[Post updated on 04/19/2023]
Organizations are starting to realize that they need to closely monitor their cloud security posture, and protect cloud workloads against threats. Microsoft Defender for Cloud covers scenarios by offering Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) capabilities via the enablement of Microsoft Defender for Cloud.
To effectively determine the benefits of adopting Microsoft Defender for Cloud, you should perform a Proof of Concept (PoC). Even before enabling enable Microsoft Defender for Cloud in your subscription and start validating your scenarios, you should go through a planning process to determine a series of tasks that must be accomplished in this PoC.
Planning Each Phase
Use following schedule to perform their Microsoft Defender for Cloud PoC. Keep in mind that this is an example, and each organization may adequate this according to their needs.
The sections that follow will explain each phase in more details.
During the planning phase you will organize a meeting with key stakeholders of this PoC. At minimum, you should have representatives from IT (mainly the ones that are responsible for your Cloud workloads), Security Operations, and Security Governance. The intent of this phase is to determine the answers for the following items:
At the end of this phase you have the first checkpoint (A). On this checkpoint you should document the following items:
This phase will focus on the implementation of the requirements. When going through those requirements, make sure to document everything that needs to be changed in the environment. One classic example is when the members of the Team that are implementing Microsoft Defender for Cloud don’t have the right level of permission in all subscriptions. This can cause delays if the team that is implementing Microsoft Defender for Cloud is not the same team that manages Azure Identity. For this reason, it becomes critical to involve the right stakeholders since the planning phase.
At the end of this phase, you have the second checkpoint (B). On this checkpoint you should document the following items:
Implementation and validation
Now you can enable the Defender for Cloud enhanced security features, and once you do that the next step is the implementation of the scenarios that you established during the planning phase. Here are the most common scenarios that are covered during a PoC:
Scenario 1: Security Posture Management
If you decide to try the Cloud Security Posture Management free tier, you don't need to enable any plan, and you can immediately start testing the following scenarios:
If you want to validate advanced cloud security posture management feature, you will need to enable Defender CSPM. If that's the case, use this DCSPM POC article.
Scenario 2: Reducing the Attack Surface
Scenario 3: Threat Detection & Response
At the end of this phase, you have the third checkpoint (C). On this checkpoint you should document the following items:
If you need a deeper plan to perform a PoC for each Microsoft Defender for Cloud Plan, please access them from here:
This is the final phase of the PoC, and it is strategically done 5 days before you reach the 30 days trial, and the reason for that is because you want to have a spare time to make your final decision if you want to keep using Microsoft Defender for Cloud or not, and if not you can disable Microsoft Defender for Cloud. This is the time to re-engage the stakeholders, present the results, and the benefits of adopting Microsoft Defender for Cloud in production.
At the end of this phase, you have the last checkpoint (D). On this checkpoint you should document the following items:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.