Secure AI by Design Series: Embedding Security and Governance Across the AI Lifecycle
Problem Statement Securing AI in the Age of Generative Intelligence Executive Summary The rapid adoption of Generative AI (GenAI) is transforming industries—unlocking new efficiencies, accelerating innovation, and reshaping how enterprises operate. However, this transformation introduces significant security risks, novel attack surfaces, and regulatory uncertainty. This white paper outlines the key challenges, supported by Microsoft’s public research and guidance, and presents actionable strategies to mitigate risks and build trust in AI systems. The Dual Edge of GenAI While GenAI enhances productivity and decision-making, it also expands the threat landscape. Microsoft identifies key enterprise concerns including data exfiltration, adversarial attacks, and ethical risks associated with AI deployment. Security Risks in GenAI Adoption 2.1 Data Leakage According to Microsoft’s security insights, 80% of business leaders cite data leakage as their top concern when adopting AI. Additionally, 84% of organisations want greater confidence in managing data input into AI applications (https://www.microsoft.com/security/blog/2024/06/18/mitigating-insider-risks-in-the-age-of-ai-with-microsoft-purview/). Microsoft’s white paper on secure AI adoption recommends a four-step strategy: Know your data, Govern your data, Protect your data, and Prevent data loss (Data Security Foundation for Secure AI). 2.2 Prompt Injection & Jailbreaks Microsoft reports that 88% of organizations are concerned about prompt injection attacks—where malicious inputs manipulate AI behavior. These attacks are particularly dangerous in Retrieval-Augmented Generation (RAG) systems. 2.3 Hallucinations & Model Trust Hallucinations—AI-generated false or misleading outputs—pose reputational and operational risks. Microsoft’s Cloud Security Alliance blog highlights the need for robust GenAI models to reduce epistemic uncertainty and maintain trust. 2.4 Regulatory Uncertainty 52% of leaders express uncertainty about how AI is regulated. Microsoft recommends aligning AI security controls with frameworks such as ISO 42001 and the NIST AI Risk Management Framework. Trustworthiness & Governance Imperatives Trust in AI systems is paramount. Microsoft advocates for layered governance and secure orchestration, including real-time monitoring, agent governance, and red teaming (Microsoft Learn: Preventing Data Leakage to Shadow AI). Enterprise Recommendations Secure by Design: Integrate security controls across the AI stack—from model selection to deployment. Use Microsoft Defender for AI, Purview DSPM, and Azure AI Content Safety for threat detection and data protection. Monitor & Mitigate: Employ red teaming and continuous evaluation to simulate adversarial attacks and validate defenses. Align with Regulatory Frameworks: Map AI security controls to ISO 42001, NIST AI RMF, and leverage Microsoft Purview for compliance. Security and risk leaders at companies using GenAI said their top concerns are data security issues, including leakage of sensitive data (~63%), sensitive data being overshared, with users gaining access to data they’re not authorized to view or edit (~60%), and inappropriate use or exposure of personal data (~55%). Other concerns include insight inaccuracy (~43%) and harmful or biased outputs (~41%). In companies that are developing or customizing GenAI apps, security leaders’ concerns were similar but slightly varied. Data leakage along with exfiltration (~60%) and the inappropriate use of personal data (~50%) were again top concerns. But other concerns emerged, including the violation of regulations (~42%), lack of visibility into AI components and vulnerabilities (~42%), and over permissioned access granted to AI apps (~36%). Overall, these concerns can be divided into two categories: Amplified and emerging security risks. Secure AI Guidelines Securing AI by Design is a comprehensive approach that integrates security at every stage of AI system development and deployment. Given the evolving threat landscape of generative AI, organizations must implement robust frameworks, follow best practices, and utilize advanced tools to protect AI models, data, and applications. This blog provides structured guidelines for secure AI, covering emerging risks, defense strategies, and practical implementation scenarios. Introduction: The Need for Secure AI The rapid adoption of AI, especially Generative AI (GenAI), brings transformative benefits but also introduces new security risks and attack surfaces. In recent surveys, 80% of business leaders cited data leakage as a primary AI concern, 55% expressed uncertainty about AI regulations, and 88% worried about AI-specific threats like hallucinations and prompt injection. These statistics underscore that trustworthiness in AI systems is paramount. Microsoft’s approach to AI safety and security is guided by core principles of responsible AI and Zero Trust, ensuring that security, privacy, and compliance are built-in from the ground up. We recognize AI systems can be abused in novel ways, so organizations must be vigilant in embedding security by design, by default, and in operations. This involves both organizational practices (frameworks, policies, training) and technical measures (secure model development lifecycle, threat modeling for AI, continuous monitoring). Key Objectives of Secure AI Guidelines: Understand the AI Threat Landscape: Identify how attackers might target AI workloads (e.g. prompt injections, model theft) and the potential impacts Adopt an AI Security Framework: Implement structured governance aligning with existing standards (e.g. NIST AI RMF, MCSB, Zero Trust) to systematically address identity, data, model, platform, and monitoring aspects Strengthen Defenses (Blue Team): Leverage advanced threat protection and posture management tools (Microsoft Defender for Cloud with AI workload protection, Purview data governance, Entra ID Conditional Access, etc.) to detect and mitigate attacks in real time Anticipate Attacks (Red Team): Conduct adversarial testing of AI (prompt red teaming, adversarial ML simulation) to uncover vulnerabilities before attackers do Integrate AI-Specific Measures: Use AI Shielding (content filters), AI model monitoring for misuse, and continuous risk assessments specialized for AI contexts Contextual Example: Microsoft’s own journey reflects these priorities. From establishing Trustworthy Computing (2002) and publishing the Security Development Lifecycle (2004), to forming a dedicated AI Red Team (2018) and defining AI Failure Mode taxonomies (2019), to developing open-source AI security tools (Counterfit in 2021, PyRIT in 2024), Microsoft has consistently evolved its security practices to address AI risks. This historical commitment – “thinking in decades and executing in quarters” – serves as a model for organizations securing AI systems for the long run. AI Security Threat Landscape and Challenges Generative AI systems introduce unique vulnerabilities beyond traditional IT threats. It’s critical to map out these new risk areas: 2.1 Emerging AI Threats Prompt Injection Attacks (Direct & Indirect): Adversaries can manipulate an AI model’s input prompts to execute unauthorized actions or leak confidential data. A direct prompt injection (UPIA) is when a user intentionally crafts input to override the system’s instructions (akin to a “jailbreak” of the model). Indirect prompt injection (XPIA) involves embedding malicious instructions in content the AI will process unknowingly – for example, hiding an attack in a document that an AI assistant summarizes. Both can lead to harmful outputs or unintended commands, bypassing content filters. These attacks exploit the lack of separation between instructions and data in LLMs Data Leakage & Privacy Risks: AI systems often consume sensitive data. Data oversharing can occur if models inadvertently reveal proprietary information (e.g. including training data in responses). 80% of leaders worry about sensitive data leakage via AI. Additionally, insufficient visibility into AI usage can cause compliance failures if sensitive info flows to unauthorized channels. Ensuring strict data governance and monitoring is essential. Model Theft and Tampering: Trained AI models themselves become targets. Attackers may attempt model extraction (stealing model parameters or behavior by repeated querying) or model evasion, where adversarial inputs cause models to fail at classification or detection tasks. There’s also risk of data poisoning: injecting bad data during model training or fine-tuning to subtly skew the model’s outputs or introduce backdoors. This could degrade reliability or embed hidden triggers in the model. Resource Abuse (Wallet Attacks): Generative AI requires significant compute. Attackers might exploit AI services to run heavy workloads (cryptomining with GPU abuse, a.k.a wallet abuse). This not only incurs cost but can serve as a DoS vector. AI orchestration components (like agent plugins or tools) could also be abused if not securely designed – e.g., a malicious plugin performing unauthorized operations. Hallucinations and Misinformation: While not a malicious attack per se, AI models can produce convincing false outputs (“hallucinations”). Attackers may weaponize this by feeding disinformation and using AI to propagate it. Also, model errors can lead to incorrect business decisions. 55% of leaders lack clarity on AI regulation and safety, highlighting the need for caution around AI-generated content. 