Microsoft Defender Workload Protection
Introduction
- Microsoft Defender for Cloud offers a comprehensive set of features for workload protection to secure various types of workloads running in Azure, on-premises, and in multi-cloud environments.
- These features are designed to provide robust security controls, continuous monitoring, and actionable insights to protect your workloads.
Key features available in Workload Protection within Microsoft Defender:
- Virtual Machine (VM) Protection
Threat Detection
: Advanced threat detection using behavioral analysis and machine learning to identify anomalies and potential threats on VMs.Just-in-Time (JIT) VM Access
: Limits exposure of VMs by allowing access only when needed and for a specified duration.Adaptive Application Controls
: Helps create allowlists for applications running on your VMs to prevent unauthorized applications from running.
- Container Security
Vulnerability Scanning
: Automatically scans container images in Azure Container Registry for known vulnerabilities and provides remediation recommendations.Runtime Protection
: Monitors container behavior during runtime to detect and mitigate suspicious activities and threats.Kubernetes Protection
: Provides security recommendations and threat detection for Kubernetes clusters, including AKS (Azure Kubernetes Service).
- SQL Database Protection
Advanced Threat Protection
: Continuously monitors your SQL databases for potential threats and anomalous activities, such as SQL injection and brute-force attacks.Data Classification
: Identifies and classifies sensitive data in your databases to help you understand the data sensitivity and apply appropriate security measures.Vulnerability Assessment
: Regularly scans your SQL databases for security vulnerabilities and provides actionable remediation steps.
- Storage Account Protection
Threat Detection
: Monitors storage accounts for unusual and potentially harmful activities, such as access from suspicious IP addresses and anomalous data operations.Data Encryption
: Ensures that data stored in Azure Storage accounts is encrypted both at rest and in transit.Access Control
: Provides granular access control policies to secure storage resources and manage permissions effectively.
- App Service Protection
Threat Detection
: Continuously monitors Azure App Services for threats and malicious activities.Vulnerability Assessment
: Identifies security vulnerabilities in web applications running on App Services and provides remediation recommendations.Web Application Firewall (WAF)
: Integrates with WAF to protect web applications from common threats such as SQL injection, cross-site scripting (XSS), and other web attacks.
- Azure Functions Protection
Threat Detection
: Monitors Azure Functions for anomalous and potentially malicious activities.Runtime Protection
: Secures the execution environment of Azure Functions to detect and mitigate threats during function execution.Code Scanning
: Scans function code for vulnerabilities and provides recommendations to improve security.
- Key Vault Protection
Threat Detection
: Monitors Azure Key Vault for suspicious activities and unauthorized access attempts.Access Policies
: Provides fine-grained access control to manage permissions for keys, secrets, and certificates stored in Key Vault.Logging and Monitoring
: Enables detailed logging of all access and usage activities within Key Vault for auditing and compliance.
- Azure Resource Manager (ARM) Protection
Policy Enforcement
: Enforces security policies across Azure resources to ensure compliance with organizational standards.Configuration Monitoring
: Continuously monitors resource configurations to detect and alert on deviations from best practices and security baselines.
- Logic Apps Protection
Threat Detection
: Monitors Logic Apps for anomalous activities and potential threats.Access Control
: Manages permissions and access policies to secure workflows and integrations.
Defender for Servers
Endpoint Detection and Response (EDR)
: Provides advanced threat detection and response capabilities for servers, including detailed visibility into server activities.Vulnerability Management
: Regularly scans servers for vulnerabilities and provides remediation guidance.File Integrity Monitoring
: Tracks changes to critical system files and directories to detect potential security breaches.
- Defender for Storage
Anomaly Detection
: Identifies unusual access patterns and data activities in Azure Storage accounts.Malware Scanning
: Scans files uploaded to Azure Storage for malware and other malicious content.
- Defender for SQL
Advanced Threat Detection
: Provides real-time threat detection for SQL servers on Azure, in hybrid environments, and on other cloud platforms.Vulnerability Assessment
: Regularly assesses SQL server configurations and identifies security vulnerabilities.
This post is licensed under CC BY 4.0 by the author.