New Blog | Microsoft Power BI and Microsoft Defender for Cloud
ByGiulio Astori Introduction As cloud environments grow more complex and threats increase, organizations need robust tools to monitor, analyze, and respond to security issues effectively. Microsoft Defender for Cloud (MDC) offers robust security management, but to unlock its full potential, organizations need powerful visualization and analysis tools. While Azure Workbooks provide valuable visualizations for MDC data, integrating Microsoft Power BI offers an enhanced approach to data analysis and visualization. Power BI's advanced features, such as customizable dashboards, interactive elements, and seamless integration with various data sources, make it ideal for enhancing the value derived from MDC data. This article is the first in a series of correlated blogs that will explore scenarios and applicability in depth. As an introduction to the series, this article provides the foundation on how to start leveraging Power BI to report and dashboard MDC insights. Benefits of Using Power BI with Microsoft Defender for Cloud Advanced Data Visualization: Power BI provides a wide array of visualization options, allowing security teams to create highly customized and visually rich dashboards that effectively communicate insights to different stakeholders. Enhanced Data Analysis: Power BI's robust analytical tools, including DAX (Data Analysis Expressions) and built-in AI capabilities, enable security teams to perform complex data analysis and uncover deeper insights. Seamless Integration: Power BI integrates with various data sources, including Azure Resource Graph, allowing you to consolidate data from multiple platforms into a single, unified view. Collaborative Features: Power BI facilitates collaboration by enabling teams to share dashboards and reports easily, with role-based access controls ensuring data security. Ease of Use: Power BI's intuitive drag-and-drop functionality makes it simple for users to create and customize visualizations without extensive technical knowledge, making it accessible to users of all skill levels. Step-by-Step Guide to Integrating MDC Data into Power BI To integrate MDC data into Power BI, follow these steps: Step 1: Set Up Power BI and Azure Resource Graph Install Power BI Desktop:Download Power BI Desktop. Enable Azure Resource Graph:Ensure that you have the necessary permissions to access Azure Resource Graph. Step 2: Connect Power BI to Azure Resource Graph Open Power BI Desktop:Launch Power BI Desktop on your computer. Get Data:Click on Get Data on the Home tab. Select Azure Resource Graph:In the Get Data window, search for Azure Resource Graph and select it. Connect:Click Connect and sign in with your Azure credentials. Read the full post here:Microsoft Power BI and Microsoft Defender for Cloud
New Blog | Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
We are thrilled to announce that Microsoft Defender Cloud, in collaboration with theCenter for Internet Security(CIS), now supports the latestCIS Azure Security Foundations Benchmark - version 2.0.0. This release also includes the new corresponding built-in policy initiative in the Azure Policy blade. Read the full update here:Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1)NMap scanning detected (for this we got the carrier and organizationas Microsoft) 2)Vulnerability scanner detected 3)Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1)NMap scanning detected (for this we got the carrier and organizationas Microsoft) 2)Vulnerability scanner detected 3)Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?New Blog | Proactively secure your AWS Cloud Resources with Microsoft Defender for Cloud
Misconfigurations are common entry points for attackers. Cloud misconfigurations occur when cloud resources are set up with incorrect or insecure settings, leaving them vulnerable to exploitation. Misconfigurations can lead to sensitive data being exposed to the public internet, unauthorized users, or can open up unnecessary ports, services, or permissions that attackers can exploit. Proactive security management for cloud misconfiguration is essential to maintaining a strong security posture. This blog will walk through a few scenarios of misconfigured AWS Cloud resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teamsprevent risks and remediate quickly. See full blog post here: CSPM for AWS (microsoft.com)New Blog | New multicloud CNAPP innovations in Microsoft Defender for Cloud
We are expanding the power of our contextual cloud security graphand attack path analysiswith support for GCP resources.Starting on August 15,customerscan leverage the power of Defender CSPM for comprehensive visibility and intelligent cloud securityacross their GCP resources. This enables organizations to sift through the clutter, zeroing in on and addressing the most pressing risks spanning their multicloud environment. Key features of our GCP support include: Attack path analysis: Understand the potential routes attackers might take. Cloud security explorer: Proactively identify security risks by running graph-based queries on the security graph. Agentless scanning: Scan servers and identify secrets and vulnerabilities without installing an agent. Data-aware security posture:Discoverand remediaterisks to sensitive datainGoogle Cloud Storage buckets. Read the full blog post:New multicloud CNAPP innovations in Microsoft Defender for Cloud - Microsoft Community HubAnnouncing our Microsoft Defender for Cloud AMA on August 16th!
Join us on Wednesday 8/16 at 9:00AM PST for an AMA (Ask Microsoft Anything) with the Microsoft Defender for Cloud team! This will be atext-basedlive hour of answering all your questions relating to the product. Please join us to learn more about: Microsoft's point of view on the Cloud Native Application Protection Platform(CNAPP). Microsoft's new innovation in Multicloud(GCP) Posture Management in Defender Cloud Security Posture Management(CSPM). How to leverage Microsoft Defender for Cloud to enable multicloud compliance management. Join here:aka.ms/DefForCloudAMA Note: If you are unable to attend the live hour, you can ask your question at any time on the event page below and the team will get to it during the event.Blog | Malware Scanning for cloud storage GA pre-announcement|prevent malicious content distribution
Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned. Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities.It scans all file types and allows you to detect and prevent malware distribution events. Read the full blog post:Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution at scale (microsoft.com)Blog | Microsoft Defender for Cloud -strategy and plan towards Log Analytics Agent (MMA) deprecation
Log Analytics agent (also known asMMA) is on a deprecation path and will be retired inAug 2024.The purpose of this blogpost is to clarify how Microsoft Defender for Cloud will align with this plan and its impact on customers. There are two Defender for Cloud plans with features relying on the Log Analytics agent:Defender for Servers Plan 2andDefender for SQL server on machines. As part of an updated strategy, Azure monitoring Agent (also known asAMA), won’t be a requirement as part of our Defender for Servers offering, but will remain required as part of Defender for SQL server on machines. As a result, Defender for Servers’ features and capabilities outlined below, as well as the auto-provisioning process that provides the installation and configuration of both agents (MMA/AMA), will be adjusted accordingly. Read the full blog post:Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation - Microsoft Community Hub