2.2 Attack Surfaces in Generative AI GenAI applications incorporate multiple components that expand the traditional attack surface: Natural Language Interface: LLMs process user prompts and any embedded instructions as one sequence, creating opportunities for prompt injections since there’s no explicit separation of code vs data in prompts. High Dependency on Data: Data is the fuel of AI. GenAI apps rely on vast datasets: model training data, fine-tuning data, grounding data for retrieval-augmented generation, etc. Each of these is a potential entry point. Poisoned or corrupted data can compromise model integrity. Also, the outputs (newly generated content) may themselves need protection and classification. Plugins and External Tools: Modern AI assistants often use plugins, APIs, or “skills” to extend capabilities (e.g., web browsing plugin, database query tool). These are additional code modules which, if vulnerable, provide a path for exploitation. Insecure plugin design can allow unauthorized operations or serve as a vector for supply chain attacks. Orchestration & Agents: GenAI solutions often rely on agent orchestrators to determine how to fulfill user requests—this may involve chaining multiple steps such as web searches, API calls, and LLM interactions. However, these orchestrators and agents themselves can be vulnerable to corruption or manipulation. If compromised, they may execute unintended or harmful actions, even when the individual components are secure. A key risk is agents “going rogue,” such as misinterpreting ambiguous instructions or acting on unvalidated external content. This was evident in the Contoso XPIA scenario, where hidden instructions embedded in an email triggered a data leak—highlighting how flawed orchestration logic can be exploited to bypass safeguards. AI Infrastructure: The cloud VMs, containers, or on-prem servers running AI services (like Azure OpenAI endpoints, or ML model hosting) become direct targets. Misconfigurations (like permissive network access, disabled authentication on endpoints) can lead to model hijacking or unauthorized use. We must treat the AI infrastructure with the same rigor as any critical cloud workload, aligning with the Microsoft Cloud Security Benchmark (MCSB) controls. In summary, generative AI’s combination of natural language flexibility, extensive data touchpoints, and complex multi-component workflows means the defensive scope must broaden. Traditional security concerns (like identity, network, OS security) still apply and are joined by AI-specific concerns (prompt misuse, data ethics, model behavior). Microsoft outlines three broad AI Threat Impact Areas to focus defenses: AI Application Security – protecting the app code and logic (e.g., preventing data exfiltration via the UI, securing AI plugin integration). AI Usage Safety & Security – ensuring the outputs and usage of AI meet compliance and ethical standards (mitigating bias, disinformation, harmful content). AI Platform Security – securing the underlying AI models and compute platform (preventing model theft, safeguarding training pipelines, locking down environment). By understanding these threats and surfaces, one can implement targeted controls which we discuss next. Approaches to Secure AI Systems Mitigating AI risks requires a multi-layered approach combining frameworks and governance, secure engineering practices, and modern security tools. Microsoft recommends the following key strategies: 3.1 Security Development Lifecycle (SDL) for AI and Continuous Practices Leverage established secure development best practices, augmented for AI context: Threat Modeling for AI: Extend existing threat modeling (STRIDE, etc.) to consider AI failure modes (e.g., misuse of model output, poisoning scenarios). Microsoft’s AI Threat Modeling guidance (2022) offers templates for identifying risks like fairness and security harms during design. Always ask: How could this AI feature be abused or exploited? Include red team experts early for high-risk features. Secure Engineering Tenets: Microsoft’s 10 Security Practices (part of SDL) remain crucial Establish Security Standards & Metrics Set clear & explicit security rules and ways to measure them for AI systems. This means deciding exactly what you expect your AI to do explicitly (and not do) to keep things safe. Adopting the above in an “AI Secure Development Lifecycle” ensures each AI feature goes through rigorous checks. For instance, before deploying a new LLM feature, run it through internal red team exercises to see if guardrails hold. This aligns with Microsoft’s stance: all high-risk AI must be independently red teamed and approved by a safety board prior to release Align with Responsible AI from the Start: Security for AI is inseparable from an organization’s Responsible AI commitments. These principles must be embedded from the outset—not retrofitted after development. For example, the same mitigation that prevents prompt injection can also reduce the risk of harmful content generation. Microsoft’s Responsible AI principles—Fairness, Reliability & Safety, Privacy & Security, Inclusiveness, Transparency, and Accountability—should be treated as non-negotiable design constraints. Privacy & Security means minimizing personal data in training sets and outputs; Reliability & Safety means implementing robust content filters to avoid unsafe responses. These principles are not just ethical imperatives—they are foundational to building secure, trustworthy AI systems. For a full overview, refer to Microsoft’s official Responsible AI Standard. Secure AI Landing Zone: Treat your AI environment like any cloud infra. Microsoft recommends aligning with the Cloud Security Benchmark (MCSB) and Zero Trust model for AI deployments. This means use network isolation (VNETs/private links) for model endpoints, enforce stringent identity for accessing AI resources (Managed Identities, Conditional Access), and apply data protection (Purview sensitivity labels on training data) from day one. 3.2 AI Red Teaming (‘Attacker’ Perspective Testing) AI Red Teaming is crucial to staying ahead of adversaries. It involves systematically attacking your AI systems to find weaknesses. Historically, red teams did double-blind security exercises on production systems. Now, AI red teaming encompasses a broader range of harms, including bias and safety issues, often in shorter, targeted engagements. Key recommendations: Conduct Regular Red Team Exercises on AI Models: Simulate prompt injection attacks, attempt to extract hidden model prompts or secrets, try known jailbreak tactics (e.g., ASCII art encoding attacks), and test model responses to adversarial inputs. Do this in a controlled environment. Microsoft’s AI Red Team discovered scenarios where models revealed sensitive info under social engineering – such testing is invaluable Leverage External Experts if Needed: The field is evolving; consider engaging specialized AI security researchers or using crowdsourced red teams (with proper safeguards) to test your AI applications under NDA. Also utilize community knowledge like the OWASP Top 10 for LLMs and MITRE ATLAS to guide the red team on likely threat vectors Tooling: Use tools like Counterfit (an automated AI security testing toolkit by Microsoft) to perform attacks such as model evasion and reconnaissance. Microsoft also released PyRIT to help find generative model risks. These ease simulation of attacker techniques (like feeding perturbed inputs to cause misclassification). Additionally, integrate AI-focused fuzzing – automatically generate variations of prompts to see if any slip past filters. Penetration Testing AI-integrated Apps: If your application uses AI outputs in critical workflows (e.g., an AI that summarizes customer emails which then feed into decisions), pen-test the end-to-end flow. For example, test if an attacker’s specially crafted email could trick the AI and consequently the system (the cross-prompt injection scenario). Also test the infrastructure – ensure no route for someone to directly hit the model’s REST endpoint without auth, etc. The goal is to identify and fix issues like: model answering questions it should refuse; model failing to sanitize outputs (potential XSS if output is shown on web); or policies in the AI pipeline not triggering correctly. Findings from red team ops must feed back into training and engineering – e.g., adjust the model with reinforcement learning from human feedback (RLHF) for problematic prompts, strengthen prompt parsing logic, or institute new content filters. 3.3 AI Blue Teaming (Defensive Operations and Tools) On the defense side, organizations should transform their Security Operations Center (SOC) to handle AI-related signals and use AI to their advantage: Monitoring and Threat Detection for AI: Deploy solutions that continuously monitor AI services for malicious patterns. Microsoft Defender for Cloud’s AI workload protection surfaces alerts for issues like “Prompt injection attack detected on Azure OpenAI Service” or “Sensitive data exposure via AI model”. These are generated by analyzing model inputs/outputs and cloud telemetry. For example, Azure AI’s Content Safety system (Prompt Shield) will flag and block some malicious prompts, and those events feed security alerts. Ensure you enable Defender for Cloud threat protection for AI services CSPM for AI workloads to get these signals. Use log analytics to capture AI events: track who is calling your models, what prompts are being sent (with appropriate privacy), and model responses (like error codes for rate limiting or denied content). Unusually high request rates 1q`or many blocked prompts could indicate an ongoing attack attempt. Integrate AI events into your SIEM/XDR. Microsoft Sentinel now includes connectors for Azure OpenAI audit logs and relevant alerts. You can set up Sentinel analytics rules such as: “Multiple failed AI authentications from same IP” or “Sequence: user downloads large training dataset then model queried extensively” – indicating possible data theft or model extraction attempt. Unified Incident View: Use a platform that correlates related alerts from identity, endpoint, Office 365, and cloud – since AI attacks often span domains (e.g., attacker phishes an admin to get access to the AI model keys, then uses those keys to abuse the service). The Microsoft 365 Defender portal does incident correlation: for instance, it can group an Entra ID risky sign-in, a suspicious VM behavior, and a content filter trigger into one incident. This helps focus on the full story of an AI breach attempt. Access Control and Cloud Security Posture: Follow least privilege for all AI resources. Only designate specific Entra ID groups to have access to manage or use the AI services. Use roles appropriately (e.g., training team can submit training jobs but not alter security settings). Implement Conditional Access for AI portals/APIs: e.g., require MFA or trusted device for the developers accessing the model configuration. For unattended access (services calling AI), use managed identities with scoped permissions. Regularly review the attack paths in your cloud environment related to AI services. Microsoft Defender for Cloud’s Attack Path Analysis can reveal if, for example, a compromised VM could lead to an AI key leak (via a path of misconfigurations). It will identify mis-set permissions or exposed secrets that create a chain. Remediate those high-risk paths first, as they represent “immediate value” for an attacker (this aligns with Scenario #2 – demonstrating quick wins by closing glaring attack paths). Network segmentation: If possible, isolate AI training environments from internet access and from production. Use private networking so that only legitimate front-end apps can call the AI inferencing endpoints. This reduces drive-by attacks. Continuous Posture Management: AI systems evolve, so continuously assess compliance. Azure’s AI security posture (in Defender CSPM) will highlight misconfigurations like a storage with training data not having encryption or a model endpoint without diagnostics. Treat those recommendations with priority, as they often prevent incidents. Response and Recovery: Develop incident response plans specifically for AI incidents. For example, Prompt Injection Incident: Steps might include capturing the malicious prompt, identifying which conversations or data it tried to access, assessing if any improper output was given, and adjusting filters or the model’s prompt instructions to prevent recurrence. Or Data Poisoning Incident: If discovered that training data