Learning Path 5 - Lab 1 - Exercise 1 - Enable Microsoft Defender for Cloud

Lab scenario

You’re a Security Operations Analyst working at a company that is implementing cloud workload protections with Microsoft Defender for Cloud. In this lab, you enable Microsoft Defender for Cloud.

Important: The lab exercises for Learning Path #5 are in a standalone environment. If you exit the lab before completing it, you will be required to re-run the configurations again.

Estimated time to complete this lab: 25 minutes

Task 1: Connect an On-Premises Server

In this task, you’ll connect an on-premises server to your Azure subscription. Azure Arc was pre-installed on this server. The server will be used in the next exercises to provide a resource for applying compliance standards and workload protections.

Important: The next steps are done on a different machine than the one you were previously working. Look for the Virtual Machine name in the references tab.

  1. Log in to WINServer virtual machine as Administrator with the password: Passw0rd! if necessary.

As described above, Azure Arc has been pre-installed on the WINServer machine. You will now connect this machine to your Azure subscription.

  1. On the WINServer machine, select the search icon and type cmd.

  2. In search results right click Command Prompt and select Run as administrator.

  3. In the Command Prompt window, type the following command. Do not press enter:

     azcmagent connect -g "defender-RG" -l "EastUS" -s "Subscription ID string"
    
  4. Replace the Subscription ID string with the Subscription ID provided by your lab hoster (*Resources tab). Make sure to keep the quotes.

  5. Type Enter to run the command (this may take a couple minutes).

    Note: If you see the How do you want to open this? browser selection window, select Microsoft Edge.

  6. In the Sign in dialog box, enter your Tenant Email and Tenant Password provided by your lab hosting provider and select Sign in. Wait for the Authentication complete message, close the browser tab and return to the Command Prompt window.

  7. When the commands complete running, leave the Command Prompt window open and type the following command to confirm that the connection was successful:

     azcmagent show
    
  8. In the command output, verify that Agent status is Connected.

Task 2: Enable Microsoft Defender for Cloud

In this task, you’ll enable and configure Microsoft Defender for Cloud.

  1. Log in to WIN1 virtual machine as Admin with the password: Pa55w.rd.

  2. In the Microsoft Edge browser, navigate to the Azure portal at https://portal.azure.com.

  3. In the Sign in dialog box, copy, and paste in the tenant Email account for the admin username provided by your lab hosting provider and then select Next.

  4. In the Enter password dialog box, copy, and paste in the admin’s tenant password provided by your lab hosting provider and then select Sign in.

  5. In the Search bar of the Microsoft Azure portal, type Defender, then select Microsoft Defender for Cloud.

  6. In the left navigation menu for Microsoft Defender for Cloud, expand the Management section , and select Environment settings.

  7. Select the Expand all button to view all subscriptions and resources.

  8. Select the MOC Subscription-lodxxxxxxxx subscription (or equivalent name in your Language).

  9. Review the Azure resources that are now protected with the Defender for Cloud plans.

  1. In the Cloud Security Posture Management (CSPM) section, select On for the Defender CSPM.

  2. In the Cloud Workload Protection (CWP) section, select On for the Servers Plan 2.

  3. Select the Save button at the top of the page.

  4. Select the Settings & monitoring tab from the Settings area (next to Save).

  5. Review the monitoring extensions. It includes configurations for Virtual Machines, Containers, and Storage Accounts.

  6. Select the Continue button, or cClose the “Settings & monitoring” page by selecting the ‘X’ on the upper right of the page.

  7. Close the settings page by selecting the ‘X’ on the upper right of the page to go back to the Environment settings.

Task 3: Understanding the Microsoft Defender for Cloud Dashboard

  1. In the Search bar of the Microsoft Azure portal, type Defender, then select Microsoft Defender for Cloud.

  2. In the left navigation menu for Microsoft Defender for Cloud, under the General section, select Overview.

  3. The Overview blade provides a unified view into the security posture and includes multiple independent cloud security pillars such as Security posture, Regulatory compliance, Workload protections, Firewall Manager, Inventory, and Information Protection (preview). Each of these pillars also has its dedicated dashboard allowing deeper insights and actions around that vertical, providing easy access and better visibility for security professionals.

    Note: The top menu bar allows you to view and filter subscriptions by selecting the Subscriptions button. In this lab, we will use only one but selecting different/additional subscriptions will adjust the interface to reflect the security posture of the selected subscriptions

  4. Click on the What’s new icon link – a new tab opens with the latest release notes where you can stay current on the new features, bug fixes, and more.

    Note: The high-level numbers at the top menu; This view allows you to see a summary of your subscriptions, active recommendations, and security alerts alongside connected cloud accounts.

  5. From the top menu bar, select Azure subscriptions. This will bring you into the environment settings where you can select from the available subscriptions.

  6. Return to the Overview page, and review the Security posture tile. You can see your current Secure score along with the number of completed controls and recommendations. Selecting this tile will redirect you to a drill-down view across subscriptions

    Note: The Secure Score and other information on the Security posture tile can take up to 24 hours to calculate. It may not fully populate during this lab.

  7. On the Regulatory compliance tile, you can get insights into your compliance posture based on continuous assessment of both Azure and hybrid cloud environments. This tile shows the following standards which are Microsoft Cloud Security benchmark, and Lowest compliance regulatory standard. To view the data we first need to add Security policies.

  8. Selecting this tile will redirect you to the Regulatory compliance dashboard – where you can add additional standards and explore the current ones

  9. We will continue exploring Microsoft Defender for Cloud Security posture and Regulatory compliance in the next exercise.

Proceed to Exercise 2