Runtime protection - Microsoft Defender for Cloud DevOps Security (Defender CSPM)
Hi team! The current support status for Microsoft Defender for Cloud DevOps Security (Defender CSPM) and runtime protection across services are this one : Fully Supported for Runtime Protection Azure Kubernetes Service (AKS) Amazon Elastic Kubernetes Service (EKS) are there more runtime in the product roadmap (Azure Container Apps, AWS, Fargate for Amazon ECS, Azure Functions, AWS Lambda)? Thanks
Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?Cost Calculator for Defender for Cloud (Public Preview)
Did you know Microsoft Defender for Cloud has a built-in cost calculator to easily calculate the costs of protected resources in your cloud environment? No? Well, I didn’t either until I stumbled upon the button in the MDC portal myself. Apparently, Microsoft announced the preview for the MDC cost calculator last month, on February 19, 2025. With this post, I’m sharing my experience with this new cost calculator for Microsoft Defender for Cloud, providing guidance and comparing available options to calculate the costs. https://myronhelgering.com/cost-calculator-for-defender-for-cloud/
New Blog | Microsoft Power BI and Microsoft Defender for Cloud
By Giulio Astori Introduction As cloud environments grow more complex and threats increase, organizations need robust tools to monitor, analyze, and respond to security issues effectively. Microsoft Defender for Cloud (MDC) offers robust security management, but to unlock its full potential, organizations need powerful visualization and analysis tools. While Azure Workbooks provide valuable visualizations for MDC data, integrating Microsoft Power BI offers an enhanced approach to data analysis and visualization. Power BI's advanced features, such as customizable dashboards, interactive elements, and seamless integration with various data sources, make it ideal for enhancing the value derived from MDC data. This article is the first in a series of correlated blogs that will explore scenarios and applicability in depth. As an introduction to the series, this article provides the foundation on how to start leveraging Power BI to report and dashboard MDC insights. Benefits of Using Power BI with Microsoft Defender for Cloud Advanced Data Visualization: Power BI provides a wide array of visualization options, allowing security teams to create highly customized and visually rich dashboards that effectively communicate insights to different stakeholders. Enhanced Data Analysis: Power BI's robust analytical tools, including DAX (Data Analysis Expressions) and built-in AI capabilities, enable security teams to perform complex data analysis and uncover deeper insights. Seamless Integration: Power BI integrates with various data sources, including Azure Resource Graph, allowing you to consolidate data from multiple platforms into a single, unified view. Collaborative Features: Power BI facilitates collaboration by enabling teams to share dashboards and reports easily, with role-based access controls ensuring data security. Ease of Use: Power BI's intuitive drag-and-drop functionality makes it simple for users to create and customize visualizations without extensive technical knowledge, making it accessible to users of all skill levels. Step-by-Step Guide to Integrating MDC Data into Power BI To integrate MDC data into Power BI, follow these steps: Step 1: Set Up Power BI and Azure Resource Graph Install Power BI Desktop: Download Power BI Desktop. Enable Azure Resource Graph: Ensure that you have the necessary permissions to access Azure Resource Graph. Step 2: Connect Power BI to Azure Resource Graph Open Power BI Desktop: Launch Power BI Desktop on your computer. Get Data: Click on Get Data on the Home tab. Select Azure Resource Graph: In the Get Data window, search for Azure Resource Graph and select it. Connect: Click Connect and sign in with your Azure credentials. Read the full post here: Microsoft Power BI and Microsoft Defender for Cloud
New Blog | Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
We are thrilled to announce that Microsoft Defender Cloud, in collaboration with the Center for Internet Security (CIS), now supports the latest CIS Azure Security Foundations Benchmark - version 2.0.0. This release also includes the new corresponding built-in policy initiative in the Azure Policy blade. Read the full update here: Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?New Blog | Proactively secure your AWS Cloud Resources with Microsoft Defender for Cloud
Misconfigurations are common entry points for attackers. Cloud misconfigurations occur when cloud resources are set up with incorrect or insecure settings, leaving them vulnerable to exploitation. Misconfigurations can lead to sensitive data being exposed to the public internet, unauthorized users, or can open up unnecessary ports, services, or permissions that attackers can exploit. Proactive security management for cloud misconfiguration is essential to maintaining a strong security posture. This blog will walk through a few scenarios of misconfigured AWS Cloud resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly. See full blog post here: CSPM for AWS (microsoft.com)New Blog | New multicloud CNAPP innovations in Microsoft Defender for Cloud
We are expanding the power of our contextual cloud security graph and attack path analysis with support for GCP resources. Starting on August 15, customers can leverage the power of Defender CSPM for comprehensive visibility and intelligent cloud security across their GCP resources. This enables organizations to sift through the clutter, zeroing in on and addressing the most pressing risks spanning their multicloud environment. Key features of our GCP support include: Attack path analysis: Understand the potential routes attackers might take. Cloud security explorer: Proactively identify security risks by running graph-based queries on the security graph. Agentless scanning: Scan servers and identify secrets and vulnerabilities without installing an agent. Data-aware security posture: Discover and remediate risks to sensitive data in Google Cloud Storage buckets. Read the full blog post: New multicloud CNAPP innovations in Microsoft Defender for Cloud - Microsoft Community Hub