was compromised, have a plan to retrain from backups and tighten contributor vetting. Use Microsoft Sentinel or Defender XDR to automate common responses. Microsoft’s Security Copilot (an AI assistant for SOC) can help investigate multi-stage attacks faster. For instance, given an alert that an admin’s token was leaked and an AI service was accessed, Copilot could summarize all related activities and suggest remedial actions (disable admin, purge model API keys, etc.). Embrace these AI-driven security tools – appropriately governed – as force multipliers in defense. In cloud environments, you can contain compromised AI resources quickly. Example: If a particular model endpoint is being abused, use Defender for Cloud’s workflow automation or Sentinel playbook to automatically isolate that resource (maybe tag it to remove from load balancer, or rotate its credentials) when an alert triggers Backup and recovery: Keep secure backups of critical AI assets – training datasets (with versioning), model binaries, and configuration. If ransomware or sabotage occurs, you can restore the AI’s state. Also ensure the backup process itself is secure (backups encrypted, access logged). AI for Security: As a positive angle, use AI analytics to enhance security. Train anomaly detection on user behavior around AI apps, use machine learning to classify which model queries might be insider threats vs normal usage patterns. Microsoft is integrating AI in Defender – for instance, using OpenAI GPT to analyze threat intelligence or generate remediation steps 📌Part 2 of Secure AI by design series, we will detail and cover the following: Governance: Frameworks and Organizational Measures Secure AI Implementation Best Practices Practical Secure AI Scenarios (Use Cases) ✅Conclusion AI technologies introduce powerful capabilities alongside new security challenges. By proactively embedding security into the design (“secure AI by design”), continuously monitoring and adapting defenses, and aligning with robust frameworks, organizations can harness AI's benefits without compromising on safety or compliance. Key takeaways: Prepare and Prevent: Use structured frameworks and threat models to anticipate attacks. Harden systems by default and reduce the attack surface (e.g., disable unused AI features, enforce least privilege everywhere). Detect and Respond: Invest in AI-aware security tools (Defender for Cloud, Sentinel, Content Safety) and integrate their signals into your SOC workflows. Practice incident response for AI-specific scenarios as diligently as you do for network intrusions. Govern and Assure: Maintain oversight through principles, policies, and external checks. Regular reviews, audits, and updates to controls will keep the AI security posture strong even as AI evolves. Educate and Empower: Security is everyone’s responsibility – train developers, data scientists, and end-users on securely working with AI. Encourage a culture where potential AI risks are flagged and addressed, not ignored. By following the Secure AI Guidelines – balancing innovation with rigorous security – organizations can build trust in their AI systems, protect sensitive data and operations, and meet regulatory obligations. In doing so, they pave the way for AI to be an enabler of business value rather than a source of new vulnerabilities. Microsoft’s comprehensive set of tools and best practices, as outlined in this document, serve as a blueprint to achieve this balance. Adopting these will help ensure that your AI initiatives are not only intelligent and impactful but also secure, resilient, and worthy of stakeholder trust. 🙌 Acknowledgments A special thank you to the following colleagues for their invaluable contributions to this blog post and the solution design: Hiten_Sharma & JadK – EMEA Secure AI Global Black Belt, for co-authoring and providing deep insights, learning and content that shaped the design guidelines and practice. Yuri Diogenes, Dick Lake, Shay Amar, Safeena Begum Lepakshi – Product Group and Engineering PMs from Microsoft Defender for Cloud and Microsoft Purview, for the guidance & review. Your collaboration and expertise made this guidance possible and impactful for our security community.General Availability of on-demand scanning in Defender for Storage
When malware protection was initially introduced in Microsoft Defender for Storage, security administrators gained the ability to safeguard their storage accounts against malicious attacks during blob uploads. This means that any time a blob is uploaded—whether from a web application, server, or user—into an Azure Blob storage account, malware scanning powered by Microsoft Defender Antivirus examines the content for any malicious elements within the blob, including images, documents, zip files and more. 🎉In addition to on-upload malware protection, on-demand malware protection is now generally available in Defender for Storage. This article will focus on the recent general availability release of on-demand scanning, its benefits, and how security administrators can begin utilizing this feature today. 🐞What is on-demand scanning? Unlike on-upload scanning, which is a security feature that automatically scan blobs for malware when they are uploaded or modified in cloud storage environments, on-demand scanning enables security administrators to manually initiate scans of entire storage accounts for malware. This scanning method is particularly beneficial for targeted security inspections, incident response, creating security baselines for specific storage accounts and compliance with regulatory requirements. Scanning all existing blobs in a storage account can be performed via the API and Azure portal user interface. Let's explore some use case scenarios and reasons why an organization might need on-demand scanning. Contoso IT Department has received a budget to enhance the security of their organization following the acquisition of Company Z. Company Z possesses numerous storage accounts containing dormant data that have not undergone malware scanning. To integrate these data blobs into the parent organization, it is essential that they first be scanned for malware. Contoso Health Department is mandated by state law to conduct a scheduled quarterly audit of the storage accounts. This audit ensures data integrity and provides documented assurance of security controls for compliance. It involves verifying that important cloud-hosted documents are secure and free from malware. Contoso Legal Corporation experienced a recent breach where the attacker accessed several storage accounts. Post-breach, Contoso Legal Corporation must assure their stakeholders that the storage accounts are free of malware. 💪Benefits of on-demand scanning On-demand scanning offers numerous advantages that security administrators can leverage to safeguard their cloud storage. This section details some of the primary benefits associated with on-demand scanning. Native scan experience: Malware scanning within Defender for Storage is an agentless solution that requires no additional infrastructure. Security administrators can enable malware protection easily and observe its benefits immediately. Respond to security events: Immediately scan storage accounts when security alerts or suspicious activities are detected. Security audits and maintenance: Performing on-demand scans is crucial during security audits or routine system maintenance to ensure that all potential issues are identified and addressed. Latest malware signatures: On-demand scanning ensures that the most recent malware signatures are utilized. Blobs that may have previously evaded detection by previous malware scans can be identified during a manual scan. 🫰On-demand scanning cost estimation Organizations frequently possess extensive amounts of data and require scanning for malware due to various security considerations. A lack of understanding regarding the precise cost of this operation can hinder security leaders from effectively safeguarding their organization. To address this issue, Defender for Storage offers an integrated cost estimation tool within the Azure portal user interface for on-demand scanning. This new UI will display the size of the blob storage and provide estimated costs for scans based on the volume of data. Access to this crucial information facilitates budgeting processes. 🤔On-upload or on-demand scanning In the current configuration of malware protection within Defender for Storage, it is required to have on-upload malware scanning enabled to use the on-demand functionality. On-demand scanning is offered as an additional option. On-upload scanning ensures that incoming blobs are free from malware, while on-demand scanning provides malware baselines and verifies blob health using the latest malware signatures. On-upload and on-demand scanning have distinct triggers. On-upload scanning is automatically performed when new blobs are uploaded to a blob-based storage account, whereas on-demand scanning is manually triggered by a user or an API call. On-demand scanning can also be initiated by workflow automation, such as using a logic app within Azure for scheduled scans. 👟Start scanning your blobs with on-demand scanning Prerequisites Malware protection in Defender for Storage is exclusively available in the per-storage account plan. If your organization is still using the classic Defender for Storage plan, we highly recommend upgrading to take advantage of the full range of security benefits and the latest features. To get started with this agentless solution, please look at the prerequisites in our public documentation here. Test on-demand Malware Scanning Within the Microsoft Defender for Cloud Ninja Training available on GitHub, security administrators can utilize Exercise 12: Test On-demand Malware Scanning in Module 19. The exercise includes detailed instructions and screenshots for testing on-demand malware scanning. This test can be performed using the Azure Portal User Interface or API. Best Practices To maximize the effectiveness of on-demand malware scanning in Microsoft Defender for Storage, please take a look at the best practices that are outlined in our public documentation here. 📖 Conclusion In this article we have explored the newly available on-demand scanning feature in Defender for Storage, which complements existing on-upload scanning capabilities by allowing security administrators to manually initiate malware scans for storage accounts. This feature is particularly useful for targeted security checks, incident response, creating security baseline for storage accounts and compliance audits. Additionally, Defender for Storage includes a built-in cost estimation tool to help organizations budget for on-demand scanning based on their data volume. ⚙️Additional Resources Defender for Storage Malware Protection Overview On-demand malware protection in Defender for Storage On-upload malware protection in Defender for Storage We want to hear from you! Please take a moment to fill out this survey to provide direct feedback to the Defender for Storage engineering team.
