The document provides an overview of Microsoft Defender for Cloud, focusing on securing multi-cloud environments and integrating security into DevOps pipelines for effective protection against sophisticated cyber threats. It discusses key features such as agentless vulnerability scanning, continuous compliance management, threat protection across various resource layers, and enhanced automation capabilities for cloud security posture management. Additionally, it emphasizes the importance of unified visibility and management across hybrid environments to minimize risks and ensure compliance with industry standards.

1. Secure Multi-Cloud
Environments Workshop
Microsoft Defender for Cloud Overview
Author name
Date
Always make sure you have the latest version
of this presentation before you start a new engagement!

2. Securing multicloud environments
Top-of-mind
Develop and operate
secure apps in the cloud
>54%
of enterprises do not
integrate security into
DevOps pipelines.1
Visibility into security
and compliance
86%
of surveyed security decision
makers believe their
cybersecurity strategy doesn’t
keep up with their multicloud
environments.2
Protect against
increasing, sophisticated
attacks
$4.24M
is the average cost
of a breach,
2021.3
1. Microsoft Enterprise DevOps Report
2. Microsoft Cloud Security Priorities and Practices Research
3. Ponemon Institute, Cost of a Breach Report

3. …
Microsoft Defender for Cloud
Unify your DevOps
Security Management
Protect your cloud
workloads
Strengthen and manage your
cloud security posture
DevOps
CWP
CIEM
EASM
Core Value Propositions

4. Amazon Web Services Microsoft Azure Google Cloud Platform On-premises
Microsoft Defender For Cloud
Cloud-native application protection across clouds and on-premises environments
At-scale
governance
& automated
remediation
Integrated insights
across DevOps,
EASM, CIEM, and
workloads
Strengthen and manage
your security posture
Security
compliance
managemen
t
Full visibility with
agentless and
agent-based
scanning
Attack
path-based
prioritization
Detect threats and
protect your workloads
Full-stack
threat protection
Vulnerability
assessment
& management
Automate with the tools
of your choice
Unify your DevOps
security management
DevOps
posture
visibility across
pipelines
Infrastructure
as Code
security
Integrated
workflows & pull
request
annotations
Code to cloud
contextualization

5. How we’re different
Multi-cloud and
hybrid support
Contextual code to
cloud security
Full-lifecycle
protection
Advanced
Threat Protection
Streamlined
auto-provisioning for
new resources
Multicloud security
benchmark for
compliance
Multicloud agentless
vulnerability scanning
Built in with Azure with
no deployment required
and the broadest
protection coverage
Integrated view
across clouds to
manage security posture,
assess risk, and take
required actions
Prioritized
recommendations with
attack path, reducing
noise by up to 99%
Track and manage your
security posture state
over time
Manage security of
cloud-native applications
with a single platform
Minimize vulnerabilities
from making it to
production with
code scanning and
IaC scanning
Reduce time to remediate
with integrated workflows
into developer
environments
Workload-specific signals
and threat alerts
CWPP with dedicated
workload protection
for Azure storage
and databases
Deterministic, AI,
and anomaly-based
detection mechanisms
Leverages the power of
Microsoft Threat
Intelligence with 43
trillion signals daily

6. Make Microsoft Defender for Cloud work for you
Chief Information
Security Officer
Responsibilities
Create an overall security
strategy that creates resilience
against cyber attacks and track
performance over time
Product use cases
• Top level view of the
multicloud security state
• Create dashboards to visualize
progress over time
Security
Admin
Responsibilities
Reduce the attack surface of the
organization’s cloud environments
Product use cases
• Harden the cloud environment
with recommendations
• Set security policies for the
environment, monitor implementation,
track down vulnerabilities
• Manage the multicloud asset inventory
Security
Operations
Responsibilities
Around the clock threat hunting,
investigation of breaches, and
mitigation of incidents
Product use cases
• Leverage workload-specific threat
detections and response mechanisms
to identify attacks, investigate
alerts and incidents, and quickly
mitigate threats

