7 Security monitoring for Azure resources: Microsoft Defender for Cloud plans

 

This chapter covers

  • Cloud workload protection
  • Microsoft Defender for Cloud plans
  • Security alerts
  • Workflow automation
  • Exporting data
  • Workbooks

As you learned in chapter 6, having good security hygiene by practicing and applying security best practices can help you avoid breaches and keep your Azure resources secured and protected. It’s important to adhere to compliance control frameworks and fix security problems found in recommendations, but there is more to it than that. After security problems have been solved, it’s equally important to monitor your Azure environment for potentially suspicious activities and signs of compromise. With the amount of Azure resources being deployed in your environment increasing both in numbers and resource types, it can be challenging to employ the right security monitoring capabilities for the right resource type. As you can imagine, monitoring virtual machines (VMs) differs from monitoring containerized applications (such as Kubernetes).

Note

To follow along with the exercises in this chapter, you can use the GitHub repository (https://github.com/bmagusic/azure-security).

7.1 Cloud workload protection

7.2 Microsoft Defender for Cloud plans

7.2.1 Microsoft Defender for Servers

7.2.2 Microsoft Defender for Containers

7.2.3 Microsoft Defender for App Service

7.2.4 Microsoft Defender for Storage

7.2.5 Microsoft Defender for Databases

7.2.6 Microsoft Defender for Key Vault

7.2.7 Microsoft Defender for Resource Manager

7.2.8 Microsoft Defender for DNS

7.2.9 Email notifications

7.3 Security alerts

7.3.1 Security alerts in action