introduction":"","metrics":{"__typename":"MessageMetrics","views":17519},"postTime":"2023-07-26T05:44:54.798-07:00","lastPublishTime":"2023-09-18T07:36:34.597-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Malware Scanning in Defender for Storage is generally available (GA) for Azure Blob Storage (since September 1, 2023). This add-on to Defender for Storage is priced at $0.15 (USD) per GB of data scanned. \n \n Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events. \n \n Defender for Storage helps prevent the three major impacts on your data and workload: malicious file uploads, sensitive data exfiltration, and data corruption. Malware Scanning is its latest feature. Defender for Storage is part of Microsoft Defender for Cloud, a CNAPP solution. \n \n \n \n \n \n \n \n \n Enabling Malware Scanning at scale is easy and simple, requires zero maintenance, and supports automated responses at scale. You can enable it with an Azure built-in policy (recommended), IaC templates such as Bicep and ARM, REST API, or the Azure portal UI to enable at scale. \n \n \n \n \n \n \n \n Malware protection is old news, but protecting your non-compute resources from malware still proves to be difficult \n \n Compute vs. non-compute malware protection: \n \n The malware distribution challenge is not new. Traditionally, endpoint detection and response (EDR) solutions solve this problem for compute resources such as VMs and containers. However, non-compute resources such as storage are much harder to protect against malware - they do not have a compute layer to run antimalware tools, installing an EDR on them is impossible. \n While non-compute resources cannot be infected by malware (because it cannot be executed in a non-compute environment), cloud storage resources are central hubs of data that downstream consumers tend to trust. \n This means that storage can be a gateway and distribution point to malware into your org or to 3 rd parties and consumers. \n \n \n Untrusted content uploaded to cloud storage could be malware. Without verifying that incoming files are free of malicious content before they’re uploaded, storage accounts can become a malware entry point into the organization and serve as a point of distribution to the environment. This is because your storage accounts are data hubs and are typically a convenient place to upload content to, and have many downstream consumers pull the data and transform it. \n \n The malware could be distributed downstream to consumers in multiple copies. If the malware finds a host to run on – the impact could be game over. \n It could lead to data loss or corruption, steal sensitive data and authentication tokens, and present opportunities for potential ransomware attacks. It’s common for these attacks to damage the reputation of organizations and cause significant harm, regulatory fines, and compliance issues, making the protection of non-compute resources a challenging yet crucial aspect of cybersecurity. \n \n That’s why top compliance standards, such as NIST, SWIFT, and UK Government protocols, as well as security best practices, require scanning files in cloud storage before human users or applications access them. \n \n Traditional approaches to addressing the cloud storage malware protection challenge have scalability and privacy issues. Some popular approaches are sending files to a VM that runs antivirus, like open source ClamAV or by EDR providers, or running SaaS solutions that are not tailored to PaaS and IaaS. \n \n The main issue with these systems is they don't scale well, require too many resources, rely heavily on multiple copy jobs and complex networking, and keep you waiting a bit too long before they start scanning, creating hiccups in your apps and workflows. In most cases, they'll have you tangled up in intricate networking and juggling data management tasks, adding to your IT team's workload. The enablement friction and resource scaling maintenance is cumbersome, creates overhead, and leaves too much room for error. \n Unfortunately, these solutions fail to scale up as needed, and instead of protecting, they might increase the attack surface because of the data flow and resources. So, we end up needing even stronger security measures. \n An alternative approach to address these challenges involves sending files, or their signatures, to external third-party services for malware detection. \n The key drawback of such solutions is their inherent requirement to move your potentially sensitive data outside your existing environment, crossing regional and cloud boundaries. This is a compliance and privacy issue that exposes your data to potential leaks and breaches and places it beyond your control. \n \n \n A modern, private, and scalable approach that helps protect your cloud storage from malware, built for high-compliance industries \n \n Malware Scanning in Defender for Storage offers built-in and agentless detection with zero maintenance. \n \n As soon as a file is