7. Defender for Cloud security dashboard
Centralized posture view
• Your security posture across Azure, AWS,
and GCP in one place
• Asset inventory across your hybrid and
multicloud environment
Focused views
• Easily access deep dive views for security
posture, resource inventory, workload protection,
and more
Top insights front and center
• Understand which recommendations to prioritize
• See your most attacked resources
and take action

8. Strengthen and
manage your
Security Posture with
Microsoft Defender
for Cloud

9. Free foundational CSPM
Secure Score
Strengthen security posture across all critical cloud resources
including network, access, compute, databases, your service
layer, and more
450+ out-of-the-box recommendations
Create custom recommendations to meet
organizational requirements
Compute
App Services
Network
Access SQL server
Evaluated categories
Containers
IoT
Multicloud security benchmark for security compliance
Manage cloud security compliance with continuous assessment
of cloud resources across Amazon Web Services, Microsoft Azure,
and Google Cloud Platform in a single, integrated dashboard
Use industry standards, regulatory compliance frameworks,
and cloud-specific benchmarks to implement best practices
(CIS, PCI, NIST, SOC, ISO HIPAA, etc.)
Create custom recommendations to meet unique
organizational needs

10. Focus on your
biggest risk with
Defender CSPM Full posture visibility across cloud workloads
Agentless and agent-based scanning with zero workload impact | Visibility on software and CVEs | Disc snapshots | EDR
Built-in workflows and automated remediation at-scale
Regulatory compliance | Master group management | Multicloud Microsoft cloud security benchmark
Contextual risk prioritization
Attack path analysis to prioritize risk | Intelligent cloud security graph | Custom path queries on cloud security explorer
Integrated data and insights
Defender for DevOps | Defender EASM | Entra Permissions Management | Hybrid and multi-cloud environments
…
Microsoft Defender for Cloud
Unify your DevOps
Security Management
Protect your cloud
workloads
Strengthen and manage
your cloud security posture
DevOps
CWP
CIEM
EASM

11. New innovations
Microsoft Defender CSPM (public preview)
Agentless scanning
Full visibility and coverage across all cloud resources with zero workload
impact or the need to maintain agents
Attack path analysis and the cloud security graph
Prioritize the most critical risks with prioritized lateral movement paths and
contextual security insights, all built on an intelligent cloud security graph
Integrated governance and automated remediation tools
Manage all implemented tools in a single view and define security rules
at scale across clouds

12. Get comprehensive protection
Market-leading endpoint protection
• Deep OS visibility (processes, communications, etc.)
• Realtime monitoring and detection of attacks
• Active ability to enforce policies, prevent, respond
and remediate attacks
Agentless vulnerability scanning
• At-scale, instantaneous visibility on OS
posture issues
• No performance impact on workloads
• Security team does not depend on
workload owners

13. Prioritize risk with contextual cloud security
New intelligent cloud security graph
• Map out resources across hybrid and
multicloud environments
• View relationships between resources and relevant
risk and business contexts
• Integrated insights from Defender for Cloud,
DevOps, and Defender External Attack
Surface Management
Attack path analysis
• Identify most vulnerable resources along potential
exploitable lateral movement paths
• View relevant CVE data and risk contexts to focus
on remediation
Cloud security explorer
• Proactively search the cloud security graph
with customizable queries to find security risks
in your environment based on your organization’s
key concerns
• Query by specific CVE, internet exposure, exposed
machines, production and business tags, and more

14. Govern at scale and automate remediation
Drive governance at scale across
the organization
• Assign owners and set remediation due dates
• Configure governance rules at scale
for your entire organization
• Automatic email reminders to owners and
manager escalation
Automated remediation
• Continuous assessment
• Integrations with ServiceNow
and Azure Logic Apps

