Back to Azure
Azure Security & Defender
Cloud security posture and threat protection
Microsoft Defender for Cloud
Unified security management and advanced threat protection for hybrid cloud workloads.
Key Features
- * Secure Score: Measure and improve security posture
- * Recommendations: Actionable security improvements
- * Regulatory Compliance: Track compliance with standards
- * Workload Protection: Defender plans for specific resources
Defender Plans
| Plan | Protects |
|---|---|
| Defender for Servers | Azure VMs, Arc-enabled servers |
| Defender for Storage | Storage accounts, blob threats |
| Defender for SQL | Azure SQL, SQL on VMs |
| Defender for Key Vault | Suspicious key vault access |
Security Alerts
Defender generates alerts when threats or suspicious activities are detected.
Alert Severity Levels
- * High: Active attacks requiring immediate action
- * Medium: Suspicious activity needing investigation
- * Low: Informational or benign anomalies
Alert Response
- 1. Review alert details and affected resources
- 2. Check related alerts for attack patterns
- 3. Investigate using activity logs and diagnostics
- 4. Take remediation actions (isolate, patch, revoke)
- 5. Mark alert status and document findings
Security Baselines
Implement Azure security benchmarks for consistent security configuration.
Key Controls
- * Enable MFA for all privileged accounts
- * Use managed identities instead of service principals where possible
- * Enable diagnostic logging on all resources
- * Encrypt data at rest and in transit
- * Implement network segmentation with NSGs
- * Use Azure Policy for guardrails