uploaded to a storage account, Malware Scanning will immediately read the uploaded content, scan it out of band, and detect polymorphic and metamorphic malware in near real-time. \n \n If a file is determined as malicious by the Microsoft Defender Antivirus engine, access to the file can be blocked, the file can be quarantined or deleted, and the scan result will automatically trigger a security alert in Defender for Cloud or other workflows, so your SOC analysts have full context on the malicious findings. \n \n To maintain maximum privacy, the regional malware scanning engine never retains the content of the files, and the data is never centralized. Files are scanned \"in-memory\" and are never stored in the Malware Scanning engine. \n \n Malware Scanning occurs within the same region of the storage account. In some cases, when a file is suspicious, and more data is required, the Malware Scanning engine may share metadata outside the scanning region, including metadata classified as customer data (e.g., SHA-256 hash), with Microsoft Defender for Endpoint, leveraging its powerful Cloud Protection features. \n \n \n Supporting fully-fledged features with granular cost control at the feature level \n \n The Malware Scanning capability within Defender for Storage was built with flexibility and cost management in mind. It allows enablement either at the subscription level or at the resource level while offering the ability to exclude individual storage accounts from protection. \n \n You can control and cap your costs. The pricing of Malware Scanning is based on the number of gigabytes (GB) of data scanned. For granular cost control, there's an option to set a monthly limit on the volume of data scanned per storage account per month. This limit can be set for the entire subscription or for each individual storage account. Once the set limit is reached in a month, the scanning process halts to prevent additional costs. You will be alerted when nearing the cap, and when crossing it. The default cap for the recommended enablement methods is 5TB per storage account per month. \n \n You can also choose to enable logging for every scan result (including clean files) for compliance needs. \n \n \n A hands-on lab to try out Malware Scanning in Defender for Storage \n \n We recommend you try the Ninja training instructions for detailed step-by-step instructions on how to test Malware Scanning end-to-end with setting up responses to scanning results. This is part of the 'labs' project that helps customers get ramped up with Microsoft Defender for Cloud and provide hands-on practical experience with its capabilities. \n \n \n Common use cases \n \n In the last two years, we’ve worked with customers who’ve used the beta version of Malware Scanning and helped design it. During that process, we’ve learned the common use cases and scenarios that require and typically utilize malware scanning in cloud storage services to maintain data and system integrity. The following list is an example of some of these: \n \n \n Web applications: many cloud web applications allow users to upload content to storage. This allows low maintenance and scalable storage for applications like tax apps, CV upload HR sites, and receipts upload. \n Content protection: assets like videos and photos are commonly shared and distributed at scale both internally and to external parties. CDN and content hubs are a classic malware distribution opportunity. \n Compliance requirements: resources that adhere to compliance standards like NIST, SWIFT, GDPR, and others require robust security practices, which include malware scanning. It is critical for organizations operating in regulated industries or regions. \n Third-party integration: third-party data can come from a wide variety of sources, and not all of them may have robust security practices, such as business partners, developers, and contractors. Scanning for malware helps to ensure that this data doesn't introduce security risks to your system. \n Collaborative platforms: similar to file sharing, teams leverage cloud storage for continuously sharing content and collaborating across teams and organizations. Scanning for malware ensures safe collaboration. \n Data pipelines: data moving through ETL processes can come from multiple sources and may include malware. Scanning for malware can help to ensure the integrity of these pipelines. \n ML training data: the quality and security of the training data are critical for effective machine learning models. It's why it's important to ensure these data sets are clean and safe, especially if they include user-generated content or data from external sources. \n \n \n \n See it at work \n \n Here’s a short demo showcasing Malware Scanning capabilities to scan and provide quick, reliable results so you can easily make your applications secure: \n \n In this example, tax files are uploaded to a storage blob container that stores all the uploaded untrusted content. Once a file