Chapter 3: Workflow Automation and Continuous Export

Book Overview & Buying
Table Of Contents

Microsoft Defender for Cloud Cookbook

By : Sasha Kranjac

5 (4)

Buy this Book

Microsoft Defender for Cloud Cookbook

5 (4)

By: Sasha Kranjac

Buy this Book

Overview of this book

Microsoft Defender for Cloud is a multi-cloud and hybrid cloud security posture management solution that enables security administrators to build cyber defense for their Azure and non-Azure resources by providing both recommendations and security protection capabilities. This book will start with a foundational overview of Microsoft Defender for Cloud and its core capabilities. Then, the reader is taken on a journey from enabling the service, selecting the correct tier, and configuring the data collection, to working on remediation. Next, we will continue with hands-on guidance on how to implement several security features of Microsoft Defender for Cloud, finishing with monitoring and maintenance-related topics, gaining visibility in advanced threat protection in distributed infrastructure and preventing security failures through automation. By the end of this book, you will know how to get a view of your security posture and where to optimize security protection in your environment as well as the ins and outs of Microsoft Defender for Cloud.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Share Your Thoughts

Chapter 1: Getting Started with Microsoft Defender for Cloud

Technical requirements

Enabling Microsoft Defender for Cloud Plans on Azure Subscriptions and Log Analytics Workspaces

Enabling an Microsoft Defender for Cloud Plans on an Azure Subscription

Enabling an Microsoft Defender for Cloud Plans on a Log Analytics Workspace

Enabling an Microsoft Defender for Cloud Plans on multiple Azure Subscriptions and Log Analytics Workspaces

Configuring data collection in a Log Analytics Workspace

Configuring provisioning extensions automatically

Enabling a Log Analytics agent for Azure VMs manually in the Log Analytics Workspace settings

Enabling a Log Analytics agent for Azure VMs manually in the Virtual Machine settings

Configuring a Log Analytics agent for Azure VMs extension deployment

Configuring email notifications

Assigning Microsoft Defender for Cloud permissions

Onboarding Microsoft Defender for Cloud using PowerShell

Enabling Microsoft Defender for Cloud integration with other Microsoft security services

Free Chapter

Chapter 2: Multi-Cloud Connectivity

Technical requirements

Connecting non-Azure virtual machines using Azure Arc

Connecting non-Azure virtual machines using Microsoft Defender for Cloud portal pages

Setting up Amazon Web Services Config and Amazon Web Services Security Hub

Creating an Identity and Access Management AWS role for Microsoft Defender for Cloud

Connecting Amazon Web Services to Microsoft Defender for Cloud

Configuring GCP Security Command Center and enabling GCP Security Command Center API

Creating a GCP service account and connecting GCP to Microsoft Defender for Cloud

Chapter 3: Workflow Automation and Continuous Export

Technical requirements

Creating logic apps for use in Microsoft Defender for Cloud

Automating threat detection alert responses

Automating Microsoft Defender for Cloud recommendation responses

Automating regulatory compliance standards responses

Configuring continuous export to Event Hub

Configuring continuous export to a Log Analytics workspace

Chapter 4: Secure Score and Recommendations

Technical requirements

Understanding, filtering, and sorting recommendations

Downloading a recommendation report

Creating a recommendation exemption rule

Creating a recommendation enforcement rule

Preventing creating resources using a Deny rule

Disabling a recommendation

Fixing recommendations on affected resources

Managing a recommendation query in Azure Resource Graph Explorer

Getting a secure score using Azure Resource Graph

Chapter 5: Security Alerts

Technical requirements

Filtering, grouping, and exporting security alerts

Responding to security alerts using automated responses

Creating suppression rules

Organizing security alerts and changing a security alert status

Chapter 6: Regulatory Compliance and Security Policy

Technical requirements

Managing Microsoft Defender for Cloud's default security policy

Adding a custom security initiative and policy

Adding a regulatory compliance standard

Improving regulatory compliance, exempting, and denying a compliance control

Accessing and downloading compliance reports

Chapter 7: Microsoft Defender for Cloud Workload Protection

Technical requirements

Enabling a vulnerability assessment solution

Enabling and configuring JIT access on a virtual machine

Requesting access to a JIT-enabled virtual machine

Configuring the adaptive application control group

Managing adaptive network hardening

Remediating vulnerabilities in Azure Container Registry images

Managing a SQL vulnerability assessment

Managing file integrity monitoring

Chapter 8: Firewall Manager

Technical requirements

Creating an Azure firewall

Creating an Azure firewall using PowerShell

Creating an Azure firewall policy

Creating an Azure firewall policy using PowerShell

Chapter 9: Information Protection

Creating and managing sensitivity labels

Creating and managing information types and managing information protection policy

Chapter 10: Workbooks

Technical requirements

Creating a workbook from an existing template

Creating a workbook from an empty workbook

Managing workbooks and workbook templates

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Microsoft Defender for Cloud Cookbook

By : Sasha Kranjac

Microsoft Defender for Cloud Cookbook

By: Sasha Kranjac

Overview of this book

Confirmation

Buy this book with your credits?

Submit Your Feedback

Create a Free Account To Continue Reading

Sign in to activate your 7-day free access