15. Unify DevOps
Security Management

16. DevOps Security Management
DevOps posture visibility
Code | Dependencies | Secrets | Container images | Infrastructure as code security insights
Infrastructure as code security
ARM | Bicep | Terraform | CloudFormation | And more
Code to cloud contextualization
Across multipipeline and multicloud environments
Integrated workflows
Pull request annotations | Developer ownership assignments
…
Microsoft Defender for
Cloud
Unify your DevOps
Security Management
Protect your
cloud workloads
Strengthen and manage
your cloud security
posture
DevOps
CWP
CIEM
EASM

17. GitHub Advanced Security
GitHub Advanced Security for Azure DevOps
Developer first. Community driven.
Secure
Development
Enable
cloud-native
application
protection
Defender for DevOps
Unify multi-pipeline DevOps security
Code security
Dependencies security
Embedded secrets
protection
Developer remediation
Multi-pipeline DevOps
security management
Infrastructure-as-code
security
Code to cloud
contextualization
Automated workflows
Better together

18. New innovations
Microsoft Defender for DevOps (public preview)
Unify visibility into DevOps security posture
Provide security admins with full visibility and management capabilities
across multi-pipeline DevOps environments in a single view
Strengthen cloud resource configurations in code
Enable security of Infrastructure as Code templates and container images
to minimize cloud misconfigurations reaching production environments
Automate with integrated security intelligence
Code to cloud contextual insights to help developers prioritize critical code fixes

19. Unify visibility into DevOps security posture
Automated discovery
• Full DevOps inventory
• Multi-pipeline (GitHub, Azure DevOps)
Continuous assessment
• DevOps environment hardening
• Create a continuum between developers
and SecOps
• DevOps compliance
Security insights
• Single console to manage DevOps security
• Custom workbooks

20. Strengthen cloud resource configurations
in code
Discover infrastructure as
code misconfigurations
• Apply Microsoft Cloud security benchmark
checks to infrastructure as code templates
• Identify security issues to the line of code
for quick fixes
• Empower developers with clear
remediation guidance
Multi-cloud support
• Support ARM, Bicep, Helm, CloudFormation,
and Terraform templates

21. Automate with integrated security intelligence
Code to cloud contextualization
• Enrich cloud security graph with
application code insights
Prioritize critical security
issues in code
• OSS vulnerabilities
• Exposed credentials
Drive remediation in code
• Custom workflows for developer
ownership assignments
• SecOps initiated Pull Request annotations

22. Detect threats
and protect
your workloads

23. Cloud Workload Protection
Compute:
Service layer:
Databases
and storage:
AWS
workloads:
GCP
workloads:
Any server Azure VMSS Azure K8s App Services
Azure DNS Key Vault Network Layer V1 Resource Management
GKE clusters Google Compute
Amazon EKS Amazon EC2
Blob storage File storage Maria DB Cosmos DB Azure SQL MySQL Postgres SQL
On-premises
workloads: Kubernetes SQL Servers Servers
Unmanaged K8s
-
Unmanaged Kubernetes
-
Unmanaged SQL
-
Unmanaged SQL
-
Unmanaged SQL
-
Unmanaged Kubernetes
-
…
Microsoft Defender for
Cloud
Unify your DevOps
Security Management
Protect your
cloud workloads
Strengthen and manage
your cloud security
posture
DevOps
CWP
CIEM
EASM

24. Threat protection for all layers of the cloud and on-
premises
Threat
detection
Prioritized alerts
across compute,
databases, the cloud
service layer, and more
MITRE
ATT&CK®
framework
mapping
Understand the effect
across the adversary’s
attack lifecycle
Leading threat
intelligence
Rely on highly
sophisticated and
resource-specific alerts
based on Microsoft’s
global threat
intelligence
Agentless
vulnerability
assessment &
management
Identify and remediate
vulnerabilities before
they are exploited
Alert
correlation
Prioritize more easily
with connected alerts
that are grouped
into incidents

