Bab 3

Mitigasi Ancaman dengan menggunakan

Microsoft Defender for Cloud
 Daftar Isi

1. Rencanakan Perlindungan Cloud Workload

dengan Menggunakan Microsoft Defender for
Cloud
2. Menghubungkan Aset Azure ke Microsoft
Defender for Cloud
3. Menghubungkan Aset Non-Azure ke Microsoft
Insert picture/chart
Defender for Cloud
4. Mengolah Cloud Security Posture
Management Anda
5. Perlindungan Workload pada Microsoft
Defender for Cloud
6. Memulihkan Security Alerts dengan
Menggunakan Microsoft Defender for Cloud
 Bab 3
Sub-bab 1
Rencanakan
Perlindungan Cloud
Workload dengan
Menggunakan Microsoft
Defender for Cloud
Introduction

Setelah menyelesaikan modul ini, kamu dapat melakukan:

1. Mendeskripsikan fitur Microsoft Defender for Cloud

2. Menjelaskan perlindungan workload dari Microsoft
Defender for Cloud
3. Menjalankan Microsoft Defender for Cloud
Explain Microsoft Defender for Cloud

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Cloud workload protection plans
Microsoft Defender for Cloud, brings advanced, intelligent protection to your Azure and hybrid
resources and workloads.

© Copyright Microsoft Corporation. All rights reserved.

Guided demonstration – Microsoft
Defender for Cloud
Scenario:
You are the security
operations analyst and Task 1 Manage cloud security posture
must protect your hybrid
cloud with Microsoft
Defender for Cloud.
Task 2 Protect against threats

Task 3 Get advanced insights

Enable Microsoft Defender for Cloud

To enable all
Defender for Cloud
features including
threat protection
capabilities, you must
enable enhanced
security features on
the subscription
containing the
applicable workloads.

© Copyright Microsoft Corporation. All rights reserved.

 Bab 3
Sub-bab 2
Menghubungkan Aset
Azure ke Microsoft
Defender for Cloud
Introduction

Setelah menyelesaikan modul ini, kamu dapat melakukan:

1. Mengeksplor aset Azure

2. Mengkonfigurasikan auto-provisioning pada Microsoft
Defender for Cloud
3. Menjelaskan manual provisioning pada Microsoft Defender
for Cloud
 Explore and manage your resources with asset
inventory
Inventory Summary
○ Total Resources
○ Unhealthy Resources
○ Unmonitored Resources
○ Unregistered Subscriptions

Status For each Resource

○ Agent monitoring
○ Microsoft Defender for
Cloud
○ Body Recommendations

© Copyright Microsoft Corporation. All rights reserved.

Configure auto provisioning
Microsoft Defender for Cloud collects data from your Azure virtual machines (VMs), virtual
machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to
monitor for security vulnerabilities and threats.

© Copyright Microsoft Corporation. All rights reserved.

Manual log analytics agent provisioning

To manually install the Log Analytics agent on Azure VMs:

1. Disable auto provisioning.

2. Optionally, create a workspace.
3. Enable Microsoft Defender for Cloud on the workspace on which you’re
installing the Log Analytics agent.
4. Deploy agents on new VMs using a Resource Manager template, install the Log
Analytics agent.
5. Deploy agents on your existing VMs

© Copyright Microsoft Corporation. All rights reserved.

 Bab 3
Sub-bab 3
Menghubungkan Aset
Non-Azure ke Microsoft
Defender for Cloud
Introduction

Setelah menyelesaikan modul ini, kamu dapat melakukan:

1. Menghubungkan non-Azure machines ke Microsoft

Defender for Cloud
2. Menghubungkan akun AWS ke Microsoft Defender for
Cloud
3. Menghubungkan GCP projects ke Microsoft Defender
for Cloud
Protect non-Azure resources
Azure Arc simplifies governance and management by delivering a consistent
multi-cloud and on-premises management platform.

© Copyright Microsoft Corporation. All rights reserved.

 Connect non-Azure machines

● Azure Arc Enabled ● Without Azure Arc

Install Azure Arc agent on Host ● Manually deploy Log Analytics agent to
Windows Host

In the Azure Portal, Connect the host. ● Manually deploy Log Analytics agent to Linux
Host

● Manually deploy Log Analytics agent to Azure

Stack VMs

© Copyright Microsoft Corporation. All rights reserved.

Connect AWS accounts
Onboarding your AWS account into Microsoft Defender for Cloud, integrates AWS Security
Hub. Microsoft Defender for Cloud thus provides visibility and protection across both
cloud environments.

© Copyright Microsoft Corporation. All rights reserved.

Connect your GCP projects
Onboarding your GCP account into Microsoft Defender for Cloud, integrates GCP Security
Command Center. Microsoft Defender for Cloud thus provides visibility and protection
across both cloud environments.

© Copyright Microsoft Corporation. All rights reserved.

 Bab 3
Sub-bab 4
Mengolah Cloud
Security Posture
Management Anda
Introduction

Setelah menyelesaikan modul ini, kamu dapat melakukan:

1. Menjelaskan Microsoft Defender for Cloud Secure Score

2. Mendeskripsikan bagaimana Microsoft Defender for Cloud
bekerja dengan standar industri dan tolak ukurnya
3. Menjelaskan Microsoft Defender for Cloud security posture
management protections bagi sumber daya Anda
Explore Secure Score

© Copyright Microsoft Corporation. All rights reserved.

