Introduction: Microsoft Defender for Cloud is a security solution provided by Microsoft that helps protect your cloud resources in Azure. It offers advanced threat protection and security monitoring capabilities. In this lesson, you will learn how to configure and implement Microsoft Defender for Cloud in Azure.
To configure Microsoft Defender for Cloud, follow these steps:
-
Sign in to the Azure portal
https://portal.azure.com/using an account with Owner or Contributor role in the Azure subscription. -
In the Azure portal, use the search box at the top to search for "Microsoft Defender for Cloud" and press Enter.
-
On the Microsoft Defender for Cloud | Getting started blade, click Upgrade.
-
In the Install agents tab, scroll down and click Install agents.
-
In the Select workspaces with enhanced security features section, enable the Microsoft Defender plan by selecting your Log Analytics Workspace, then click the Upgrade button.
-
Navigate to Microsoft Defender for Cloud and click "Environment Settings" under the Management settings in the vertical menu bar.
-
On the Environment Settings blade, click the relevant subscription.
- On the Defender plans blade, select "Enable all Microsoft Defender for Cloud Plans".
- Go back to the Environment Settings blade, expand until your subscription appears, and click the entry representing the Log Analytics workspace you created in the previous lab.
-
On the Settings | Defender plans blade, ensure that "Enable all Microsoft Defender for Cloud plans" is selected.
-
Select "Data collection" from the Microsoft Defender for Cloud | Settings blade. Choose "All Events" and click Save.
To review the Microsoft Defender for Cloud recommendations, follow these steps:
-
Go back to the Microsoft Defender for Cloud | Overview blade in the Azure portal.
-
Review the Secure Score tile to see the current score if available.
-
Navigate to the Assessed resources section on the Overview blade.
-
On the Inventory blade, select the entry for your virtual machine (myVM).
-
On the Resource health blade, go to the Recommendations tab and review the list of recommendations for your virtual machine.
To implement the recommendation to enable Just in time VM Access on your virtual machine, follow these steps:
-
Go back to the Microsoft Defender for Cloud | Overview blade in the Azure portal and select "Workload protections" under the Cloud Security tile.
-
On the Workload protections blade, click the "Just-in-time VM access" tile in the Advanced protection section.
-
On the Just-in-time VM access blade, under the Virtual machines section, select "Not Configured" and then click the entry for your virtual machine (myVM).
-
Click the "Enable JIT on 1 VM" option on the far right of the Virtual machines section.
- On the JIT VM access configuration blade, click the ellipsis button on the far right of the row referencing port 22, and then click Delete.
-
Click Save on the JIT VM access configuration blade.
-
Monitor the progress of the configuration by clicking on the Notifications icon in the toolbar and viewing the Notifications blade.
Note: It may take some time for the implementation of recommendations to be reflected in the Secure Score. Periodically check the Secure Score to determine the impact of implementing these features.
Conclusion: In this lesson, I have learned how to configure and implement Microsoft Defender for Cloud in Azure. By following the tasks, I have successfully onboarded Microsoft Defender for Cloud, reviewed recommendations, and implemented Just in Time VM Access. Microsoft Defender for Cloud provides enhanced security and threat protection for your cloud resources, helping one safeguard their Azure environment.
Continue to Microsoft Sentinel (SIEM)