Professional Documents
Culture Documents
Bab 03 Mitigate Threats Using Microsoft Defender For Cloud
Bab 03 Mitigate Threats Using Microsoft Defender For Cloud
To enable all
Defender for Cloud
features including
threat protection
capabilities, you must
enable enhanced
security features on
the subscription
containing the
applicable workloads.
Install Azure Arc agent on Host ● Manually deploy Log Analytics agent to
Windows Host
In the Azure Portal, Connect the host. ● Manually deploy Log Analytics agent to Linux
Host
System Updates
Active Alerts
Microsoft Defender for Servers Plan 1 - deploys Microsoft Defender for Endpoint to
your servers and provides these capabilities:
• Microsoft Defender for Endpoint licenses are charged per hour instead of per seat, lowering costs for
protecting virtual machines only when they are in use.
• Microsoft Defender for Endpoint deploys automatically to all cloud workloads so that you know they're
protected when they spin up.
• Alerts and vulnerability data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud
Microsoft Defender for Servers Plan 2 (formerly Defender for Servers) - includes the
benefits of Plan 1 and support for all of the other Microsoft Defender for Servers
features.
• Microsoft Defender for App Service uses the scale of the cloud to identify attacks targeting
applications running over App Service.
• Attackers probe web applications to find and exploit weaknesses. Before being routed to specific
environments, requests to applications running in Azure go through several gateways, where they're
inspected and logged.
• This data is then used to identify exploits and attackers and learn new patterns that will be used later.
• An unmanaged Kubernetes
distribution (using Azure
Arc-enabled Kubernetes)
Detecting Threats
Alert classification
Alert types