is uploaded, Malware Scanning scans the files and sends the scanning results to a serverless function that moves clean files to a ‘clean’ blob container and malicious files to a ‘suspicious’ files blob container (for quarantine/deletion). \n \n \n Consuming scan results and setting up response \n \n Scan results are returned for every file scanned. There are several supported methods to consume the scan results, fitting different use cases. Read more about consuming scan results and using them for an automated response. \n \n nsume malware scanning results \n \n \n Getting started \n \n A common way to start is to deploy Malware Scanning protection with this built-in Azure Policy. You can also use IaC templates such as Bicep and ARM, REST API, or the Azure portal UI to enable at scale. \n If you’re using the old (“classic”) Defender for Storage plan, migrate to the new plan to enable Malware Scanning. You can also read about how to run an effective POC. \n \n \n Additional resources \n \n \n Malware Scanning in Defender for Storage documentation. \n A hands-on Ninja lab. \n Built-in Azure Policy to deploy to protect your environment now. \n Watch the “Defender for Cloud in the Field - Defender for Storage” YouTube episode to learn more about the threat landscape for Azure Storage and how Microsoft Defender for Storage can help detect and mitigate these threats. \n Learn more on the threat matrix for storage services. \n \n \n Subscribe to our YouTube series for product deep dives. \n Follow us at @MSThreatProtect for the latest news and updates on cybersecurity. \n \n \n Have questions or comments? Write them below. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"12108","kudosSumWeight":1,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjYzNWlGREE2REE5N0NCRDJBNjcw?revision=8\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjI5MGkwMDMwNTk4RkJCQjA3RjBD?revision=8\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODg0NDcwLTQ5MjI4OWk4NDU3RDVCNkI4NDBDMjFF?revision=8\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3781013":{"__typename":"Conversation","id":"conversation:3781013","topic":{"__typename":"BlogTopicMessage","uid":3781013},"lastPostingActivityTime":"2023-04-04T12:48:08.681-07:00","solved":false},"User:user:447446":{"__typename":"User","uid":447446,"login":"giladelyashar","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS00NDc0NDYtMjE2ODc5aUU3MDVCNTJEODBGNTEyRDg"},"id":"user:447446"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTQxMGkyRDA2QUVDRDcxNEMxMTRD?revision=21\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTQxMGkyRDA2QUVDRDcxNEMxMTRD?revision=21","title":"CNAPP.png","associationType":"BODY","width":1557,"height":875,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTI3M2lBNEFGRUZCRTJBNDNEOTVG?revision=21\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTI3M2lBNEFGRUZCRTJBNDNEOTVG?revision=21","title":"attack path.png","associationType":"BODY","width":2555,"height":1284,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTI2MWkyRUEwRTFGNUI2RTI3REUy?revision=21\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTI2MWkyRUEwRTFGNUI2RTI3REUy?revision=21","title":"malware.png","associationType":"BODY","width":7680,"height":4588,"altText":null},"BlogTopicMessage:message:3781013":{"__typename":"BlogTopicMessage","subject":"Announcing Defender CSPM GA & new data security capabilities in Microsoft Defender for Cloud","conversation":{"__ref":"Conversation:conversation:3781013"},"id":"message:3781013","revisionNum":21,"uid":3781013,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:447446"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Announcing Defender CSPM GA and new data security capabilities in Microsoft Defender for Cloud, our comprehensive multicloud CNAPP ","introduction":"","metrics":{"__typename":"MessageMetrics","views":16767},"postTime":"2023-03-28T08:07:12.520-07:00","lastPublishTime":"2023-03-28T14:01:42.842-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" With the increasing complexity around the development and adoption of cloud applications, organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to cloud infrastructure, and evolving threats that can cause sensitive data exposure. \n \n Microsoft is leading the next chapter of comprehensive multicloud security so organizations can start secure with proactive posture hardening and stay secure with advanced threat protection across cloud apps, infrastructure, and data. \n \n Recognized by Gartner as a Representative Vendor in its 2023 Market Guide on Cloud Native-Application Protection Platforms (CNAPP) 1 , Microsoft Defender for Cloud seamlessly combines security and compliance capabilities into a single platform to provide end-to-end protection across AWS, GCP, Azure, and on-premises. \n \n Today, I am thrilled to announce new CNAPP innovations in Defender for Cloud across posture management and data protection to help organizations seamlessly embed cloud data security into their CNAPP