Microsoft Defender for Cloud Cookbook

Microsoft Defender for Cloud Cookbook

by Sasha Kranjac
Released July 2022
Publisher(s): Packt Publishing
ISBN: 9781801076135

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Effectively secure their cloud and hybrid infrastructure, how to centrally manage security, and improve organizational security posture

Key Features

  • Implement and optimize security posture in Azure, hybrid, and multi-cloud environments
  • Understand Microsoft Defender for Cloud and its features
  • Protect workloads using Microsoft Defender for Cloud's threat detection and prevention capabilities

Book Description

Microsoft Defender for Cloud is a multi-cloud and hybrid cloud security posture management solution that enables security administrators to build cyber defense for their Azure and non-Azure resources by providing both recommendations and security protection capabilities.

This book will start with a foundational overview of Microsoft Defender for Cloud and its core capabilities. Then, the reader is taken on a journey from enabling the service, selecting the correct tier, and configuring the data collection, to working on remediation. Next, we will continue with hands-on guidance on how to implement several security features of Microsoft Defender for Cloud, finishing with monitoring and maintenance-related topics, gaining visibility in advanced threat protection in distributed infrastructure and preventing security failures through automation.

By the end of this book, you will know how to get a view of your security posture and where to optimize security protection in your environment as well as the ins and outs of Microsoft Defender for Cloud.

What you will learn

  • Understand Microsoft Defender for Cloud features and capabilities
  • Understand the fundamentals of building a cloud security posture and defending your cloud and on-premises resources
  • Implement and optimize security in Azure, multi-cloud and hybrid environments through the single pane of glass - Microsoft Defender for Cloud
  • Harden your security posture, identify, track and remediate vulnerabilities
  • Improve and harden your security and services security posture with Microsoft Defender for Cloud benchmarks and best practices
  • Detect and fix threats to services and resources

Who this book is for

This book is for Security engineers, systems administrators, security professionals, IT professionals, system architects, and developers. Anyone whose responsibilities include maintaining security posture, identifying, and remediating vulnerabilities, and securing cloud and hybrid infrastructure. Anyone who is willing to learn about security in Azure and to build secure Azure and hybrid infrastructure, to improve their security posture in Azure, hybrid and multi-cloud environments by leveraging all the features within Microsoft Defender for Cloud.

