Contents

1. Acknowledgments

2. About the authors

3. Foreword

4. Introduction

5. Chapter 1 The threat landscape

   1. The state of cybercrime

   2. Understanding the cyberkill chain

   3. Using the MITRE ATT&CK Framework to protect and detect

   4. Common threats

   5. Improving security posture

   6. Adopting an assume-breach mentality

   7. Cloud threats and security

   8. Compliance

   9. Risk management

   10. Identity and access management

   11. Operational security

   12. Endpoint protection

   13. Data protection

   14. Azure security

   15. VM protection

   16. Network protection

   17. Storage protection

   18. Identity

   19. Logging

   20. Container security

6. Chapter 2 Planning Microsoft Defender for Cloud adoption

   1. Deployment scenarios

   2. Understanding Defender for Cloud

   3. Defender for Cloud architecture

   4. Defender for Cloud dashboard

   5. Planning adoption

   6. Considerations for CSPM

   7. Considerations for CWPP

   8. Considerations for multi-cloud

   9. Considerations for vulnerability assessment

   10. Considerations for EDR

   11. Considerations for multi-tenant

7. Chapter 3 Onboarding Microsoft Defender for Cloud

   1. Planning your Azure environment for Defender for Cloud

   2. Designing your environment

   3. Onboarding VMs from an Azure subscription

   4. Understanding auto-provisioning

   5. Auto provision the Log Analytics agent for Azure VMs

   6. Deploy the Log Analytics agent to Azure Arc machines

   7. Auto-provisioning of vulnerability assessment solutions

   8. Auto-deployment of guest configuration agent

   9. Deploy Microsoft Defender for Containers components

   10. Connecting to Amazon Web Services (AWS)

   11. Onboard AWS VMs

   12. How to onboard subscriptions at scale

   13. Registering the Microsoft.Security resource provider

   14. Assign the Azure security Benchmark

   15. Configure auto-provisioning at scale

8. Chapter 4 Policy management

   1. Introduction to Azure Policy

   2. Policy exemptions

   3. Understanding Azure Security Benchmark

   4. Fine-tuning policies in Defender for Cloud

   5. Creating custom policies in Microsoft Defender for Cloud

   6. Policy enforcement and governance

   7. How to overcome reactive security management

   8. Prevent security misconfigurations with Defender for Cloud

   9. Large-scale provisioning with Azure Blueprints

   10. Policy deployment and best practices

   11. Regulatory standards and compliance

   12. Regulatory compliance in Microsoft Defender for Cloud

   13. Customize your regulatory compliance experience

   14. Build your own compliance initiative

   15. Creating custom assessments for AWS and GCP

9. Chapter 5 Strengthening your security posture

   1. Driving security posture improvement using Secure Score

   2. Fine-tuning your Secure Score

   3. Using APIs and Continuous Export to create reports

   4. Get Secure Score data

   5. Secure Score over time report

   6. Notify on Secure Score downgrade

   7. Remediating recommendations

   8. Enable multi-factor authentication (MFA)

   9. Recommendations and controls focused on compute

   10. Networking

   11. Data and storage

   12. Using workflow automation to remediate security recommendations

   13. Resource exemptions and automation

   14. Security governance and contextual security

   15. Using security governance to create responsibility

   16. Using Attack Paths to focus on the right resources

   17. Build your own views with Cloud Security Map

10. Chapter 6 Threat detection

    1. Methods of threat protection

    2. Understanding alerts

    3. Accessing security alerts

    4. Alert suppression

    5. Alerts in Azure Resource Graph (ARG)

    6. Defender for Servers

    7. Windows

    8. Linux

    9. Defender for Containers

    10. Vulnerability Assessment

    11. Threat detection

    12. Defender for App Service

    13. Defender for Storage

    14. Considerations before enabling Defender for Storage

    15. Defender for SQL

    16. Vulnerability Assessment for SQL

    17. Defender for Cosmos DB

    18. Defender for Open-Source Relational Databases

    19. Defender for Key Vault

    20. Defender for Resource Manager

    21. Defender for DNS

    22. The cyberkill chain and fusion alerts

    23. Threat intelligence in Defender for Cloud

    24. Responding to alerts

    25. Contact

    26. Mitigation

    27. Impact

    28. Take action

11. Chapter 7 Better together

    1. Defender for Cloud and Microsoft Sentinel

    2. Integration with Microsoft Sentinel

    3. Accessing alerts in Microsoft Sentinel

    4. Defender for Cloud and Microsoft Purview

    5. Defender for Cloud and Microsoft Defender for Endpoint

12. Chapter 8 Enhanced security capabilities

    1. Just-in-time virtual machine access

    2. Recommendation to enable JIT

    3. JIT dashboard

    4. Requesting access

    5. File integrity monitoring

    6. Customizing your settings

    7. Visualizing changes

    8. Adaptive Application Control

    9. Configuring Adaptive Application Control

13. Chapter 9 Accessing Defender for Cloud from APIs

    1. Understanding REST API

    2. Accessing alerts using the Defender for Cloud REST API

    3. Accessing alerts using the Graph Security API

    4. Using the Graph Security API

14. Chapter 10 Deploying Microsoft Defender for Cloud at scale

    1. The three cornerstones of deployment at scale

    2. Defender for Cloud, Azure Policy, and Management Groups—better together

    3. Best practices for managing Defender for Cloud at scale

    4. How to get started with ARM templates

    5. Export templates from the Azure portal

    6. Use Visual Studio Code to create ARM templates

15. Appendix Microsoft Defender for DevOps

    1. Shift left

    2. Understanding Defender for DevOps

    3. Connect your source code management system to Defender for Cloud

    4. Configure pull request annotations

    5. Discover security issues when developers commit code

    6. Discover security issues in Infrastructure as Code (IaC)

    7. Discover security issues during development

16. Index