strategy. \n \n General Availability of Microsoft Defender Cloud Security Posture Management (CSPM), now with new integrated data-aware security posture. Defender CSPM extends existing free posture management capabilities to help security teams gain full visibility across their multicloud and hybrid environments, get integrated, contextual risk insights across their infrastructure, quickly identify their most critical risk with attack path analysis, and proactively remediate vulnerabilities and misconfigurations. And today, new integrated data-aware security posture capabilities empower teams to prevent data breaches with full visibility into the multicloud data estate and pressing risks to sensitive data. \n \n \n \n Public Preview of Malware Scanning for Defender for Storage and new data-aware threat detection. Malware Scanning for Defender for Storage enables security teams to scan content upon upload and detect polymorphic and metamorphic malware in near real-time. With agentless and simple at-scale enablement, security teams can prevent distribution of malware across their storage resources. With the new data-aware layer, security teams can leverage the sensitive data threat detection feature to prioritize storage resources containing sensitive data and detect sensitive data exfiltration and exposure events. \n \n \n \n Prioritize your most critical risk with contextual CSPM, now with integrated data-aware security posture \n \n Security teams face both an expanding attack surface and countless alerts across multiple tools and services. At Ignite, we announced the public preview of Microsoft Defender CSPM, and shared how its attack path analysis and cloud security graph helps teams cut through the noise and efficiently focus on remediating the most critical risks across their multicloud and hybrid environments. \n \n Today, I’m thrilled to announce the General Availability of Defender CSPM in Microsoft Defender for Cloud, now with new integrated data-aware security posture management. \n \n Starting today, organizations can use Defender CSPM to gain end-end-end visibility with agentless scanning, real-time security assessments, and contextual cloud security with attack path analysis built on top of an intelligent, searchable cloud security graph. The cloud security graph connects the dots across teams, consolidating posture insights from the code itself with Defender for DevOps and from cloud workloads in runtime across servers, containers, databases, storage and more. It also integrates critical data signals from Defender External Attack Surface Management (EASM) to monitor internet-exposed resources, and leverages Microsoft Purview’s information types, labels, and data context to identify data resources with sensitive data. Further, to help organizations stay secure, Defender CSPM’s integrations with our cloud workload protection (CWP) solutions provide threat-detection alert contexts in attack path analysis to help indicate attempts to exploit vulnerable resources. \n \n Mapping critical assets across cloud workloads is critical to effectively identify security posture priorities. That’s why I’m so excited to share new enhanced value in Defender CSPM with integrated data-aware security capabilities that allow security teams to get ahead of their data risks and prioritize security issues that could result in a data breach. With new automatic discovery capabilities, security teams can gain visibility into their multicloud data estate and evaluate where sensitive data resides, who can access it, and how does the data flows. Powered by the cloud security graph, security teams can also use the cloud security explorer to uncover direct and indirect risks of data exposure across object stores, managed and hosted databases. With attack path analysis, customers can identify misconfigurations or vulnerabilities that can lead to a data breach. \n \n \n \n Microsoft is committed to empowering organizations to start secure and stay secure across their multicloud environments. In this pursuit, just this week, we also announced the general availability of our first multicloud security benchmark – Microsoft cloud security benchmark (MCSB) v1 in Defender for Cloud. The MCSB is available in foundational CSPM, our free tier in Defender for Cloud, and provides a comprehensive framework of cloud security best practices in a single pane of glass to assess and monitor multicloud environments across Azure and Amazon Web Services, with Google Cloud coming later this year. \n \n Stop malware in its tracks and prioritize threats to sensitive data with Defender for Storage \n As more businesses move their data and operations to the cloud, it becomes increasingly important to protect stored data from a variety of threats, including malware and sensitive data corruption and exfiltration. Security teams need to effectively protect cloud object stores to maintain oversight, protect sensitive data, and take proactive security measures. \n \n Microsoft