Table of contents

  1. Microsoft Defender for Cloud Cookbook
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Reviews
    8. Share Your Thoughts
  6. Chapter 1: Getting Started with Microsoft Defender for Cloud
    1. Technical requirements
    2. Enabling Microsoft Defender for Cloud Plans on Azure Subscriptions and Log Analytics Workspaces
      1. Getting ready
      2. How to do it…
      3. How it works…
    3. Enabling an Microsoft Defender for Cloud Plans on an Azure Subscription
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    4. Enabling an Microsoft Defender for Cloud Plans on a Log Analytics Workspace
      1. Getting ready
      2. How to do it…
      3. How it works…
    5. Enabling an Microsoft Defender for Cloud Plans on multiple Azure Subscriptions and Log Analytics Workspaces
      1. Getting ready
      2. How to do it…
      3. How it works…
    6. Configuring data collection in a Log Analytics Workspace
      1. Getting ready
      2. How to do it…
      3. How it works…
    7. Configuring provisioning extensions automatically
      1. Getting ready
      2. How to do it…
      3. How it works…
    8. Enabling a Log Analytics agent for Azure VMs manually in the Log Analytics Workspace settings
      1. Getting ready
      2. How to do it…
      3. How it works…
    9. Enabling a Log Analytics agent for Azure VMs manually in the Virtual Machine settings
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    10. Configuring a Log Analytics agent for Azure VMs extension deployment
      1. Getting ready
      2. How to do it…
      3. How it works…
    11. Configuring email notifications
      1. Getting ready
      2. How to do it…
      3. How it works…
    12. Assigning Microsoft Defender for Cloud permissions
      1. Getting ready
      2. How to do it…
      3. How it works…
    13. Onboarding Microsoft Defender for Cloud using PowerShell
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    14. Enabling Microsoft Defender for Cloud integration with other Microsoft security services
      1. Getting ready
      2. How to do it…
      3. How it works…
  7. Chapter 2: Multi-Cloud Connectivity
    1. Technical requirements
    2. Connecting non-Azure virtual machines using Azure Arc
      1. Getting ready
      2. How to do it…
      3. How it works…
    3. Connecting non-Azure virtual machines using Microsoft Defender for Cloud portal pages
      1. Getting ready
      2. How to do it…
      3. How it works…
    4. Setting up Amazon Web Services Config and Amazon Web Services Security Hub
      1. Getting ready
      2. How to do it…
      3. How it works…
    5. Creating an Identity and Access Management AWS role for Microsoft Defender for Cloud
      1. Getting ready
      2. How to do it…
      3. How it works…
    6. Connecting Amazon Web Services to Microsoft Defender for Cloud
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    7. Configuring GCP Security Command Center and enabling GCP Security Command Center API
      1. Getting ready
      2. How to do it…
      3. How it works…
    8. Creating a GCP service account and connecting GCP to Microsoft Defender for Cloud
      1. Getting ready
      2. How to do it…
      3. How it works…
  8. Chapter 3: Workflow Automation and Continuous Export
    1. Technical requirements
    2. Creating logic apps for use in Microsoft Defender for Cloud
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    3. Automating threat detection alert responses
      1. Getting ready
      2. How to do it…
      3. How it works…
    4. Automating Microsoft Defender for Cloud recommendation responses
      1. Getting ready
      2. How to do it…
      3. How it works…
    5. Automating regulatory compliance standards responses
      1. Getting ready
      2. How to do it…
      3. How it works…
    6. Configuring continuous export to Event Hub
      1. Getting ready
      2. How to do it…
      3. How it works…
    7. Configuring continuous export to a Log Analytics workspace
      1. Getting ready
      2. How to do it…
      3. How it works…
  9. Chapter 4: Secure Score and Recommendations
    1. Technical requirements
    2. Understanding, filtering, and sorting recommendations
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Downloading a recommendation report
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Creating a recommendation exemption rule
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Creating a recommendation enforcement rule
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    6. Preventing creating resources using a Deny rule
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    7. Disabling a recommendation
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Fixing recommendations on affected resources
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Managing a recommendation query in Azure Resource Graph Explorer
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Getting a secure score using Azure Resource Graph
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
  10. Chapter 5: Security Alerts
    1. Technical requirements
    2. Filtering, grouping, and exporting security alerts
      1. Getting ready
      2. How to do it
      3. How it works
      4. There's more
    3. Responding to security alerts using automated responses
      1. Getting ready
      2. How to do it
      3. How it works
    4. Creating suppression rules
      1. Getting ready
      2. How to do it
      3. How it works
      4. There's more
    5. Organizing security alerts and changing a security alert status
      1. Getting ready
      2. How to do it
      3. How it works
  11. Chapter 6: Regulatory Compliance and Security Policy
    1. Technical requirements
    2. Managing Microsoft Defender for Cloud's default security policy
      1. Getting ready
      2. How to do it…
      3. How it works…
    3. Adding a custom security initiative and policy
      1. Getting ready
      2. How to do it…
      3. How it works…
    4. Adding a regulatory compliance standard
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. See also
    5. Improving regulatory compliance, exempting, and denying a compliance control
      1. Getting ready
      2. How to do it…
      3. How it works…
    6. Accessing and downloading compliance reports
      1. Getting ready
      2. How to do it…
      3. How it works…
  12. Chapter 7: Microsoft Defender for Cloud Workload Protection
    1. Technical requirements
    2. Enabling a vulnerability assessment solution
      1. Getting ready
      2. How to do it…
      3. How it works…
    3. Enabling and configuring JIT access on a virtual machine
      1. Getting ready
      2. How to do it…
      3. How it works…
    4. Requesting access to a JIT-enabled virtual machine
      1. Getting ready
      2. How to do it…
      3. How it works…
    5. Configuring the adaptive application control group
      1. Getting ready
      2. How to do it…
      3. How it works…
    6. Managing adaptive network hardening
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    7. Remediating vulnerabilities in Azure Container Registry images
      1. Getting ready
      2. How to do it…
      3. How it works…
    8. Managing a SQL vulnerability assessment
      1. Getting ready
      2. How to do it…
      3. How it works…
    9. Managing file integrity monitoring
      1. Getting ready
      2. How to do it…
      3. How it works…
  13. Chapter 8: Firewall Manager
    1. Technical requirements
    2. Creating an Azure firewall
      1. Getting ready
      2. How to do it…
      3. How it works…
    3. Creating an Azure firewall using PowerShell
      1. Getting ready
      2. How to do it…
      3. How it works…
    4. Creating an Azure firewall policy
      1. Getting ready
      2. How to do it…
      3. How it works…
    5. Creating an Azure firewall policy using PowerShell
      1. Getting ready
      2. How to do it…
      3. How it works…
  14. Chapter 9: Information Protection
    1. Creating and managing sensitivity labels
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    2. Creating and managing information types and managing information protection policy
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
  15. Chapter 10: Workbooks
    1. Technical requirements
    2. Creating a workbook from an existing template
      1. Getting ready
      2. How to do it…
      3. How it works…
    3. Creating a workbook from an empty workbook
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    4. Managing workbooks and workbook templates
      1. Getting ready
      2. How to do it…
      3. How it works…
    5. Why subscribe?
  16. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Microsoft Defender for Cloud Cookbook
  • Author(s): Sasha Kranjac
  • Release date: July 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801076135