Protecting Your Azure Key Vault: Why Azure RBAC Is Critical for Security
Introduction In today’s cloud-centric landscape, misconfigured access controls remain one of the most critical weaknesses in the cyber kill chain. When access policies are overly permissive, they create opportunities for adversaries to gain unauthorized access to sensitive secrets, keys, and certificates. These credentials can be leveraged for lateral movement, privilege escalation, and establishing persistent footholds across cloud environments. A compromised Azure Key Vault doesn’t just expose isolated assets it can act as a pivot point to breach broader Azure resources, potentially leading to widespread security incidents, data exfiltration, and regulatory compliance failures. Without granular permissioning and centralized access governance, organizations face elevated risks of supply chain compromise, ransomware propagation, and significant operational disruption. The Role of Azure Key Vault in Security Azure Key Vault plays a crucial role in securely storing and managing sensitive information, making it a prime target for attackers. Effective access control is essential to prevent unauthorized access, maintain compliance, and ensure operational efficiency. Historically, Azure Key Vault used Access Policies for managing permissions. However, Azure Role-Based Access Control (RBAC) has emerged as the recommended and more secure approach. RBAC provides granular permissions, centralized management, and improved security, significantly reducing risks associated with misconfigurations and privilege misuse. In this blog, we’ll highlight the security risks of a misconfigured key vault, explain why RBAC is superior to legacy Access Policies and provide RBAC best practices, and how to migrate from access policies to RBAC. Security Risks of Misconfigured Azure Key Vault Access Overexposed Key Vaults create significant security vulnerabilities, including: Unauthorized access to API tokens, database credentials, and encryption keys. Compromise of dependent Azure services such as Virtual Machines, App Services, Storage Accounts, and Azure SQL databases. Privilege escalation via managed identity tokens, enabling further attacks within your environment. Indirect permission inheritance through Azure AD (AAD) group memberships, making it harder to track and control access. Nested AAD group access, which increases the risk of unintended privilege propagation and complicates auditing and governance. Consider this real-world example of the risks posed by overly permissive access policies: A global fintech company suffered a severe breach due to an overly permissive Key Vault configuration, including public network access and excessive permissions via legacy access policies. Attackers accessed sensitive Azure SQL databases, achieved lateral movement across resources, and escalated privileges using embedded tokens. The critical lesson: protect Key Vaults using strict RBAC permissions, network restrictions, and continuous security monitoring. Why Azure RBAC is Superior to Legacy Access Policies Azure RBAC enables centralized, scalable, and auditable access management. It integrates with Microsoft Entra, supports hierarchical role assignments, and works seamlessly with advanced security controls like Conditional Access and Defender for Cloud. Access Policies, on the other hand, were designed for simpler, resource-specific use cases and lack the flexibility and control required for modern cloud environments. For a deeper comparison, see Azure RBAC vs. access policies. Best Practices for Implementing Azure RBAC with Azure Key Vault To effectively secure your Key Vault, follow these RBAC best practices: Use Managed Identities: Eliminate secrets by authenticating applications through Microsoft Entra. Enforce Least Privilege: Precisely control permissions, granting each user or application only minimal required access. Centralize and Scale Role Management: Assign roles at subscription or resource group levels to reduce complexity and improve manageability. Leverage Privileged Identity Management (PIM): Implement just-in-time, temporary access for high-privilege roles. Regularly Audit Permissions: Periodically review and prune RBAC role assignments. Detailed Microsoft Entra logging enhances auditability and simplifies compliance reporting. Integrate Security Controls: Strengthen RBAC by integrating with Microsoft Entra Conditional Access, Defender for Cloud, and Azure Policy. For more on the Azure RBAC features specific to AKV, see the Azure Key Vault RBAC Guide. For a comprehensive security checklist, see Secure your Azure Key Vault. Migrating from Access Policies to RBAC To transition your Key Vault from legacy access policies to RBAC, follow these steps: Prepare: Confirm you have the necessary administrative permissions and gather an inventory of applications and users accessing the vault. Conduct inventory: Document all current access policies, including the specific permissions granted to each identity. Assign RBAC Roles: Map each identity to an appropriate RBAC role (e.g., Reader, Contributor, Administrator) based on the principle of least privilege. Enable RBAC: Switch the Key Vault to the RBAC authorization model. Validate: Test all application and user access paths to ensure nothing is inadvertently broken. Monitor: Implement monitoring and alerting to detect and respond to access issues or misconfigurations. For detailed, step-by-step instructions—including examples in CLI and PowerShell—see Migrate from access policies to RBAC. Conclusion Now is the time to modernize access control strategies. Adopting Role-Based Access Control (RBAC) not only eliminates configuration drift and overly broad permissions but also enhances operational efficiency and strengthens your defense against evolving threat landscapes. Transitioning to RBAC is a proactive step toward building a resilient and future-ready security framework for your Azure environment. Overexposed Azure Key Vaults aren’t just isolated risks — they act as breach multipliers. Treat them as Tier-0 assets, on par with domain controllers and enterprise credential stores. Protecting them requires the same level of rigor and strategic prioritization. By enforcing network segmentation, applying least-privilege access through RBAC, and integrating continuous monitoring, organizations can dramatically reduce the blast radius of a potential compromise and ensure stronger containment in the face of advanced threats. Want to learn more? Explore Microsoft's RBAC Documentation for additional details.Agentless code scanning for GitHub and Azure DevOps (preview)
🚀 Start free preview ▶️ Watch a video on agentless code scanning Most security teams want to shift left. But for many developers, "shift left" sounds like "shift pain". Coordination. YAML edits with extra pipeline steps. Build slowdowns. More friction while they're trying to go fast. 🪛 Pipeline friction YAML edits with extra steps ⏱️ Build slowdowns More friction, less speed 🧩 Complex coordination Too many moving parts That's the tension we wanted to solve. With agentless code scanning in Defender for Cloud, you get broad visibility into code and infrastructure risks across GitHub and Azure DevOps - without touching your CI/CD pipelines or installing anything. ✨ Just connect your environment. We handle the rest. Already in preview, here's what's new Agentless code scanning was released in November 2024, and we're expanding the preview with capabilities to make it more actionable, customizable, and scalable: ✅ GitHub & Azure DevOps Connect your GitHub org and scan every repository automatically 🎯 Scoping controls Choose exactly which orgs, projects, and repos to scan 🔍 Scanner selection Enable code scanning, IaC scanning, or both 🧰 UI and REST API Manage at scale, programmatically or in-portal or Cloud portal 🎁 Available for free during the preview under Defender CSPM How agentless code scanning works Agentless code scanning runs entirely outside your pipelines. Once a connector has been created, Defender for Cloud automatically discovers your repositories, pulls the latest code, scans for security issues, and publishes findings as security recommendations - every day. Here's the flow: 1 Discover Repositories in GitHub or Azure DevOps are discovered using a built-in connector. 2 Retrieve The latest commit from the default branch is pulled immediately, then re-scanned daily. 3 Analyze Built-in scanners run in our environment: Code Scanning – looks for insecure patterns, bad crypto, and unsafe functions (e.g., `pickle.loads`, `eval()`) using Bandit and ESLint. Infrastructure as Code (IaC) – detects misconfigurations in Terraform, Bicep, ARM templates, CloudFormation, Kubernetes manifests, Dockerfiles, and more using Checkov and Template Analyzer. 4 Publish Findings appear as Security recommendations in Defender for Cloud, with full context: file path, line number, rule ID, and guidance to fix. Get started in under a minute 1 In Defender for Cloud, go to Environment settings → DevOps Security 2 Add a connector: Azure DevOps – requires Azure Security Admin and ADO Project Collection Admin GitHub – requires Azure Security Admin and GitHub Org Owner to install the Microsoft Security DevOps app 3 Choose your scanning scope and scanners 4 Click Save – and we'll run the first scan immediately s than a minute No pipeline configuration. No agent installed. No developer effort. Do I still need in-pipeline scanning? Short answer: yes - if you want depth and speed in the development workflow. Agentless scanning gives you fast, wide coverage. But Defender for Cloud also supports in-pipeline scanning using Microsoft Security DevOps (MSDO) command line application for Azure DevOps or GitHub Action. Each method has its own strengths. Here's how to think about when to use which - and why many teams choose both: When to use... ☁️ Agentless Scanning 🏗️ In-Pipeline Scanning Visibility Quickly assess all repos at org-level Scans and enforce every PR and commit Setup Requires only a connector Requires pipeline (YAML) edits Dev experience No impact on build time Inline feedback inside PRs and builds Granularity Repo-level control with code and IaC scanners Fine-tuned control per tool or branch Depth Default branch scans, no build context Full build artifact, container, and dependency scanning 💡 Best practice: start broad with agentless. Go deeper with in-pipeline scans where "break the build" makes sense. Already using GitHub Advanced Security (GHAS)? GitHub Advanced Security (GHAS) includes built-in scanning for secrets, CodeQL, and open-source dependencies - directly in GitHub and Azure DevOps. You don't need to choose. Defender for Cloud complements GHAS by: Surfaces GHAS findings inside Defender for Cloud's Security recommendations Adds broader context across code, infrastructure, and identity Requires no extra setup - findings flow in through the connector You get centralized visibility, even if your teams are split across tools. One console. Full picture. Core scenarios you can tackle today 🛡️ Catch IaC misconfigurations early Scan for critical misconfigurations in Terraform, ARM, Bicep, Dockerfiles, and Kubernetes manifests. Flag issues like public storage access or open network rules before they're deployed. 🎯 Bring code risk into context All findings appear in the same portal you use for VM and container security. No more jumping between tools - triage issues by risk, drill into the affected repository and file, and route them to the right owner. 🔍 Focus on what matters Customize which scanners run and where. Continuously scan production repositories. Skip forks. Run scoped PoCs. Keep pace as repositories grow - new ones are auto-discovered. What you'll see - and where All detected security issues show up as security recommendations in the recommendations and DevOps Security blades in Defender for Cloud. Every recommendation includes: ✅ Affected repository, branch, file path, and line number 🛠️ The scanner that found it 💡 Clear guidance to fix What's next We're not stopping here. These are already in development: 🔐 Secret scanning Identify leaked credentials alongside code and IaC findings 📦 Dependency scanning Open-source dependency scanning (SCA) 🌿 Multi-branch support Scan protected and non-default branches Follow updates in our Tech Community and release notes. Try it now - and help us shape what comes next Connect GitHub or Azure DevOps to Defender for Cloud (free during preview) and enable agentless code scanning View your discovered DevOps resources in the Inventory or DevOps Security blades Enable scanning and review recommendations Microsoft Defender for Cloud → Recommendations Shift left without slowing down. Start scanning smarter with agentless code scanning today. Helpful resources to learn more Learn more in the Defender for Cloud in the Field episode on agentless code scanning Overview of Microsoft Defender for Cloud DevOps security Agentless code scanning - configuration, capabilities, and limitations Set up in-pipeline scanning in: Azure DevOps GitHub action Other CI/CD pipeline tools (Jenkins, BitBucket Pipelines, Google Cloud Build, Bamboo, CircleCI, and more)Microsoft Defender for Cloud Adds Four New Regulatory Frameworks
As organizations accelerate their digital transformation and embrace artificial intelligence (AI) across industries, the regulatory landscape is evolving just as rapidly. From financial resilience to responsible AI governance, enterprises are under increasing pressure to demonstrate compliance with a growing number of global standards across multiple cloud platforms. At Microsoft, we are committed to helping customers meet these challenges with integrated, scalable, and intelligent security solutions. Today, we’re excited to announce the public preview of four new regulatory frameworks in Microsoft Defender for Cloud. These frameworks are now available across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), further expanding our multicloud compliance capabilities. What’s New in Public Preview The following regulatory frameworks are now supported in Microsoft Defender for Cloud: Digital Operational Resilience Act (DORA) European Union Artificial Intelligence Act (EU AI Act) Korean Information Security Management System for Public Cloud (k-ISMS-P) Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark v3.0 Each of these frameworks addresses a critical area of modern cloud security and compliance. Let’s explore what they are, why they matter, and how Defender for Cloud helps you stay ahead. Digital Operational Resilience Act (DORA) The Digital Operational Resilience Act is a groundbreaking regulation from the European Union aimed at strengthening the digital resilience of financial institutions. DORA applies to a wide range of financial entities, including banks, insurance companies, investment firms, and third-party ICT providers, and mandates that these organizations can withstand, respond to, and recover from all types of ICT-related disruptions and threats. Why DORA Matters In today’s interconnected financial ecosystem, operational disruptions can have cascading effects across markets and geographies. DORA introduces a unified regulatory framework that emphasizes: Rigorous ICT risk management Incident reporting and response Digital operational resilience testing Oversight of third-party ICT service providers With Defender for Cloud, organizations can now assess their compliance posture against DORA requirements, identify gaps, and implement recommended controls across Azure, AWS, and GCP. This helps financial institutions not only meet regulatory obligations but also build a more resilient digital infrastructure. European Union Artificial Intelligence Act (EU AI Act) The EU AI Act is the world’s first comprehensive legal framework for artificial intelligence. It introduces a risk-based classification system for AI systems, ranging from minimal to unacceptable risk, and imposes strict obligations on providers and users of high-risk AI applications. Why the EU AI Act Matters As AI becomes embedded in critical decision-making processes—from healthcare diagnostics to financial services, governments and regulators are stepping in to ensure these systems are safe, transparent, and accountable. The EU AI Act focuses on: Risk classification and governance Data quality and transparency Human oversight and accountability Robust documentation and monitoring Defender for Cloud now enables organizations to monitor AI workloads and evaluate their compliance posture under the EU AI Act. This includes mapping security controls to regulatory requirements and surfacing actionable recommendations to reduce risk. By integrating AI governance into your cloud security strategy, you can innovate responsibly and build trust with customers and regulators alike. Korean Information Security Management System for Public Cloud (k-ISMS-P) The k-ISMS-P is a South Korean regulatory standard that integrates personal information protection and information security management for public cloud services. It is a mandatory certification for cloud service providers and enterprises handling sensitive data in South Korea. Why k-ISMS-P Matters As cloud adoption grows in South Korea, so does the need for robust compliance frameworks that protect personal and organizational data. The k-ISMS-P standard covers: Organizational and technical security controls Personal data lifecycle management Incident response and audit readiness Defender for Cloud now supports k-ISMS-P, enabling organizations to assess their compliance posture and prepare for audits with confidence. This is especially valuable for multinational companies operating in or partnering with South Korean entities. CIS Microsoft Azure Foundations Benchmark v3.0 The Center for Internet Security (CIS) Azure Foundations Benchmark is a widely adopted set of best practices for securing Microsoft Azure environments. Version 3.0 introduces updated recommendations that reflect the latest cloud security trends and technologies. Why CIS v3.0 Matters Security benchmarks like CIS provide a foundational layer of protection that helps organizations reduce risk and improve their security posture. Key updates in version 3.0 include: Enhanced identity and access management controls Improved logging and monitoring configurations Updated recommendations for storage, networking, and compute Defender for Cloud now supports CIS Azure Foundations Benchmark v3.0, offering automated assessments and remediation guidance. This helps security teams stay aligned with industry standards and continuously improve their cloud security hygiene. Unified Compliance Across Multicloud Environments With the addition of these four frameworks, Microsoft Defender for Cloud now supports an extensive library of regulatory standards and benchmarks across Azure, AWS, and GCP. This multicloud support is critical for organizations operating in hybrid environments or managing complex supply chains. The Regulatory Compliance dashboard in Defender for Cloud provides a centralized view of your compliance posture, complete with: Framework-specific control mapping Assessments and scoring Actionable recommendations and remediation steps Integration with Microsoft Purview and Microsoft Entra for unified governance Get Started Today These new frameworks are available in public preview and can be enabled directly from the Microsoft Defender for Cloud portal. To get started: Navigate to the Regulatory Compliance blade. Select Manage compliance standards. Select an account or management account (Azure subscription or management group, AWS account or management account, GCP project or organization) to assign the security standard. Select Security policies. Locate the standard you want to enable and toggle the status to On. Review your compliance posture and implement recommended actions. For more information, visit our documentation. By expanding our regulatory coverage, we’re helping customers stay ahead of compliance requirements, reduce risk, and build trust in a rapidly evolving digital world. Whether you’re navigating AI governance, financial resilience, or regional data protection laws, Microsoft Defender for Cloud is here to support your journey.
Protecting Cloud Storage in the Age of AI
Introduction In the age of AI, cloud storage isn’t just infrastructure, it’s the foundation of innovation. Generative AI models rely on massive datasets for grounding, model training and fine-tuning, many containing sensitive or proprietary data. If compromised, the damage can be severe: IP theft, privacy violations, or even model poisoning. What comes with the importance is the risks of being compromised: 70% of organizations found hidden sensitive data during audits. 78% struggle with compliance, especially with growing AI and data regulations. 47% have faced malware in storage, costing $2.3M on average per breach. In this blog, we’ll explore how Defender for Cloud helps to safeguard customer’s most valuable data by helping them to start secure and stay secure. The museum metaphor: Imagine your cloud storage as a high-tech museum, housing priceless artifacts—your sensitive data, customer records, and AI training sets. Like any museum, protecting what’s inside requires strong defenses from day one and ongoing vigilance. To protect your important artifacts, you should Start secure by preventing risks before the doors open. You’ll need to lock every entry point, position security cameras, and test alarms. Fix misconfigurations, close access gaps, and identify exposed data early—before attackers can. Stay secure with continuous monitoring. Consider how museums never stop watching. Security systems run 24/7, and staff respond to suspicious activity. In the same way, you need to detect threats in real time, enforce policies, and block malicious actions and malware—like someone trying to upload poisonous data into your AI pipeline. Whether you’re storing business-critical data or fueling innovation with AI, you will need to protect your data like it belongs in a vault. In the same way, Microsoft Defender for Cloud Storage Security helps Azure storage customers to start secure and stay secure when it comes to protecting their cloud storage. Start secure – proactively reduce storage risks The first step of “start secure" is enabling security. It’s important to have native integrations with existing storage infrastructure for effective security. Defender for Cloud provides seamless integration with Azure Storage, allowing one-click enablement and reducing operational overhead. After enabling security, it's important to identify and address risks. Defender for Cloud offers prioritized recommendations to detect and fix storage posture issues by integrating with various cloud providers. It identifies misconfigurations like shadow data, network weaknesses, and excessive access, providing clear remediation steps and guidance for administrators. However, it is not enough to understand where the risks are, without risk prioritization, security admins can get overwhelmed by the number of recommendations. Defender for Cloud's Attack Path Analysis feature offers a comprehensive understanding of the attack surface by simulating potential attack paths. This helps organizations identify and prioritize potential vulnerabilities and misconfigurations in their cloud environment that could be exploited by attackers. By proactively addressing these weaknesses, organizations can significantly reduce their attack surface and minimize the risk of breaches. For example, Defender for Cloud can identify an internet-exposed VM with a high-severity vulnerability that has access to a storage account containing sensitive data. Without proper remediation, attackers can exploit this chain of posture issues to infiltrate the sensitive data. Stay secure – detect and responds to storage threats On top of helping storage accounts to start secure by managing security posture and reducing risks, keeping storage accounts secure requires continuous monitoring for threats and preventing malware in cloud storage. This is where we need to introduce the idea of the control plane and data plane of cloud storage. The control plane governs management operations like creating or deleting storage accounts, setting access policies, and configuring diagnostics—typically via ARM endpoints. The data plane, on the other hand, handles the actual read/write operations on blobs, files, and queues—often using SAS tokens or access keys. This is where the majority of Azure Storage traffic flows, and it’s also where many traditional security tools fall short. While most storage security solutions in the market focus on control plane activities like blob creation or deletion, the data plane— where over 67% of Azure Storage traffic happens— handles most operations and often goes unmonitored. Attackers can access the data plane directly with keys or tokens, which many security teams overlook. Defender for Cloud addresses this by analyzing data plane logs and alerting suspicious activity, such as token leaks, lateral movements, or insider threats. Additionally, Defender for Cloud offers ongoing monitoring and sensitive data discovery to detect and prevent breaches involving unauthorized access, exfiltration, or corruption of information in Azure Blob Storage. All of these threat insights are directly available for investigation in the Defender XDR portal. Keeping storage account malware free As discussed above, “stay secure” has two aspects to it, threat detection and response and malware protection. Malware Scanning allows organizations to detect and prevent polymorphic and metamorphic malware distribution events with content scanning upon upload or on-demand using Microsoft Defender Antivirus technologies. If a malicious file is found, access to the file can be blocked and the scan result will automatically trigger a security alert in Defender for Cloud. Common use cases for storage security: Based on above features, let’s look into common industry use case for Storage security. 