Defender for Storage is a cloud-native layer of security intelligence that detects anomalous and potentially malicious activity to access or exploit object stores such as Azure Blob Storage. Defender for Storage analyzes telemetry streams from storage resources and synthesizes activity against Microsoft’s threat intelligence research to detect anomalous and potentially malicious activity. Customers benefit from contextual security alerts that provide additional investigation details and remediation actions, and security recommendations to protect storage resources from future incidents. \n \n We’re pleased to announce the public preview of a new wave of enhancements to help customers detect malware upon content upload. These new enhancements are available as part of the new Defender for Storage plan, maintaining its existing powerful threat protection, while offering new and future capabilities with improved scalability and optimized granular protection control. \n \n Going forward, the new product plan will be referred to as Defender for Storage. The previous product plan will be referred to as Defender for Storage (classic). \n \n \n \n \n With the public preview of Malware Scanning, security teams can enable an additional layer of protection to detect and prevent storage accounts from acting as a point of malware entry and distribution. When content is uploaded to an Azure Blob container, it’s automatically scanned for metamorphic and polymorphic malware and analyzed in near-real time, with results automatically recorded on the blob metadata. \n \n If a malicious file is detected, a security alert is generated with details, threat research, and remediation steps. Customers can go beyond detection and configure automated workflows to delete or quarantine malware-infected files from infiltrating your storage resources. \n \n To further focus on critical threats, Defender for Storage will now include sensitive data threat detection. Customers can now leverage sensitive data discovery on Azure Blob containers to make their threat protection data-ware by creating contextual alerts, prioritizing sensitive data exfiltration or exposure events. \n \n We have a thriving and passionate community of customers using Defender for Cloud to manage security across clouds. I am excited to introduce these new capabilities today and wanted to share an insight from one of our customers: \n \n “Protecting storage accounts from untrusted content is one of our top security concerns. Now that Defender for Storage has extended its malware scanning capabilities and provided us with built-in near real time full scanning, it allows us to replace our custom solutions meaning lower TCO and lower risk. We can now meet compliance regulations and stay secure with simple setup and zero maintenance.” \n – Pete van Blerk, Security Lead at NewOrbit \n \n Learn More \n From code to cloud, Defender for Cloud is the platform, powered by intelligence, that will help you go beyond CNAPP and secure your cloud data estate. Develop an infinite mindset to cloud security and learn more about the expansion of the security portfolio in Microsoft Defender for Cloud. Get started today with these new innovations in Microsoft Defender for Cloud. \n \n 1 Gartner®, Market Guide for Cloud-Native Application Protection Platforms, March 14, 2023. Neil MacDonald, et al. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9618","kudosSumWeight":7,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTQxMGkyRDA2QUVDRDcxNEMxMTRD?revision=21\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTI3M2lBNEFGRUZCRTJBNDNEOTVG?revision=21\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNzgxMDEzLTQ1NTI2MWkyRUEwRTFGNUI2RTI3REUy?revision=21\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3974789":{"__typename":"Conversation","id":"conversation:3974789","topic":{"__typename":"BlogTopicMessage","uid":3974789},"lastPostingActivityTime":"2024-03-26T20:16:28.995-07:00","solved":false},"User:user:1303763":{"__typename":"User","uid":1303763,"login":"Asaf_Nakash","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMzAzNzYzLTM0NzExOWk2QTNGQTgwREI3OEIxRDFE"},"id":"user:1303763"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyOTUwNmk2NkVDMEZCRjcwQUJFMjQ4?revision=13\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyOTUwNmk2NkVDMEZCRjcwQUJFMjQ4?revision=13","title":"terraformMDC.png","associationType":"TEASER","width":1904,"height":808,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4NWlEN0E0NUUzQ0M1OTMzRkJC?revision=13\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4NWlEN0E0NUUzQ0M1OTMzRkJC?revision=13","title":"Asaf_Nakash_0-1699347102377.png","associationType":"BODY","width":1122,"height":543,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMzU3N2k2MTU1NjNDMUVENEUwNkEx?revision=13\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMzU3N2k2MTU1NjNDMUVENEUwNkEx?revision=13","title":"MDCTerraformModuleM.gif","associationType":"BODY","width":960,"height":540,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4NGlBQTJDNERDM0QwNDUzQTQz?revision=13\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4NGlBQTJDNERDM0QwNDUzQTQz?revision=13","title":"Asaf_Nakash_1-1699347102379.png","associationType":"BODY","width":277,"height":169,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4Nmk1NDIxMTQ1NjVFRDBBNjFG?revision=13\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4Nmk1NDIxMTQ1NjVFRDBBNjFG?revision=13","title":"Asaf_Nakash_2-1699347102381.png","associationType":"BODY","width":535,"height":521,"altText":null},"BlogTopicMessage:message:3974789":{"__typename":"BlogTopicMessage","subject":"Simplifying