Runtime protection - Microsoft Defender for Cloud DevOps Security (Defender CSPM)
Hi team! The current support status for Microsoft Defender for Cloud DevOps Security (Defender CSPM) and runtime protection across services are this one : Fully Supported for Runtime Protection Azure Kubernetes Service (AKS) Amazon Elastic Kubernetes Service (EKS) are there more runtime in the product roadmap (Azure Container Apps, AWS, Fargate for Amazon ECS, Azure Functions, AWS Lambda)? ThanksCost Calculator for Defender for Cloud (Public Preview)
Did you know Microsoft Defender for Cloud has a built-in cost calculator to easily calculate the costs of protected resources in your cloud environment? No? Well, I didn’t either until I stumbled upon the button in the MDC portal myself. Apparently, Microsoft announced the preview for the MDC cost calculator last month, on February 19, 2025. With this post, I’m sharing my experience with this new cost calculator for Microsoft Defender for Cloud, providing guidance and comparing available options to calculate the costs. https://myronhelgering.com/cost-calculator-for-defender-for-cloud/
New Blog | Agentless scanning for virtual machines in the cloud – technical deep dive
This blog will cover the following topics: What is agentless scanning for cloud native virtual machines? How does agentless scanning for cloud native VMs work? What are the new challenges that security vendors are facing? As a customer, what you should validate when purchasing an agentless scanning security solution? Microsoft Defender for Cloud’s agentless scanning Read the full blog post here: Agentless scanning for virtual machines in the cloud – technical deep dive - Microsoft Community HubBlog | Defender for cloud's Agentless secret scanning for virtual machines now generally available
Cloud cybersecurity is of paramount importance in today's digital landscape, as organizations increasingly rely on cloud services to store and manage sensitive data, applications, and infrastructure. Attacks on cloud infrastructure pose severe risks to organizations such as data theft, ransomware attacks, crypto mining attacks, and service disruption. During a cyber-attack, after gaining initial access to the target network, the attacker begins to move deeper into the network in search of sensitive data and other high-value assets. This stage, called lateral movement, is critical, as it enables threat actors to explore and expand their presence within a target network, increasing the potential for further compromise of critical systems. One of the most common techniques used by hackers to move laterally in a network is credential theft. This technique involves the exploitation of exposed secrets such as passwords, keys, tokens, and connection strings to gain access to additional assets in the network. Secrets are often found on files, stored on the disks of virtual machines (VMs) or containers running on various cloud platforms. Read the full blog post here: Defender for cloud's Agentless secret scanning for virtual machines is now generally available! - Microsoft Community HubNew Blog | Announcing new CNAPP capabilities in Defender for Cloud
In the fast-paced world of cloud computing, security teams are facing unprecedented challenges. As organizations increasingly adopt multicloud environments and prioritize the development of cloud-native applications, the complexity of ensuring robust security has grown exponentially. To tackle these evolving cloud security needs, a powerful solution has emerged – Cloud-Native Application Protection Platforms (CNAPP). Read the full blog here: Announcing new CNAPP capabilities in Defender for Cloud - Microsoft Community Hub
Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.Which VM security events are requried for enhanced security features, e.g. in Defender for Servers?
Hi Azure Cloud Defenders! I would like to understand which Defender for Cloud Features require VM Security Events to be collected and to which extent. According to a recent Webinar, it is a common misconception that Threat Detection and Vulnerability Assessments for VMs rely on that data beeing collected/ingested. On the other hand the docs, e.g. for adaptive application control, let me assume that gathering those events/logs is required for that feature. Can someone explain for which cases/scenarios event logs from VMs must be collected and ingested into the log analytics workspace? Furthermore, it would be good to know the level of data to store (all events, common, minimal) for each case. Thank you very much in advance!
