Two professionals using Microsoft Cloud Defender.
Image: Microsoft

Cloud security has become a must for every organization. All top cloud vendors offer built-in security solutions which tend to be very effective and advanced. Defender for Cloud is Microsoft’s solution.

Microsoft Defender for Cloud is both a cloud security posture management solution and a cloud workload protection platform. It works on all your Microsoft Azure cloud assets. Additionally, Defender for Cloud will work on-premises and on multi-cloud environments, including AWS or Google Cloud.

SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)

Microsoft offers a free version of Defender with basic security features. It can be easily enabled in your Azure portal and by default provides three main core functions: secure score, security policy and basic recommendations, and network security assessment.

The enhanced paid version of Defender for Cloud adds impressive features and services. These include endpoint protection, vulnerability assessment for virtual machines, container registries, SQL resources, hybrid security, threat protection alerts and compliance tracking. Learn about Microsoft Defender for Cloud in this guide, how to enable the basic and enhanced versions, why you should do it and more.

Jump to:

How to enable Defender Cloud basic and enhanced versions

Activating Defender Cloud on Azure in its basic free version is straightforward. It is also necessary to activate it if you plan to move on to the enhanced version.

There are two prerequisites you need before you get started. You must have a subscription with Azure. You can sign up for a 12-month free account if you don’t have one.

Additionally, you must be the account owner or have the role of Contributor or Security Admin.

Enable the basic version of Defender Cloud

1. Sign into your account on the Azure portal.

2. On the portal’s menu, select Defender for Cloud.

3. The Defender for Cloud Overview will open (Figure A).

Figure A

Defender Overview dashboard.
Defender Overview dashboard. Image: Microsoft

The Overview is an interactive dashboard that lets you visualize the different elements of your security posture. It displays security alerts, coverage information and much more. Each component can be clicked to get more information. Using this dashboard, you can discover and assess the security of your workloads, and identify and mitigate risks.

If you go to the Subscriptions menu in the Overview dashboard, you will be able to visualize, adjust and add the subscriptions that have Defender for Cloud enabled.

Once activated, if you already have workflows, assets and other apps, systems or architectures running in Azure, you will see notifications and recommendations to help you improve your connected resources. You will also receive an inventory of assets actively assessed and monitored by Defender for Cloud with their corresponding security configurations.

Want to move to more advanced security? Try out the enhanced version of Defender for Cloud. Here’s how to enable it.

How to enable enhanced Defender for Cloud on one subscription

1. First, log in to your Azure portal account and enable the basic version if you have not already done so.

2. In the menu, search and select Microsoft Defender for Cloud.

3. At the bottom of the Overview dashboard menu, on the left, click on Environment settings (Figure B).

Figure B

Defender for Cloud Environment Settings.
Defender for Cloud Environment Settings. Image: Microsoft

4. Now select Enable all to get full coverage (Figure C).

Figure C

Click Enable all to get full coverage.
Image: Microsoft

5. Once you are done selecting, click on Save.

Remember that Microsoft’s cloud security approach uses monitoring components, each designed for specific elements. Once you enable Defender for Cloud, all monitoring components will automatically deploy and begin running.

If you want to disable any of the plans, turn the plan off. The extensions used by the plan will not be uninstalled, but the components will not collect any data.

How to enable enhanced Defender for Cloud on multiple subscriptions

1. Sign in to the Azure portal.

2. Go to the Microsoft Defender for Cloud in the menu.

3. In the Defender for Cloud menu, select Getting started.

4. You will see an Upgrade tab listing all the subscriptions and workspaces to which you can onboard the Defender plans (Figure D).

Figure D

Upgrade tab listing all the subscriptions and workspaces to which you can onboard the Defender plans.
Image: Microsoft

5. Select the subscriptions or workspaces you want to onboard and click on Upgrade (Figure E).

Figure E

Select the subscriptions or workspaces you want to onboard and click on Upgrade.
Image: Microsoft

6. Some subscriptions and workspaces are unavailable for the free trial. In this step, you might have to select Upgrade to start the billing process for non-eligible trial elements or select Begin Trail for free subscriptions or free workspaces.