View Recommendations

© Copyright Microsoft Corporation. All rights reserved.

Measure Compliance

© Copyright Microsoft Corporation. All rights reserved.

Use Workbooks

Secure Score Over Time

System Updates

Vulnerability Assessment Findings

Compliance Over Time

Active Alerts

© Copyright Microsoft Corporation. All rights reserved.

 Bab 3
Sub-bab 5
Perlindungan Workload
pada Microsoft Defender
for Cloud
Introduction

Setelah menyelesaikan modul ini, kamu dapat melakukan:

1. Menjelaskan workload yang dilindungi oleh Microsoft Defender

for Cloud
2. Mendeskripsikan manfaat dari perlindungan yang diberikan
oleh Microsoft Defender for Cloud
3. Menjelaskan bagaimana fungsi perlindungan dari Microsoft
Defender for Cloud
Microsoft Defender for servers

Microsoft Defender for Servers Plan 1 - deploys Microsoft Defender for Endpoint to
your servers and provides these capabilities:

• Microsoft Defender for Endpoint licenses are charged per hour instead of per seat, lowering costs for
protecting virtual machines only when they are in use.
• Microsoft Defender for Endpoint deploys automatically to all cloud workloads so that you know they're
protected when they spin up.
• Alerts and vulnerability data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud

Microsoft Defender for Servers Plan 2 (formerly Defender for Servers) - includes the
benefits of Plan 1 and support for all of the other Microsoft Defender for Servers
features.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for App Service

• Microsoft Defender for App Service uses the scale of the cloud to identify attacks targeting
applications running over App Service.

• Attackers probe web applications to find and exploit weaknesses. Before being routed to specific
environments, requests to applications running in Azure go through several gateways, where they're
inspected and logged.

• This data is then used to identify exploits and attackers and learn new patterns that will be used later.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Storage

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Databases - SQL

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Databases

Threat protection for Azure Cosmos DB

Threat protection for open-source relational databases are available for:

•Azure Database for PostgreSQL
•Azure Database for MySQL
•Azure Database for MariaDB

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Key Vault
○ Microsoft Defender detects unusual and potentially harmful attempts to
access or exploit Key Vault accounts. This layer of protection allows you to:

• Address threats without being a security expert.

• Address threats without the need to manage third-party security monitoring
systems.

○ When anomalous activities occur, Microsoft Defender shows alerts and

optionally sends them via email to relevant members of your organization.
These alerts include the details of the suspicious activity and
recommendations on how to investigate and remediate threats.

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Resource Manager
Microsoft Defender for Resource Manager protects against issues including:
•Suspicious resource management operations, such as operations from malicious IP addresses,
disabling antimalware, and suspicious scripts running in VM extensions
•Use of exploitation toolkits like Microburst or PowerZure
•Lateral movement from the Azure management layer to the Azure resources data plane

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for DNS

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender for Containers
Defender for Containers protects
your clusters whether they're
running in:

• Azure Kubernetes Service (AKS)

• Amazon Elastic Kubernetes

Service (EKS) in a connected
Amazon Web Services (AWS)
account

• An unmanaged Kubernetes
distribution (using Azure
Arc-enabled Kubernetes)

© Copyright Microsoft Corporation. All rights reserved.

 Bab 3
Sub-bab 6
Memulihkan Security
Alerts dengan
Menggunakan Microsoft
Defender for Cloud
Introduction

Setelah menyelesaikan modul ini, kamu dapat melakukan:

1. Menjelaskan alerts pada Microsoft Defender for Cloud

2. Memulihkan alerts pada Microsoft Defender for Cloud
3. Mengotomatisasi jawaban pada Microsoft Defender for Cloud
Explain security alerts

Security alerts and incidents

Detecting Threats

Alert classification

Continuous monitoring and

assessments

Alert types

© Copyright Microsoft Corporation. All rights reserved.

Remediate alerts
Microsoft Defender for
Cloud provides
actionable tasks to
mitigate the threat,
prevent future attacks,
trigger automated
response, suppress
similar alerts.

© Copyright Microsoft Corporation. All rights reserved.

Remediate Alerts (continued)

Create a logic app and

define when it should
automatically run.

© Copyright Microsoft Corporation. All rights reserved.

Suppress alerts from Microsoft Defender for Cloud

A suppression rule can be useful to suppress alerts that

you've identified as false positives or alerts that are
being triggered too often to be useful.

© Copyright Microsoft Corporation. All rights reserved.

Manage threat intelligence reports
● Reports include: Activity Group, Campaign, Threat Summary
Attacker’s identity or associations (if this Associated indicators of compromise (IoC) such
information is available) as URLs and file hashes

Victimology, which is the industry and

Attackers’ objectives geographic prevalence to assist you in
determining if your Azure resources are at risk

Current and historical attack campaigns (if this

Mitigation and remediation information
information is available)

Attackers’ tactics, tools, and procedures

© Copyright Microsoft Corporation. All rights reserved.

Respond to alerts from Azure resources

● Respond to Microsoft ● Respond to Microsoft ● Respond to Microsoft

Defender for Key Defender for DNS Defender for
Vault alerts alerts Resource Manager
alerts

© Copyright Microsoft Corporation. All rights reserved.

Akhir dari Bab 3