Learning Path 3 - Lab 1 - Exercise 2 - Mitigate threats using Microsoft Defender for Cloud

Lab scenario

You are a Security Operations Analyst working at a company that implemented Microsoft Defender for Cloud. You need to respond to recommendations and security alerts generated by Microsoft Defender for Cloud.

Task 1: Explore Regulatory Compliance

In this task, you will review Regulatory compliance configuration in Microsoft Defender for Cloud.

Important: The next steps are done in a different machine than the one you were previously working. Look for the Virtual Machine name references.

1. Log in to WIN1 virtual machine as Admin with the password: Pa55w.rd.

2. In the Edge browser, open the Azure portal at (https://portal.azure.com).

3. In the Sign in dialog box, copy, and paste in the Tenant Email account provided by your lab hosting provider and then select Next.

4. In the Enter password dialog box, copy, and paste in the Tenant Password provided by your lab hosting provider and then select Sign in.

5. In the Search bar of the Azure portal, type Defender, then select Microsoft Defender for Cloud.

6. Under Cloud Security, select Regulatory compliance in the portal menu.

7. Select Managed compliance policies on the toolbar.

8. Select your subscription.

9. Under Policy settings, select Security policy in the portal menu.

10. Review the “Industry & regulatory standards” available to you by default.

11. Select Add more standards to review additional standards available.

12. Select Microsoft Defender for Cloud below the search box to return to the main blade.

Task 2: Explore Security posture and recommendations

In this task, you will review cloud security posture management. The Secure Score information can take 24 hours to recalculate. It is beneficial to do this task again in 24 hours.

1. Under Cloud Security, select Security posture in the portal menu.

2. The Secure score most likely will show N/A until the score is calculated.

3. Under General, select Recommendations in the portal menu.

4. Explore Recommendations provided (after 24 hours).

Task 3: Mitigate security alerts

In this task, you will load sample security alerts and review the alert details.

1. Under General, select Security alerts in the portal menu.

2. Select Sample alerts from the command bar. Hint: you may need to select the ellipsis (…) button from the command bar).

3. In the Create sample alerts (Preview) pane make sure your subscription is selected and that all sample alerts are selected in the Defender for Cloud plans area.

4. Select Create sample alerts.

   Note: This sample alert creation process may take a few minutes to complete, wait for the “Successfully created sample alerts” notification. Once complete each of the alerts should appear in the Security alerts area.

5. For the alerts that grabbed your attention, perform the following actions:

   • Select the alert, information about the alert should appear. Select View full details.

   • Review and read the Alert details tab.

   • Select the Take action tab or select the Next: Take Action button at the end of the page.

   • Review the Take action information. Notice the sections available to take action depending on the type of alert: Inspect resource context, Mitigate the threat, Prevent future attacks, Trigger automated response and Suppress similar alerts.

You have completed the lab.