1. Protect sensitive data in AI applications Industries: Generative AI platforms, customer service providers, Personas: AI architects, infrastructure admins Pain Points: Growing threat landscape targeting sensitive data Over-permissive access configurations Difficulty identifying high-priority assets to monitor Solution: Defender for Cloud helps organizations secure storage accounts holding sensitive data by providing robust posture management. It continuously assesses configurations, highlights risks, and enables teams to prioritize critical storage resources. When integrated with Microsoft Defender XDR, it extends protection with threat detection and response capabilities—alerting security operational teams to malware presence and enabling rapid investigation and remediation. 2. prevent malware from spreading through file uploads Industries: Customer service, healthcare, data-driven applications with file upload pipelines Personas: SOC analysts, infrastructure admins, Security admins Pain Points: Risk of malware in customer-uploaded files Compliance pressure and industry mandates for data hygiene Slow or manual malware detection and response processes Solution: Defender for Cloud’s malware scanning proactively detects malicious content in uploaded files before it can spread across systems. Using fast, sampling-based scanning, security teams receive results quickly—helping them reduce time to remediation and automate responses. This improves compliance readiness and strengthens overall data hygiene for customer-facing environments. Learn more about Defender for Cloud storage security: Microsoft Defender for Cloud | Microsoft Security Start a free Azure trial. Read more about Microsoft Defender for Cloud Storage Security here.Optimizing Resource Allocation with Microsoft Defender CSPM
This article is part of our series on “Strategy to Execution: Operationalizing Microsoft Defender CSPM.” If you’re new to the series, or want broader strategic context, begin with our main overview article, then explore Article 1, Article 2, and Article 3 for details on risk identification, compliance, and DevSecOps workflows. Introduction Organizations today face an array of challenges in their cloud security efforts, ever-growing multicloud infrastructures, finite budgets, and evolving threat landscapes. Effectively allocating limited resources is critical: security teams must prioritize the vulnerabilities posing the highest risk while avoiding spending precious time and money on lower-priority issues. Defender CSPM (Cloud Security Posture Management) provides a data-driven approach to this problem. By continuously analyzing the security posture across Azure, AWS, and GCP, Defender CSPM calculates risk scores based on factors such as business impact, exposure, and potential exploitability. Armed with these insights, security teams can make informed decisions about where to focus resources, maximizing impact and reducing their overall risk. In this fourth, and last article of our series, we’ll examine how to operationalize resource allocation with Defender CSPM. We’ll discuss the common allocation challenges, explain how CSPM’s risk-based prioritization helps address them, and provide practical steps to implement an effective allocation strategy. Why Resource Allocation Matters in Multicloud Security Resource allocation is critical in multicloud security because securing environments that span multiple cloud providers introduces unique challenges that require careful planning. Before you can decide where to invest your time, budget, and headcount, you need to understand the hurdles that make multicloud allocation especially tough: Overwhelming Volume of Vulnerabilities Modern cloud environments are common with potential vulnerabilities. Multicloud setups compound this challenge by introducing platform-specific risks. Without a clear prioritization method, teams risk tackling too many issues at once, often leaving truly critical threats under-addressed. Competing Priorities Across Teams Security, DevOps, and IT teams frequently have diverging goals. Security may emphasize high-risk vulnerabilities, while DevOps focuses on uptime and rapid releases. Aligning everyone on which vulnerabilities matter most ensures strategic clarity and reduces internal friction. Limited Budgets and Skilled Personnel Constrained cybersecurity budgets and headcount force tough decisions about which fixes or upgrades to fund. By focusing on vulnerabilities that present the highest risk to the business, organizations can make the most of available resources. Lack of Centralized Visibility Monitoring and correlating vulnerabilities across multiple cloud providers can be time-intensive and fragmented. Without a unified view, it’s easy to miss critical issues or duplicate remediation efforts, both of which squander limited resources. How Defender CSPM Enables Risk-Based Resource Allocation To address the complex task of resource allocation in sprawling, multicloud estates, security teams need more than raw vulnerability data, they need a system that continually filters, enriches, and ranks findings by real-world impact. Microsoft Defender CSPM equips security teams with automated, prioritized insights and unified visibility. It brings together telemetry from Azure, AWS, and GCP, applies advanced analytics to assess which weaknesses pose the greatest danger, and then packages those insights into clear, actionable priorities. The following capabilities form the backbone of a risk-based allocation strategy: Risk Scoring and Prioritization Defender CSPM continuously evaluates vulnerabilities and security weaknesses, assigning each one a risk score informed by: Business Impact – How vital a resource or application is to daily operations. Exposure – Whether a resource is publicly accessible or holds sensitive data. Exploitability – Contextual factors (configuration, known exploits, network paths) that heighten or lower a vulnerability’s real-world risk. This approach ensures that resources, time, budget, and staff are channeled toward the issues that most endanger the organization. Centralized Visibility Across Clouds Multicloud support means you can view vulnerabilities across Azure, AWS, and GCP in a single pane of glass. This unified perspective helps teams avoid duplicative efforts and ensures each high-risk finding is appropriately addressed, no matter the platform. Automated, Context-Aware Insights Manual vulnerability evaluations are time-consuming and prone to oversight. Defender CSPM automates the risk-scoring process, updating risk levels as new vulnerabilities arise or resources change, so teams can act promptly on the most critical gaps. Tailored Remediation Guidance In addition to highlighting high-risk issues, Defender CSPM provides recommended steps to fix them, such as applying patches, adjusting access controls, or reconfiguring cloud resources. Having guided instructions accelerates remediation efforts and reduces the potential for human error. Step-by-Step: Operationalizing Resource Allocation with Defender CSPM Below is a practical workflow integrating both the strategic and operational aspects of allocating resources effectively. Step 1: Build a Risk Assessment Framework Identify Business-Critical Assets Collaborate with business leaders, application owners, and architects to label high-priority workloads (e.g., production apps, data stores with customer information). Use resource tagging (Azure tags, AWS tags, GCP labels) to systematically mark essential resources. Align Defender CSPM’s Risk Scoring with Business Impact Customize Defender CSPM’s scoring model to reflect your organization’s unique risk tolerance. Set up periodic risk-scoring workshops with security, compliance, and business stakeholders to keep definitions current. Categorize Vulnerabilities Group vulnerabilities into critical, high, medium, or low, based on the assigned risk score. Establish remediation SLAs for each severity level (e.g., 24-48 hours for critical; 7-14 days for medium). Step 2: Allocate Budgets and Personnel Based on Risk Prioritize Funding for High-Risk Issues Work with finance or procurement to ensure the biggest threats receive adequate budget. This may cover additional tooling, specialized consulting, or staff training. If a public-facing resource with sensitive data is flagged, you might immediately allocate budget for patching or additional third-party security review. Track Resource Utilization Monitor how much time and money go into specific vulnerabilities. Overinvesting in less severe issues can starve critical areas of necessary attention. Use dashboards in Power BI or similar tools to visualize resource allocation versus risk impact. Define Clear SLAs Set more aggressive SLAs for higher-risk items. For instance, fix critical vulnerabilities within 24-48 hours to minimize dwell time. Align your ticketing system (e.g., ServiceNow, Jira) with Defender CSPM so each newly discovered high-risk vulnerability automatically flags an urgent ticket. Step 3: Continuously Track Metrics and Improve Mean Time to Remediate (MTTR) Monitor how long it takes to fix vulnerabilities after they’re identified. Strive for a shorter MTTR on top-priority issues. Reduction in Risk Exposure Track how many high-priority vulnerabilities are resolved over time. A downward trend indicates effective remediation. Re-assess risk after major remediation efforts; scores should reflect newly reduced exposure. Resource Utilization Efficiency Compare security spending or labor hours to actual risk reduction outcomes. If you’re using valuable resources on low-impact tasks, reallocate them. Evaluate whether your investments, tools, staff, or specialized training, are paying off in measurable risk reduction. Compliance Improvement For organizations under regulations like HIPAA or PCI-DSS, measure compliance posture. Defender CSPM can highlight policy violations and track improvement over time. Benchmark Against Industry Standards Compare your results (MTTR, risk exposure, compliance posture) against sector-specific benchmarks. Adjust resource allocation strategies if you’re lagging behind peers. Strategic Benefits of a Risk-Based Approach Maximized ROI By focusing on truly critical issues, you’ll see faster, more tangible reductions in risk for each security dollar spent. Faster Remediation of High-Risk Vulnerabilities With Defender CSPM’s clear rankings, teams know which issues