Defender for Cloud Coverage
Defender for Cloud
- Security Assessments - Defender for Cloud will identify configuration-related vulnerabilities either through its own means or where the data already exists in Azure through other services like Defender for Cloud App.
- Defender for Endpoint - For the compute-related Defender for cloud technologies such as virtual machines Defender for Cloud will either leverage the entire Defender for Endpoint offering (Sense, SenseIR and Antivirus engine) or just the Threat vulnerability management capability depending on relevancy.
- Cloud resource threat detection - Some of the Defender for Cloud technologies will utilize their own exclusive threat detection capabilities most of which do not impact the resource they are protecting. Examples of this are monitoring blob operations for anomalies or applying TI feeds to network traffic leaving resources.
Just at a glance the breadth of controls Defender for Cloud offers is impressive and if an organization heavily relies on Azure, it is a very easy decision to turn it on. Most of the threat detection capabilities Defender for Cloud provides could be achieved by ingesting the data/telemetry into Microsoft Sentinel and writing the appropriate near real-time rules. If that's an exercise you want to complete use this resource (https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference) to reverse engineer, the alerts generated by Defender for Cloud into your own custom rules.