Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that includes security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud includes:
- A cloud security posture management (CSPM) solution that identifies actions to prevent breaches
- A cloud workload protection platform (CWPP) with protections for servers, containers, storage, databases, and other workloads
Note
For Defender for Cloud pricing information, see the pricing page.
The Microsoft 365 Defender portal helps security teams investigate attacks on cloud resources, devices, and identities. Microsoft 365 Defender provides an overview of attacks, including suspicious and malicious events in cloud environments. Microsoft 365 Defender achieves this by correlating all alerts and incidents, including cloud alerts and incidents.
Learn more about the integration between Microsoft Defender for Cloud and Microsoft Defender XDR.
The security of your cloud and on-premises resources relies on proper configuration and deployment. Defenders for Cloud recommendations identify steps to secure your environment.
Defender for Cloud includes free Foundational CSPM capabilities. Enable advanced CSPM capabilities with the Defender CSPM plan.
| Capability | What problem does it solve? | Get started | Defender plan |
|---|---|---|---|
| Centralized policy management | Define the security conditions that you want to maintain across your environment. The policy translates to recommendations that identify resource configurations that violate your security policy. The Azure cloud security benchmark is a built-in standard that applies security principles with detailed technical implementation guidance for Azure . | Customize a security policy | Foundational CSPM (Free) |
| Secure score | Summarize your security posture based on the security recommendations. As you remediate recommendations, your secure score improves. | Track your secure score | Foundational CSPM (Free) |
| Cloud Security Posture Management (CSPM) | Use the dashboard to see weaknesses in your security posture. | Enable CSPM tools | Foundational CSPM (Free) |
| Advanced Cloud Security Posture Management | Get advanced tools to identify weaknesses in your security posture, including: - Governance to drive actions to improve your security posture - Regulatory compliance to verify compliance with security standards - Cloud security explorer to build a comprehensive view of your environment |
Enable CSPM tools | Defender CSPM |
Proactive security principles require implementing security practices to protect your workloads from threats. Cloud workload protections (CWP) provide workload-specific recommendations to guide you to the right security controls to protect your workloads.
When your environment is threatened, security alerts immediately indicate the nature and severity of the threat so you can plan your response. After identifying a threat in your environment, respond quickly to limit the risk to your resources.
| Capability | What problem does it solve? | Get started | Defender plan |
|---|---|---|---|
| Protect cloud servers | Provide server protections through extended protection with just-in-time network access, file integrity monitoring, vulnerability assessment, and more. | Secure your on-premises servers | Defender for Servers |
| Protect cloud databases | Protect your entire database estate with attack detection and threat response for the most popular database types in Azure to protect the database engines and data types, according to their attack surface and security risks. | Deploy specialized protections for cloud and on-premises databases | - Defender for Azure SQL Databases - Defender for SQL servers on machines - Defender for Open-source relational databases - Defender for Azure Cosmos DB |
| Protect containers | Secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications with environment hardening, vulnerability assessments, and run-time protection. | Find security risks in your containers | Defender for Containers |
| Infrastructure service insights | Diagnose weaknesses in your application infrastructure that can leave your environment susceptible to attack. | - Identify attacks targeting applications running over App Service - Get alerted on suspicious Resource Manager operations - Expose anomalous Domain Name System (DNS) activities |
- Defender for App Service - Defender for Key Vault - Defender for Resource Manager - Defender for DNS |
| Security alerts | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | Manage security alerts | Any workload protection Defender plan |
| Security incidents | Identify attack patterns by correlating alerts and integrate with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and IT classic deployment model solutions to respond to threats and reduce risk to your resources. | Export alerts to SIEM, SOAR, or ITSM systems | Any workload protection Defender plan |
Important
As of August 1 2023, customers with an existing subscription to Defender for DNS can continue to use the service, but new subscribers will receive alerts about suspicious DNS activity as part of Defender for Servers P2.
For more information about Defender for Cloud and how it works, see: