DevOps Security: MDC-ADO integration through Service account
Hi All, Is it possible to integrate MDC-ADO Integration with Service Account? When I attempted to authorize ADO in MDC during the integration process, it appears to only accept individual accounts. Does anyone have insights on how to utilize a Service Account for this integration?
New Blog | Enforcement of Defender CSPM for Premium DevOps Security Capabilities
Microsoft’s Defender for Cloud will begin enforcing the Defender Cloud Security Posture Management (DCSPM) plan check for premium DevOps security value beginning March 7th, 2024. If you have the Defender CSPM plan enabled on a cloud environment (Azure, AWS, GCP) within the same tenant your DevOps connectors are created in, you'll continue to receive premium code to cloud DevOps capabilities at no additional cost. If you aren't a Defender CSPM customer, you have until March 7th, 2024 to enable Defender CSPM before losing access to these security features. To enable Defender CSPM on a connected cloud environment before March 7, 2024, follow the enablement documentation outlined here. Read the full update here: Enforcement of Defender CSPM for Premium DevOps Security Capabilities - Microsoft Community HubNew Blog | Bridging the Gap Between Code and Cloud with Defender for Cloud
While containers have revolutionized modern software development, the complexity of dependencies in containerized environments and the expanded attack surface they present are still significant hurdles for security professionals. The initial step in securing these environments involves identifying vulnerabilities within container images. Yet, the most time-consuming task can often be identifying the right development team to address these vulnerabilities, particularly the mission-critical ones. Microsoft Defender for Cloud addresses this critical need with its container mapping feature. This blog post explores how Defender for Cloud streamlines the process of tracing vulnerabilities in container images back to their origins in CI/CD pipelines, specifically within Azure DevOps and GitHub environments. This functionality is key to facilitating effective developer remediation workflows, thereby enhancing the security posture of cloud-native applications. Read the full blog post here: Bridging the Gap Between Code and Cloud with Defender for Cloud - Microsoft Community HubNew Blog | Simplifying Onboarding to Microsoft Defender for Cloud with Terraform
If you are looking for a way to onboard Microsoft Defender for Cloud (MDC) with Terraform, you are in luck! In this blog post, we will introduce you to a new Terraform module that simplifies and enhances the onboarding experience for MDC in Azure. This module allows you to configure MDC plans for your Azure subscriptions or management groups with just a few lines of code. You will also learn how to use this module in different scenarios, such as onboarding a single subscription, multiple subscriptions, or all subscriptions where you have owner permissions. By the end of this blog post, you will be able to onboard MDC with Terraform in a fast and easy way. Read the full blog post here: Simplifying Onboarding to Microsoft Defender for Cloud with Terraform - Microsoft Community HubNew Blog | Securing your GitLab Environment with Microsoft Defender for Cloud
At Microsoft Ignite 2023, Microsoft Defender for Cloud unveiled a new integration, extending its DevOps security coverage outside of the Microsoft ecosystem and integrating with the all-in-one DevOps platform GitLab. With this integration, security practitioners can monitor the security posture of their GitLab environments and kick off developer remediation workflows. Additionally, customers with Defender CSPM will receive advanced contextualization and prioritization capabilities for their GitLab environments. Read the full blog here: Securing your GitLab Environment with Microsoft Defender for CloudNew Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method
Full blog post: Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows. Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML. Original post: New Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community HubNew Survey | DevOps Security Policies
Help Us Understand Market Needs and Drive Feature Prioritization. We are building a new set of capabilities in Microsoft Defender for Cloud to manage DevOps Security Policies. We request your feedback to understand market needs better and drive the feature prioritization. Please share your feedback with our Microsoft Defender for Cloud team by completing this survey. Thank you! https://forms.office.com/r/SCUuFvFQMq Original Post: New Survey | DevOps Security Policies - Microsoft Tech Community
Using Logic Apps to trigger Work Items in DevOps from triggers in Azure Security Center.
Dear Colleagues, I am looking for a workflow that is triggered from anything in Azure Security Center (reccomendations first) to a new bug or issue in Azure DevOps. Right after this there is a trigger in Teams that a new item is an issue to work on. The team works in Teams and accomplished the tasking inside of Azure DevOps.