Onboarding to Microsoft Defender for Cloud with Terraform","conversation":{"__ref":"Conversation:conversation:3974789"},"id":"message:3974789","revisionNum":13,"uid":3974789,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderCloudBlog"},"author":{"__ref":"User:user:1303763"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Learn how to onboard Microsoft Defender for Cloud with Terraform in a few easy steps using our new Terraform module. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":10163},"postTime":"2023-11-27T11:17:06.807-08:00","lastPublishTime":"2023-11-28T07:05:52.748-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" If you are looking for a way to onboard Microsoft Defender for Cloud (MDC) with Terraform, you are in luck! In this blog post, we will introduce you to a new Terraform module that simplifies and enhances the onboarding experience for MDC in Azure. This module allows you to configure MDC plans for your Azure subscriptions or management groups with just a few lines of code. You will also learn how to use this module in different scenarios, such as onboarding a single subscription, multiple subscriptions, or all subscriptions where you have owner permissions. By the end of this blog post, you will be able to onboard MDC with Terraform in a fast and easy way. Let's get started! \n \n Past Challenges \n In the past, onboarding Microsoft Defender for Cloud via code required interacting with multiple Defender for Cloud ARM APIs. Although many security teams leverage the APIs to onboard Defender for Cloud, Terraform is a preferred tool many use as their infrastructure-as-code (IaC) engine. \n \n The new Terraform Module \n We are excited to introduce a new Terraform module that is now available on the HashiCorp Terraform Registry. The module is specifically designed to streamline the onboarding process in Azure, providing a new and improved onboarding experience with Terraform. This module is easy to use and supports configuration at both the subscription and tenant levels. It enables customers to verify that their security posture is running the correct Defender for Cloud plans, simplifying the process and providing additional oversight over securing their entire environment. \n The new Terraform module is now available on the HashiCorp Terraform Registry. \n \n \n \n \n What advantages does this Terraform module offer? \n \n Unified Experience: This module offers a portal-like experience through code, bringing the familiarity of the Azure portal into your Infrastructure as Code (IaC) workflows. \n Versatility: This module is adaptable to your needs. Whether you are onboarding a single subscription, multiple subscriptions, or all subscriptions where your account has owner permissions, this module has you covered. It even supports onboarding MDC plans for all subscriptions within a specified management group. \n Ease of Use: The module comes with clear instructions and examples. Simply navigate to the specific folder for your scenario (single, chosen, or all subscriptions), execute the terraform apply command, and watch as the module simplifies the process. \n \n \n \n \n \n \n Getting Started \n Requirements: \n \n Terraform: Version >= 1.3 \n Terraform Provider for Azure (AzureRM): Version >= 3.47, but < 4.0 \n \n Steps: \n \n Configure Terraform for Azure using your service principal's credentials. \n Navigate to the specific scenario you want to implement (found in the examples directory). \n \n The module supports the following onboarding types: \n \n Single Subscription: Onboard MDC plans for a single subscription. \n Chosen Subscriptions: Onboard MDC plans for a selected list of subscriptions. \n All Subscriptions: Onboard MDC plans for all subscriptions where your account holds owner permissions. \n Management Group: Onboard MDC plans for all subscriptions within a designated management group. \n \n \n Execute the command within the folder : terraform apply \n For more specific requirements, you can modify the main.tf file in the output directory and then execute terraform apply again. \n \n Remember, you can easily reverse the onboarding using the terraform destroy command or turn off specific plans by modifying the mdc_plans_list variable accordingly. \n \n Contributing and Tests \n We highly encourage community contributions. Before