25. Full-stack coverage with dedicated detections
Service Layer
Network Layer V1 Azure DNS
Key Vault
Resource
Manager
On-premise
On-premise
workloads
Kubernetes
Servers
SQL Servers
GCP
workloads
GKE clusters
Google Compute
Unmanage
d
Kubernetes
Unmanaged SQL
-
-
AWS workloads
Amazon EKS
Amazon EC2
Unmanage
d
Kubernetes
Unmanaged SQL
-
-
Azure Resource Management
Databases and Storage
Blob storage
Azure SQL
File storage
MySQL
Maria DB
Postgres SQL
Azure Cosmos DB
Unmanaged SQL
-
Compute
Any server
Azure VMSS Azure K8s
App
Services
Unmanaged K8s
-

26. Protect your workloads in the cloud
and on-premises
Use detections that are built for
the unique attack vectors of each
resource type, built on the
powerful insights of Microsoft
Threat Intelligence
Reduce your attack surface by
continuously scanning workloads to
identify and manage vulnerabilities
Automatically protect new
workloads as soon as they are
deployed
Integrate with your SIEM for easy
management of incidents

27. Security alerts and incidents
Use prioritized alerts when threats
are detected on your resources
Investigate effectively with smart
alert correlation that combines
different alerts and low fidelity
signals into security incidents
Manage incidents with a central
view of attack campaigns and
related alerts

28. Operationalize
Defender for
Cloud

29. Multicloud and hybrid protection
Automatic onboarding for Azure subscriptions
Use API connectors to onboard AWS and GCP accounts to posture management capabilities
Use the Azure Arc agent to onboard workloads outside of Azure and protect them against threats
Use API connectors for
agentless CSPM
enablement
Deploy the Azure Arc agent to enable
workload protection
Built-in

30. Deploy Microsoft Defender
for Cloud threat protection
to your workloads anywhere
with Azure Arc
Extension installation, e.g. Log Analytics agent
Enforce compliance and simplify audit reporting
Asset organization and inventory with a unified view in
the Azure Portal—Azure Tags
Server owners can view and remediate to meet their
compliance—RBAC in Azure
Single control
plane for any
resource,
anywhere
Azure Arc enables
cloud management and
security protections
Datacenter
& hosted
Multicloud
Azure Arc
Azure Arc
Azure Resource
Manager

31. Respond and automate
Leverage “Quick Fixes” for the fastest way to
implement recommendations
Automate threat alert responses with Azure
Logic Apps and use the apps of your choice
to create intelligent workflows
Connect to Microsoft Sentinel and easily move
between the portals when investigating and
managing incidents
Microsoft Sentinel

32. [Action required] Implement active recommendations assigned to you
in Microsoft Defender for Cloud
You’re assigned as the owner of several active Microsoft Defender for Cloud security
recommendations in subscription ‘Demo subscription’.
Implement these recommendations to enhance the security posture of your
workloads.
Here is the list of Microsoft Defender for Cloud recommendations that require your
attention:
Recommendation name number of affected
resources
MFA should be enabled on accounts with owner
permissions on your subscription
10 (6 overdue)
Vulnerabilities in your virtual machines should be
remediated
8 (8 overdue)
Management ports of virtual machines should be
protected with just-in-time network access control
6
Review recommendations >
Required action
To harden your workloads based on identified security misconfigurations and
weaknesses, select Review recommendations and implement the security
recommendations in Microsoft Defender for Cloud.

33. Q&A

34. Thank you!

35. Appendix

36. Multicloud security benchmark for compliance
assessment and management
Assess and manage your compliance status
with a continuous assessment of your cloud
resources across AWS, Azure, and GCP in a
single, integrated dashboard
Use industry standards, regulatory
compliance frameworks, and vendor
provided cloud-specific benchmarks
to implement security and compliance
best practices
Create custom recommendations to meet
unique organizational needs
Support for:
CIS
PCI
NIST
SOC
ISO
HIPAA
Local/National compliance standards
Azure Security Benchmark
AWS Foundational Security
best practices

37. Identify sensitive data in cloud resources
Integrated with Microsoft Purview
Extend visibility from cloud
infrastructure resources into
the data layer
Leverage an entirely new way to
prioritize security policies and the
investigation of alerts
Filter recommendations and
resources by data sensitivity
Easily view the number of assets that
contain sensitive information across
your environment