Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Cloud is a Cloud Native Application Protection Platform (CNAPP), which is a unified solution that combines multiple cloud security tools to protect applications across their entire lifecycle. The solution provides a comprehensive view of your security posture across your cloud and on-premises resources. It also helps you secure multicloud and hybrid environments and integrates security into DevOps workflows. There are three core components:
Development Security Operations (DevSecOps) manages code-level security across multicloud and multi-pipeline environments.
Cloud Security Posture Management (CSPM) checks and improves the security posture of cloud resources.
Cloud Workload Protection Platform (CWPP) defends workloads such as virtual machines (VMs), containers, storage, databases, and serverless functions from threats.
Defender for Cloud uses its broader Cloud Native Application Protection Platform (CNAPP) capabilities to unify protections into one experience. Defender for Cloud embeds security early in the development lifecycle. It helps DevOps teams find misconfigurations, apply policies, and fix risks early.
Note
For pricing information, check out the Defender for Cloud pricing page. You can also estimate costs with the Defender for Cloud cost calculator.
Cloud Native Application Protection Platform (CNAPP)
After the Defender for Cloud solution is enabled on your Azure subscription, the system collects security data from your multicloud and DevOps environments. Defender for Cloud uses the data to give insights, recommendations, and actions that help you protect your cloud workloads and resources. You can enable extra plans to get more advanced security features, such as Defender Cloud Security Posture Management (CSPM), Defender for Databases, and Defender for Containers.
Defender for Cloud's available plans and their CNAPP benefits include:
| Defender for Cloud plan | CNAPP benefits | Relevant links |
|---|---|---|
| Defender CSPM / Foundational CSPM | Provides advanced security posture capabilities including agentless vulnerability scanning, data-aware security posture, the cloud security graph, and advanced threat hunting. | Check out the differences between the CSPM plans. Enable the Defender CSPM plan. |
| Defender for Servers | Provides threat detection and advanced defenses for Windows and Linux machines that run in Azure, AWS, GCP, and on-premises environments. | Plan your Defender for Servers deployment Check out the differences between the Defender for Servers plans Deploy Defender for Servers |
| Defender for Containers | Provides environment hardening, vulnerability assessment, run time protection of Kubernetes nodes and clusters. | Overview of Container security in Microsoft Defender for Containers Defender for Containers architecture Protect your Azure, IaaS, AWS, and GCP containers with Defender for Containers |
| Defender for Resource Manager | Detects unusual and potentially harmful activity by automatically monitoring the resource management operations. | Overview of Microsoft Defender for Resource Manager Protect your resources with Defender for Resource Manager |
| Defender for Storage | Protects against malware, storage specific threats, sensitive data leakage, and Shared Access Signature (SAS) token misuse. | Overview of Microsoft Defender for Storage Malware scanning Detect threats to sensitive data Deploy Microsoft Defender for Storage |
| Defender for App Service | Identifies attacks that target applications running over App Service. | Overview of Defender for App Service to protect your Azure App Service web apps and APIs Protect your applications with Defender for App Service |
| Defender for Databases | Protects your entire database estate with attack detection and threat response for the various database types in Azure. | Overview of Microsoft Defender for Azure SQL Protect your databases with Defender for Databases What is Microsoft Defender for open-source relational databases Overview of Microsoft Defender for Azure Cosmos DB |
| Defender for Key Vault | Detects unusual and potentially harmful attempts to access or exploit Key Vault accounts. | Overview of Microsoft Defender for Key Vault Protect your key vaults with Defender for Key Vault |
| Defender for APIs | Provides visibility into business critical APIs, improves API security posture, prioritization of vulnerability fixes, and quickly detect active real-time threats. | About Microsoft Defender for APIs Protect your APIs with Defender for APIs |
You can also check out the E-book "From plan to deployment: Implementing a Cloud Native Application Protection Platform (CNAPP) strategy", to learn more about implementing CNAPP in Defender for Cloud.
Development security operations (DevSecOps)
Defender for Cloud adds security to the start of development. It lets you secure code pipelines and environments, and monitor your security posture from one place. Defender for Cloud enables security teams to manage DevOps security across multi-pipeline environments.
Applications require security awareness at the code, infrastructure, and runtime levels to ensure that deployed applications are hardened against attacks.
| Capability | What problem does it solve? | Get started | Defender plan |
|---|---|---|---|
| Code pipeline insights | Empowers security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, including GitHub, Azure DevOps, and GitLab. DevOps security findings, such as Infrastructure as Code (IaC) misconfigurations and exposed secrets, can then be correlated with other contextual cloud security insights to prioritize remediation in code. | Connect Azure DevOps, GitHub, and GitLab repositories to Defender for Cloud | Foundational CSPM (Free) and Defender CSPM |
Cloud security posture management (CSPM)
The security of your cloud and on-premises resources relies on proper configuration and deployment. Defenders for Cloud recommendations identify steps to secure your environment.