Remember that you can always disable any plan by turning it off.

Basic and enhanced versions: What each offers

T
Image: Microsoft

If you are new to the Microsoft Azure cloud, start with the basic version and try the more enhanced version once you need it. The enhanced version covers the security of many business-critical elements and pricing plans are cost-effective. Let’s dive into both versions and what they offer.

Defender for Cloud: Basic version, what it can do

With the basic version, you can enable protection for all your Azure subscriptions. Microsoft provides security in three core areas with this solution.

Defender for Cloud basic features include:

Secure score

Defender for Cloud creates a score by continually assessing all your cloud resources. If you integrate Google Cloud and AWS, each cloud would be scored separately. The score also has warnings for recommendations which, when clicked, walk users through instructions to fix the issues.

Security policy and basic recommendations

You can apply custom or built-in security policy definitions to your subscriptions. Defender for Cloud will manage them and issue recommendations based on them. You can assign any of these policies through the Azure portal, PowerShell or Azure CLI. Policies can be disabled or enabled from Azure Policy and grouped under a broader security initiative, grouped towards targets. This feature is helpful for issues like meeting regulatory compliance standards. To learn more about this issue, go to Microsoft Learn.

Network security assessment

Based on network security best practices, Defender for Cloud identifies vulnerabilities and issues network recommendations to adjust configurations and enhance security. You can view all your networking and recommendations in the network interactive map, as well as traffic and unwanted connections.

Defender for Cloud: Enhanced version, extra security

The enhanced paid version of Cloud Defender brings in a wide range of tools and features that go above and beyond the free basic version. Microsoft designed the enhanced version as an end-to-end security management and threat protection solution that operates across hybrid cloud workloads.

Defender for Cloud enhanced features include:

  • Endpoint protection: Microsoft Defender for Endpoint is an EDR endpoint detection and response solution. It provides an integrated view of your endpoint environment, mitigates advanced threats and issues warnings.
  • Vulnerability assessment: You can discover, manage and resolve vulnerabilities in virtual machines, container registries and SQL resources.
  • Multicloud security: Connect AWS and Google GCP accounts, protecting resources and workloads on those platforms.
  • Hybrid security: Apply security and compliance standards across your on-premises and cloud workloads. Collect, search and analyze security data from multiple sources, including firewalls and other partner solutions.
  • Threat protection alerts: Stay ahead of evolving attacks with advanced behavioral analytics, machine learning and the Microsoft Intelligent Security Graph. Identify attacks and zero-day exploits and monitor networks, machines and data stores.
  • Compliance: Assess, track and analyze compliance and risk factors using a wide range of standards. You can add standards and track compliance from the regulatory compliance dashboard.
  • Access and application control: Block malware and other unwanted applications by applying machine learning-powered recommendations adapted to your specific workloads to create allowlists and blocklists.

Additionally, the enhanced version includes container security features, vulnerability management, real-time threat protection and cloud-native threat protection for the Azure services, including Azure Resource Manager, Azure DNS, Azure network layer and Azure Key Vault. Defender for Cloud, also allows you to manage your Cloud Security Posture Management.

While there are significant differences between the enhanced and basic security plans, Microsoft’s Cloud Defender ranks among the world’s top global cloud security solutions. Furthermore, features and new security technologies are constantly updated, enabling users with cutting-edge solutions. Defender for Cloud is a holistic cybersecurity approach fit for digital transformation and acceleration, With it users can protect, monitor and manage everything from IoT, devices, endpoints, on-premises resources or hybrid cloud environments.

Explore more about this theme as we compare cloud migration tool Microsoft Azure to IBM Cloud and AWS.

Subscribe to the Cloud Insider Newsletter

This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays

Subscribe to the Cloud Insider Newsletter

This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays