Enable and Configure Microsoft Defender for Cloud

Objective

• Understand what Microsoft Defender for Cloud (MDC) is and why it’s important for SRE and cloud security posture management.
• Learn how to enable Defender for Cloud on an Azure subscription or resource group.
• Explore key features such as Secure Score, Recommendations, and Defender Plans.
• Verify security posture improvements and understand automated alerts.

Conceptual Overview

Microsoft Defender for Cloud provides unified security management and threat protection across Azure, hybrid, and multi-cloud environments.

• It helps detect misconfigurations, vulnerabilities, and potential threats.
• Secure score measures how secure your resources are based on Microsoft’s best practices.
• Defender Plans allow enabling protection for specific workloads (e.g., servers, databases, storage, Kubernetes).
• As Site Reliability Engineers, security and resilience are part of reliability. Integrating security insights early in the operations pipeline ensures robust, compliant, and monitored systems.

Step 1: Navigate to Defender for Cloud

1. Log in to the Azure Portal → Azure Portal
2. Search for “Defender for Cloud” in the top search bar.
3. Review the Overview page — note the Secure Score and any existing recommendations.

Step 2: Enable Microsoft Defender Plans

1. In the Defender for Cloud pane, click on Environment settings.
2. Choose your Subscription → click on it.
3. Under Defender plans, click Enable all plans (or selectively enable based on your scenario):
   • Defender for Servers
   • Defender for App Service
   • Defender for SQL Databases
   • Defender for Storage, etc.
4. Click Save.

Each plan adds additional protection and monitoring capabilities — for example, Defender for Servers includes vulnerability scanning and Just-In-Time (JIT) VM access.

Step 3: Review Security Posture

1. Go back to Defender for Cloud → Overview.
2. Observe your Secure Score — note what’s being recommended for improvement.
3. Explore the Recommendations tab and open one of the Remediation steps.

This shows how SREs can proactively identify security misconfigurations and create automation scripts or policies to remediate them.

Step 4: Trigger and Observe a Security Alert (Optional)

1. Create or use a sample Virtual Machine in Azure.
2. Attempt to open a public inbound port (e.g., RDP or SSH to “Any” source).
3. Wait a few minutes and return to Defender for Cloud → Security Alerts.
4. Observe the triggered Alert about network exposure or potential vulnerability.

Defender automatically detects risky configurations and alerts the team, helping SREs prioritize fixes and automate detection.

Step 5: Automate and Monitor

1. In Defender for Cloud → Workflow automation, create an automation rule that:
   • Triggers on a “High severity alert.”
   • Sends an email or creates a Logic App workflow.
2. Test the automation by simulating an alert.

Automation ensures SRE teams get instant alerts, enabling faster incident response.

What you can try:

• How does Defender for Cloud improve SRE visibility and reliability?
• Which alerts would you prioritize as an SRE?
• How could you integrate Defender alerts into an Azure Monitor, Log Analytics, or incident management system (like PagerDuty or ServiceNow)?
• Use Azure Policy to automatically enable Defender for Cloud on all new subscriptions.
• Integrate Defender for Cloud data into Azure Sentinel (Microsoft Defender XDR) for advanced correlation and response.