Defender for Cloud includes free Foundational CSPM capabilities. Enable advanced CSPM capabilities with the Defender CSPM plan.
| Capability | What problem does it solve? | Get started | Defender plan |
|---|---|---|---|
| Centralized policy management | Define the security conditions that you want to maintain across your environment. The policy translates to recommendations that identify resource configurations that violate your security policy. The Microsoft cloud security benchmark is a built-in standard that applies security principles with detailed technical implementation guidance for Azure and other cloud providers (such as Amazon Web Services (AWS) and Google Cloud Platform (GCP). | Customize a security policy | Foundational CSPM (Free) |
| Secure score | Summarize your security posture based on the security recommendations. As you remediate recommendations, your secure score improves. | Track your secure score | Foundational CSPM (Free) |
| Multicloud coverage | Connect to your multicloud environments with agentless methods for CSPM insight and CWPP protection. | Connect your Amazon AWS and Google GCP cloud resources to Defender for Cloud | Foundational CSPM (Free) |
| Cloud Security Posture Management (CSPM) | Use the dashboard to see weaknesses in your security posture. | Enable CSPM tools | Foundational CSPM (Free) |
| Advanced Cloud Security Posture Management | Get advanced tools to identify weaknesses in your security posture, including: - Governance to drive actions to improve your security posture - Regulatory compliance to verify compliance with security standards - Cloud security explorer to build a comprehensive view of your environment |
Enable CSPM tools | Defender CSPM |
| Data Security Posture Management | Data security posture management automatically discovers datastores containing sensitive data, and helps reduce risk of data breaches. | Enable data security posture management | Defender CSPM or Defender for Storage |
| Attack path analysis | Model traffic on your network to identify potential risks before you implement changes to your environment. | Build queries to analyze paths | Defender CSPM |
| Cloud Security Explorer | A map of your cloud environment that lets you build queries to find security risks. | Build queries to find security risks | Defender CSPM |
| Security governance | Drive security improvements through your organization by assigning tasks to resource owners and tracking progress in aligning your security state with your security policy. | Define governance rules | Defender CSPM |
| Microsoft Entra Permissions Management | Provide comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS, and GCP. | Review your Permission Creep Index (PCI) | Defender CSPM |
Cloud workload protection platform (CWPP)
Proactive security principles require implementing security practices to protect your workloads from threats. Cloud workload protection platforms (CWPP) provide workload-specific recommendations to guide you to the right security controls to protect your workloads.
When your environment is threatened, security alerts immediately indicate the nature and severity of the threat so you can plan your response. After identifying a threat in your environment, respond quickly to limit the risk to your resources.
| Capability | What problem does it solve? | Get started | Defender plan |
|---|---|---|---|
| Protect cloud servers | Provide server protections through Microsoft Defender for Endpoint or extended protection with just-in-time network access, file integrity monitoring, vulnerability assessment, and more. | Secure your multicloud and on-premises servers | Defender for Servers |
| Identify threats to your storage resources | Detect unusual and potentially harmful attempts to access or exploit your storage accounts using advanced threat detection capabilities and Microsoft Threat Intelligence data to provide contextual security alerts. | Protect your cloud storage resources | Defender for Storage |
| Protect cloud databases | Protect your entire database estate with attack detection and threat response for the most popular database types in Azure to protect the database engines and data types, according to their attack surface and security risks. | Deploy specialized protections for cloud and on-premises databases | - Defender for Azure SQL Databases - Defender for SQL servers on machines - Defender for Open-source relational databases - Defender for Azure Cosmos DB |
| Protect containers | Secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications with environment hardening, vulnerability assessments, and run-time protection. | Find security risks in your containers | Defender for Containers |
| Infrastructure service insights | Diagnose weaknesses in your application infrastructure that can leave your environment susceptible to attack. | - Identify attacks targeting applications running over App Service - Detect attempts to exploit Key Vault accounts - Get alerted on suspicious Resource Manager operations - Expose anomalous Domain Name System (DNS) activities |
- Defender for App Service - Defender for Key Vault - Defender for Resource Manager - Defender for DNS |
| Security alerts | Get informed of real-time events that threaten the security of your environment. Alerts are categorized and assigned severity levels to indicate proper responses. | Manage security alerts | Any workload protection Defender plan |
| Security incidents | Identify attack patterns by correlating alerts and integrate with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and IT classic deployment model solutions to respond to threats and reduce risk to your resources. | Export alerts to SIEM, SOAR, or ITSM systems | Any workload protection Defender plan |
Important
- As of August 1, 2023, customers with an existing subscription to Defender for DNS can continue to use the service as a standalone plan.
- For new subscriptions, alerts about suspicious DNS activity are included as part of Defender for Servers Plan 2 (P2).
- There's no change to the protection scope: Defender for DNS continues to protect all Azure resources connected to Azure's default DNS resolvers. The change affects how DNS protection is billed and bundled, not what resources are covered.
Learn More
For more information about Defender for Cloud and how it works, see:
- A step-by-step walkthrough of Defender for Cloud
- An interview about Defender for Cloud with an expert in cybersecurity in Lessons Learned from the Field
- Microsoft Defender for Cloud - Use cases
- Microsoft Defender for Cloud PoC Series - Microsoft Defender for Containers
- Learn how Microsoft Defender for Cloud provides data security