to fix first, minimizing exposure windows for the worst threats. Improved Collaboration Providing a transparent, data-driven explanation for why certain vulnerabilities get priority eases friction between security, DevOps, and operations teams. Scalable for Growth As you add cloud workloads, CSPM’s automated scoring scales with you. You’ll always have an updated queue of the most urgent vulnerabilities to tackle. Stronger Risk Management Posture Continuously focusing on top risks aligns security investments with business goals and helps maintain compliance with evolving standards and regulations. Conclusion Resource allocation is a central concern for any organization striving to maintain robust cloud security. Microsoft Defender for Cloud’s CSPM makes these decisions more straightforward by automatically scoring vulnerabilities according to impact, exposure, and other contextual factors. Security teams can thus prioritize their limited budgets, personnel, and time for maximum effect, reducing the window of exposure and minimizing the likelihood of critical breaches. By following the steps outlined here, building a risk assessment framework, allocating resources proportionally to risk severity, and monitoring metrics to drive continuous improvement, you can ensure your security program remains agile and cost-effective. In doing so, you’ll align cybersecurity investments with broader business objectives, ultimately delivering measurable risk reduction in today’s dynamic, multicloud environment. Microsoft Defender for Cloud - Additional Resources Strategy to Execution: Operationalizing Microsoft Defender CSPM Considerations for risk identification and prioritization in Defender for Cloud Strengthening Cloud Compliance and Governance with Microsoft Defender CSPM Integrating Security into DevOps Workflows with Microsoft Defender CSPM Download the new Microsoft CNAPP eBook at aka.ms/MSCNAPP Become a Defender for Cloud Ninja by taking the assessment at aka.ms/MDCNinja Reviewers Yuri Diogenes, Principal PM Manager, CxE Defender for Cloud
From visibility to action: The power of cloud detection and response
Cloud attacks aren’t just growing—they’re evolving at a pace that outstrips traditional security measures. Today’s attackers aren’t just knocking at the door—they’re sneaking through cracks in the system, exploiting misconfigurations, hijacking identity permissions, and targeting overlooked vulnerabilities. While organizations have invested in preventive measures like vulnerability management and runtime workload protection, these tools alone are no longer enough to stop sophisticated cloud threats. The reality is: security isn’t just about blocking threats from the start—it’s about detecting, investigating, and responding to them as they move through the cloud environment. By continuously correlating data across cloud services, cloud detection and response (CDR) solutions empower security operations centers (SOCs) with cloud context, insights, and tools to detect and respond to threats before they escalate. However, to understand CDR’s role in the broader cloud security landscape, let’s first understand how it evolved from traditional approaches like cloud workload protection (CWP). The natural progression: From protecting workloads to correlating cloud threats In today’s multi-cloud world, securing individual workloads is no longer enough—organizations need a broader security strategy. Microsoft Defender for Cloud offers cloud workload protection as part of its broader Cloud-Native Application Protection Platform (CNAPP), securing workloads across Azure, AWS, and Google Cloud Platform. It protects multicloud and on-premises environments, responds to threats quickly, reduces the attack surface, and accelerates investigations. Typically, CWP solutions work in silos, focusing on each workload separately rather than providing a unified view across multiple clouds. While this solution strengthens individual components, it lacks the ability to correlate the data across cloud environments. As cloud threats become more sophisticated, security teams need more than isolated workload protection—they need context, correlation, and real-time response. CDR represents the natural evolution of CWP. Instead of treating security as a set of isolated defenses, CDR weaves together disparate security signals to provide richer context, enabling faster and more effective threat mitigation. A shift towards a more unified, real-time detection and response model, CDR ensures that security teams have the visibility and intelligence needed to stay ahead of modern cloud threats. If CWP is like securing individual rooms in a building—locking doors, installing alarms, and monitoring each space separately—then CDR is like having a central security system that watches the entire building, detecting suspicious activity across all rooms, and responding in real time. That said, building an effective CDR solution comes with its own challenges. These are the key reasons your cloud security strategy might be falling short: Lack of Context SOC teams can’t protect what they can’t see. Limited visibility and understanding into resource ownership, deployment, and criticality makes threat prioritization difficult. Without context, security teams struggle to distinguish minor anomalies from critical incidents. For example, a suspicious process in one container may seem benign alone but, in context, could signal a larger attack. Without this contextual insight, detection and response are delayed, leaving cloud environments vulnerable. Hierarchical Complexity Cloud-native environments are highly interconnected, making incident investigation a daunting task. A single container may interact with multiple services across layers of VMs, microservices, and networks, creating a complex attack surface. Tracing an attack through these layers is like finding a needle in a haystack—one compromised component, such as a vulnerable container, can become a steppingstone for deeper intrusions, targeting cloud secrets and identities, storage, or other critical assets. Understanding these interdependencies is crucial for effective threat detection and response. Ephemeral Resources Cloud native workloads tend to be ephemeral, spinning up and disappearing in seconds. Unlike VMs or servers, they leave little trace for post-incident forensics, making attack investigations difficult. If a container is compromised, it may be gone before security teams can analyze it, leaving minimal evidence—no logs, system calls, or network data to trace the attack’s origin. Without proactive monitoring, forensic analysis becomes a race against time. A unified SOC experience with cloud detection and response The integration of Microsoft Defender for Cloud with Defender XDR empowers SOC teams to tackle modern cloud threats more effectively. Here’s how: 1. Attack Paths One major challenge for CDR is the lack of context. Alerts often appear isolated, limiting security teams’ understanding of their impact or connection to the broader cloud environment. Integrating attack paths into incident graphs can improve CDR effectiveness by mapping potential routes attackers could take to reach high-value assets. This provides essential context and connects malicious runtime activity with cloud infrastructure. In Defender XDR, using its powerful incident technology, alerts are correlated into high-fidelity incidents and attack paths are included in incident graphs to provide a detailed view of potential threats and their progression. For example, if a compromised container appears on an identified attack path leading to a sensitive storage account, including this path in the incident graph provides SOC teams with enhanced context, showing how the threat could escalate. Attack path integrated into incident graph in Defender XDR, showing potential lateral movement from a compromised container. 2. Automatic and Manual Asset Criticality Classification In a cloud native environment, it’s challenging to determine which assets are critical and require the most attention, leading to difficulty in prioritizing security efforts. Without clear visibility, SOC teams struggle to identify relevant resources during an incident. With Microsoft’s automatic asset criticality, Kubernetes clusters are tagged as critical based on predefined rules, or organizations can create custom rules based on their specific needs. This ensures teams can prioritize critical assets effectively, providing both immediate effectiveness and flexibility in diverse environments. Asset criticality labels are included in incident graphs using the crown shown on the node to help SOC teams identify that the incident includes a critical asset. 3. Built-In Queries for Deeper Investigation Investigating incidents in a complex cloud-native environment can be overwhelming, with vast amounts of data spread across multiple layers. This complexity makes it difficult to quickly investigate and respond to threats. Defender XDR simplifies this process by providing immediate, actionable insights into attacker activity, cutting investigation time from hours or days to just minutes. Through the “go hunt” action in the incident graph, teams can leverage pre-built queries specifically designed for cloud and containerized threats, available at both the cluster and pod levels. These queries offer real-time visibility into data plane and control plane activity, empowering teams to act swiftly and effectively, without the need for manual, time-consuming data sifting. 4. Cloud-Native Response Actions for Containers Attackers can compromise a cloud asset and move laterally across various environments, making rapid response critical to prevent further damage. Microsoft Defender for Cloud’s integration with Defender XDR offers real-time, multi-cloud response capabilities, enabling security teams to act immediately to stop the spread of threats. For instance, if a pod is compromised, SOC teams can isolate it to prevent lateral movement by applying network segmentation, cutting off its access to other services. If the pod is malicious,it can be terminated entirely to halt ongoing malicious activity. These actions, designed specifically for Kubernetes environments, allow SOC teams to respond instantly with a single click in the Defender portal, minimizing the impact of an attack while investigation and remediation take place. New innovations for threat detection across workloads, with focused investigation and response capabilities for containers—only with Microsoft Defender for Cloud. New innovations for threat detection across workloads, with focused investigation and response capabilities for containers—only with Microsoft Defender for Cloud. 5. Log Collection in Advanced Hunting Containers are ephemeral and that makes it difficult to capture and analyze logs, hindering the ability to understand security incidents. To address this challenge, we offer advanced hunting that helps ensure critical logs—such as KubeAudit, cloud control plane, and process event logs—are captured in real time, including activities of terminated workloads. These logs are stored in the CloudAuditEvents and CloudProcessEvents tables, tracking security events and configuration changes within Kubernetes clusters and container-level processes. This enriched telemetry equips security teams with the tools needed for deeper investigations, advanced threat hunting, and creating custom detection rules, enabling faster detection and resolution of security threats. 