About Defender for Cloud aggregated logs in Advanced Hunting
Hi, I create this threat hoping that the Microsoft team will read and hopefully provide insights about future changes and roadmap. When SOC teams use a non-Microsoft SIEM/SOAR, they need to export logs from M365 and Azure, and send them to the third-party SIEM/SOAR solution. • For M365 logs, there is the M365XDR connector that allows exporting logs using an Event Hub. • For Azure logs, we used to configure diagnostics settings and send them to an Event Hub. This began to change with new features within Defender for Cloud (c.f. picture).: • Defender for Resource Manager now sends Azure Activity logs to M365XDR portal, and can be exported using M365XDR Streaming API • Defender for Storage now sends logs to M365XDR portal, and can be exported using M365XDR Streaming API (c.f. https://www.youtube.com/watch?v=Yraeks8c8hg&t=1s). This is great as it is easy to configure and doesn't interfere with infrastructure teams managing operational logs through diagnostic settings. I have two questions : • Is there any documentation about this? I didn't find any? • What can we expect in the future weeks, months regarding this native logs collection feature through various Defender for Cloud products? For example, can we expect Defender for SQL to send logs to M365XDR natively? Thanks for you support!
Runtime protection - Microsoft Defender for Cloud DevOps Security (Defender CSPM)
Hi team! The current support status for Microsoft Defender for Cloud DevOps Security (Defender CSPM) and runtime protection across services are this one : Fully Supported for Runtime Protection Azure Kubernetes Service (AKS) Amazon Elastic Kubernetes Service (EKS) are there more runtime in the product roadmap (Azure Container Apps, AWS, Fargate for Amazon ECS, Azure Functions, AWS Lambda)? Thanks
Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?Cost Calculator for Defender for Cloud (Public Preview)
Did you know Microsoft Defender for Cloud has a built-in cost calculator to easily calculate the costs of protected resources in your cloud environment? No? Well, I didn’t either until I stumbled upon the button in the MDC portal myself. Apparently, Microsoft announced the preview for the MDC cost calculator last month, on February 19, 2025. With this post, I’m sharing my experience with this new cost calculator for Microsoft Defender for Cloud, providing guidance and comparing available options to calculate the costs. https://myronhelgering.com/cost-calculator-for-defender-for-cloud/
New Blog | Microsoft Power BI and Microsoft Defender for Cloud
By Giulio Astori Introduction As cloud environments grow more complex and threats increase, organizations need robust tools to monitor, analyze, and respond to security issues effectively. Microsoft Defender for Cloud (MDC) offers robust security management, but to unlock its full potential, organizations need powerful visualization and analysis tools. While Azure Workbooks provide valuable visualizations for MDC data, integrating Microsoft Power BI offers an enhanced approach to data analysis and visualization. Power BI's advanced features, such as customizable dashboards, interactive elements, and seamless integration with various data sources, make it ideal for enhancing the value derived from MDC data. This article is the first in a series of correlated blogs that will explore scenarios and applicability in depth. As an introduction to the series, this article provides the foundation on how to start leveraging Power BI to report and dashboard MDC insights. Benefits of Using Power BI with Microsoft Defender for Cloud Advanced Data Visualization: Power BI provides a wide array of visualization options, allowing security teams to create highly customized and visually rich dashboards that effectively communicate insights to different stakeholders. Enhanced Data Analysis: Power BI's robust analytical tools, including DAX (Data Analysis Expressions) and built-in AI capabilities, enable security teams to perform complex data analysis and uncover deeper insights. Seamless Integration: Power BI integrates with various data sources, including Azure Resource Graph, allowing you to consolidate data from multiple platforms into a single, unified view. Collaborative Features: Power BI facilitates collaboration by enabling teams to share dashboards and reports easily, with role-based access controls ensuring data security. Ease of Use: Power BI's intuitive drag-and-drop functionality makes it simple for users to create and customize visualizations without extensive technical knowledge, making it accessible to users of all skill levels. Step-by-Step Guide to Integrating MDC Data into Power BI To integrate MDC data into Power BI, follow these steps: Step 1: Set Up Power BI and Azure Resource Graph Install Power BI Desktop: Download Power BI Desktop. Enable Azure Resource Graph: Ensure that you have the necessary permissions to access Azure Resource Graph. Step 2: Connect Power BI to Azure Resource Graph Open Power BI Desktop: Launch Power BI Desktop on your computer. Get Data: Click on Get Data on the Home tab. Select Azure Resource Graph: In the Get Data window, search for Azure Resource Graph and select it. Connect: Click Connect and sign in with your Azure credentials. Read the full post here: Microsoft Power BI and Microsoft Defender for Cloud
New Blog | Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
We are thrilled to announce that Microsoft Defender Cloud, in collaboration with the Center for Internet Security (CIS), now supports the latest CIS Azure Security Foundations Benchmark - version 2.0.0. This release also includes the new corresponding built-in policy initiative in the Azure Policy blade. Read the full update here: Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?New Blog | Proactively secure your AWS Cloud Resources with Microsoft Defender for Cloud
Misconfigurations are common entry points for attackers. Cloud misconfigurations occur when cloud resources are set up with incorrect or insecure settings, leaving them vulnerable to exploitation. Misconfigurations can lead to sensitive data being exposed to the public internet, unauthorized users, or can open up unnecessary ports, services, or permissions that attackers can exploit. Proactive security management for cloud misconfiguration is essential to maintaining a strong security posture. This blog will walk through a few scenarios of misconfigured AWS Cloud resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly. See full blog post here: CSPM for AWS (microsoft.com)