contributing, please ensure you've agreed to our Contributor License Agreement (CLA). We're using Docker image, mcr.microsoft.com/azterraform:latest, to run pre-commit, pr-check, and tests for your convenience. It's super handy to ensure your code meets our pipeline requirements and aligns with our coding standards. \n \n Links \n \n Hashicorp terraform module Azure/mdc-defender-plans-azure \n Source code - GitHub - Azure/terraform-azure-mdc-defender-plans-azure \n \n In Conclusion \n We're confident this will streamline the onboarding experience. Try it out, share your feedback, and let's continue to make cloud security simpler and stronger together \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4464","kudosSumWeight":4,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyOTUwNmk2NkVDMEZCRjcwQUJFMjQ4?revision=13\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4NWlEN0E0NUUzQ0M1OTMzRkJC?revision=13\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMzU3N2k2MTU1NjNDMUVENEUwNkEx?revision=13\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4NGlBQTJDNERDM0QwNDUzQTQz?revision=13\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zOTc0Nzg5LTUyMjc4Nmk1NDIxMTQ1NjVFRDBBNjFG?revision=13\"}"}}],"totalCount":5,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"CachedAsset:text:en_US-components/community/Navbar-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1745505307000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","external-1":"Events","s-m-b":"Nonprofit Community","windows-server":"Windows Server","education-sector":"Education Sector","driving-adoption":"Driving Adoption","Common-content_management-link":"Content Management","microsoft-learn":"Microsoft Learn","s-q-l-server":"Content Management","partner-community":"Microsoft Partner Community","microsoft365":"Microsoft 365","external-9":".NET","external-8":"Teams","external-7":"Github","products-services":"Products","external-6":"Power Platform","communities-1":"Topics","external-5":"Microsoft Security","planner":"Outlook","external-4":"Microsoft 365","external-3":"Dynamics 365","azure":"Azure","healthcare-and-life-sciences":"Healthcare and Life Sciences","external-2":"Azure","microsoft-mechanics":"Microsoft Mechanics","microsoft-learn-1":"Community","external-10":"Learning Room Directory","microsoft-learn-blog":"Blog","windows":"Windows","i-t-ops-talk":"ITOps Talk","external-link-1":"View All","microsoft-securityand-compliance":"Microsoft Security","public-sector":"Public Sector","community-info-center":"Lounge","external-link-2":"View All","microsoft-teams":"Microsoft Teams","external":"Blogs","microsoft-endpoint-manager":"Microsoft Intune","startupsat-microsoft":"Startups at Microsoft","exchange":"Exchange","a-i":"AI and Machine Learning","io-t":"Internet of Things (IoT)","Common-microsoft365-copilot-link":"Microsoft 365 Copilot","outlook":"Microsoft 365 Copilot","external-link":"Community Hubs","communities":"Products"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1745505307000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1745505307000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1745505307000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1745505307000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1745505307000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1745505307000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1745505307000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1745505307000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1745505307000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1745505307000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505307000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1745505307000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1745505307000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1745505307000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1745505307000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1745505307000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1745505307000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1745505307000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1745505307000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1745505307000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1745505307000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1745505307000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-messages-list-for-tag-widget-0":"mostViewed","nodeId":"category:products-services","tagName":"Microsoft Defender for Storage"},"buildId":"YK32GCbhJqbL-HLk4DLXM","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"o365","openTelemetryServiceVersion":"25.3.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/external/components/ExternalComponent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx"],"appGip":true,"scriptLoader":[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1730819800000/analytics.js?page.id=TagPage","strategy":"afterInteractive"}]}