6. Guided response with Copilot Defender for Cloud's integration with Microsoft Security Copilot guides your team through every step of the incident response process. With tailored remediation for cloud native threats, it enhances SOC efficiency by providing clear, actionable steps, ensuring quicker and more effective responses to incidents. This enables teams to resolve security issues with precision, minimizing downtime and reducing the risk of further damage. Use case scenarios In this section, we will follow some of the techniques that we have observed in real-world incidents and explore how Defender for Cloud’s integration with Defender XDR can help prevent, detect, investigate, and respond to these incidents. Many container security incidents target resource hijacking. Attackers often exploit misconfigurations or vulnerabilities in public-facing apps — such as outdated Apache Tomcat instances or weak authentication in tools like Selenium — to gain initial access. But not all attacks start this way. In a recent supply chain compromise involving a GitHub Action, attackers gained remote code execution in AKS containers. This shows that initial access can also come through trusted developer tools or software components, not just publicly exposed applications. After gaining remote code execution, attackers disabled command history logging by tampering with environment variables like “HISTFILE,” preventing their actions from being recorded. They then downloaded and executed malicious scripts. Such scripts start by disabling security tools such as SELinux or AppArmor or by uninstalling them. Persistence is achieved by modifying or adding new cron jobs that regularly download and execute malicious scripts. Backdoors are created by replacing system libraries with malicious ones. Once the required configuration changes are made for the malware to work, the malware is downloaded, executed, and the executable file is deleted to avoid forensic analysis. Attackers try to exfiltrate credentials from environment variables, memory, bash history, and configuration files for lateral movement to other cloud resources. Querying the Instance Metadata service endpoint is another common method for moving from cluster to cloud. Defender for Cloud and Defender XDR’s integration helps address such incidents both in pre-breach and post-breach stages. In the pre-breach phase, before applications or containers are compromised, security teams can take a proactive approach by analyzing vulnerability assessment reports. These assessments surface known vulnerabilities in containerized applications and underlying OS components, along with recommended upgrades. Additionally, vulnerability assessments of container images stored in container registries — before they are deployed — help minimize the attack surface and reduce risk earlier in the development lifecycle. Proactive posture recommendations — such as deploying container images only from trusted registries or resolving vulnerabilities in container images — help close security gaps that attackers commonly exploit. When misconfigurations and vulnerabilities are analyzed across cloud entities, attack paths can be generated to visualize how a threat actor might move laterally across services. Addressing these paths early strengthens overall cloud security and reduces the likelihood of a breach. If an incident does occur, Defender for Cloud provides comprehensive real-time detection, surfacing alerts that indicate both malicious activity and attacker intent. These detections combine rule-based logic with anomaly detection to cover a broad set of attack scenarios across resources. In multi-stage attacks — where adversaries move laterally between services like AKS clusters, Automation Accounts, Storage Accounts, and Function Apps — customers can use the "go hunt" action to correlate signals across entities, rapidly investigate, and connect seemingly unrelated events. Attackers increasingly use automation to scan for exposed interfaces, reducing the time to breach containers—sometimes in under 30 minutes, as seen in a recent Geoserver incident. This demands rapid SOC response to contain threats while preserving artifacts for analysis. Defender for Cloud enables swift actions like isolating or terminating pods, minimizing impact and lateral movement while allowing for thorough investigation. Conclusion Microsoft Defender for Cloud, integrated with Defender XDR, transforms cloud security by addressing the challenges of modern, dynamic cloud environments. By correlating alerts from multiple workloads across Azure, AWS, and GCP, it provides SOC teams with a unified view of the entire threat landscape. This powerful correlation prevents lateral movement and escalation of threats to high-value assets, offering a deeper, more contextual understanding of attacks. Security teams can seamlessly investigate and track incidents through dynamic graphs that map the full attack journey, from initial breach to potential impact. With real-time detection, automatic alert correlation, and the ability to take immediate, decisive actions—like isolating compromised containers or halting malicious activity—Defender for Cloud’s integration with Defender XDR ensures a proactive, effective response. This integrated approach enhances incident response and empowers organizations to stop threats before they escalate, creating a resilient and agile cloud security posture for the future. Additional resources: Watch this cloud detection and response video to see it in action Try our alerts simulation tool for container security Read about some of our recent container security innovations Check out our latest product releases Explore our cloud security solutions page Learn how you can unlock business value with Defender for Cloud Start a free 30-day trial of Defender for Cloud todayProtect what matters to your organization using filtering in Defender for Storage
Microsoft Defender for Storage is a cloud-native, agentless security solution within Microsoft Defender for Cloud, part of Microsoft’s CNAPP offering. With seamless onboarding, it helps safeguard your organization’s most valuable data by detecting and preventing malicious uploads, sensitive data exfiltration, and data corruption. Powered by Microsoft Threat Intelligence, it delivers advanced threat detection to enhance your storage security. Are all crown jewels made equally? Defender for Storage provides exclusive, agentless malware protection for Azure Blob Storage, helping detect and mitigate malware threats against your organization’s data. Powered by Microsoft Defender Antivirus, this solution ensures data compliance and offers flexible scanning options, including on-upload and on-demand protection. While maintaining visibility across all organizational data is crucial, some data requires higher scrutiny than others. Here are key use case scenarios: Contoso Financial Corporation prioritizes scanning high-risk files, such as external uploads, downloads, and files from untrusted sources. Contoso IT Department needs to filter out known internal files that typically generate false positives, reducing unnecessary security alerts and minimizing distractions from real malware threats. Contoso Health Department uses a trusted application that generates files and would like to optimize malware scanning for other, potentially riskier files. 🎉Introducing customizable on-upload scanning filters (Public Preview) Defender for Storage provides security administrators with granular controls, offering flexibility to tailor security and deployment settings to their organization’s needs. These include configuring malware scanning caps, setting exclusions at the resource level, and more. A recently introduced feature now allows customization of on-upload malware scanning filters, delivering key benefits such as reducing unnecessary scans and lowering costs—without compromising security. This new feature supports customizable filter such as: Exclude specific blob with prefix Exclude blobs with suffix Exclude blobs large (x) bytes Start filtering your files today Malware protection in Defender for Storage is exclusively available in the latest plan. If your organization is still using the classic Defender for Storage plan, we highly recommend upgrading to take advantage of the full range of security benefits and the latest features. Upgrading ensures access to enhanced threat detection, improved security controls, and ongoing feature updates that help protect your organization’s data more effectively. To begin your malware protection journey, review our documentation for detailed information on prerequisites and deployment guidelines. This will help you seamlessly integrate malware protection into your existing security strategy and maximize the value of Defender for Storage here. Once Defender for Storage is enabled, follow the instructions below to use the filtering configurations: Navigate to your storage account that you want to filter on-upload scans Under “Security + networking”, select Microsoft Defender for Cloud Select settings under Microsoft Defender for Storage Under “On-upload malware scanning”, select which filters to apply. Example: Conclusion The introduction of customizable on-upload scanning filters provides granular control for security administrators, allowing for more flexibility and efficiency in malware protection. This feature helps reduce unnecessary scans and costs without compromising security. For customers using the classic Defender for Storage plan, upgrading to the latest plan is highly recommended to fully benefit from these advanced features. For more information about Defender for Storage please visit our public document aka.ms/defenderforstorage Additional Resources We want to hear from you! Please take a moment to fill out this survey to provide direct feedback to the Defender for Storage engineering team.Microsoft Defender for Cloud Customer Newsletter
What's new in Defender for Cloud? On-demand malware scanning in Defender for Storage is now in GA! This feature also supports blobs up to 50 GB in size (previously limited to 2GB). See this page for more info. 31 new and enhanced Multicloud regulatory standards We’ve published enhanced and expanded support of over 31 security and regulatory frameworks in Defender for Cloud across Azure, AWS & GCP. For more details, please refer to our documentation. Blogs of the month In February, our team published the following blog posts we would like to share: Unveiling Kubernetes lateral movement and attack paths with Microsoft Defender for Cloud Protecting Azure AI Workloads using Threat Protection for AI in Defender for Cloud New and enhanced multicloud regulatory compliance standards in Defender for Cloud Strengthening Cloud Compliance and Governance with Microsoft Defender CSPM GitHub Community Learn more about Code Reachability Vulnerabilities with Endor Labs with Module 26 - Defender for Cloud Code Reachability Vulnerabilities with Endor Labs Defender for Cloud in the field Watch the latest Defender for Cloud in the Field YouTube episodes here: Integrate Defender for Cloud CLI with CI/CD pipelines Code Reachability Analysis Visit our YouTube page! Customer journeys Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Kurita Water Industries, a water treatment solutions company, that leverages both Microsoft Entra Permissions Management and Defender for Cloud’s CSPM for resource statuses, vulnerabilities, state of access permissions, and risk prioritization and CWPP capabilities to continuously monitor and protect cloud workloads Security community webinars Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds. Check out our upcoming webinars this month in the link below! MAR 5 Microsoft Defender for Cloud | API Security Posture with Defender for Cloud We offer several customer connection programs within our private communities. By signing up, you can help us shape our products through activities such as reviewing product roadmaps, participating in co-design, previewing features, and staying up-to-date with announcements. Sign up at aka.ms/JoinCCP. We greatly value your input on the types of content that enhance your understanding of our security products. Your insights are crucial in guiding the development of our future public content. We aim to deliver material that not only educates but also resonates with your daily security challenges. Whether it’s through in-depth live webinars, real-world case studies, comprehensive best practice guides through blogs, or the latest product updates, we want to ensure our content meets your needs. Please submit your feedback on which of these formats do you find most beneficial and are there any specific topics you’re interested in https://aka.ms/PublicContentFeedback. Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe
