0
0
Azurecloud~5 mins

Microsoft Defender for Cloud in Azure - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Microsoft Defender for Cloud helps protect your cloud resources by finding security problems and giving you advice to fix them. It watches your Azure services and alerts you if something looks risky or unusual.
When you want to keep your Azure virtual machines safe from attacks.
When you need to monitor your Azure storage accounts for suspicious activity.
When you want to get security recommendations for your cloud resources automatically.
When you want to see a security score that shows how protected your cloud environment is.
When you want to enable automatic threat detection on your Azure subscriptions.
Commands
This command enables Microsoft Defender for Cloud protection on your Azure virtual machines by setting the pricing tier to Standard.
Terminal
az security pricing create --name VirtualMachines --tier Standard
Expected OutputExpected
{ "name": "VirtualMachines", "pricingTier": "Standard", "resourceType": "VirtualMachines" }
--name - Specifies the resource type to protect, here VirtualMachines.
--tier - Sets the protection level, Standard enables Defender features.
This command turns on automatic provisioning of security agents on supported resources, so Defender can monitor them without manual setup.
Terminal
az security auto-provisioning-setting create --name default --auto-provision On
Expected OutputExpected
{ "autoProvision": "On", "name": "default" }
--auto-provision - Enables or disables automatic agent installation.
This command lists all active security alerts detected by Microsoft Defender for Cloud in your subscription.
Terminal
az security alert list
Expected OutputExpected
[]
This command shows security assessments and recommendations for your Azure resources to improve their security posture.
Terminal
az security assessment list
Expected OutputExpected
[]
Key Concept

If you remember nothing else from this pattern, remember: enabling Microsoft Defender for Cloud with the right pricing tier and auto-provisioning lets you automatically protect and monitor your Azure resources.

Common Mistakes
Not setting the pricing tier to Standard for the resource type.
Without Standard tier, Defender features like threat detection are not enabled.
Always run 'az security pricing create' with '--tier Standard' for resources you want protected.
Forgetting to enable auto-provisioning of security agents.
Without auto-provisioning, Defender cannot install agents needed to monitor resources automatically.
Run 'az security auto-provisioning-setting create' with '--auto-provision On' to enable this.
Not checking security alerts regularly.
Alerts provide early warnings of threats; ignoring them can lead to unnoticed security issues.
Use 'az security alert list' frequently to review and respond to alerts.
Summary
Enable Microsoft Defender for Cloud protection by setting the pricing tier to Standard for your resources.
Turn on automatic provisioning to let Defender install monitoring agents without manual steps.
Use commands to list security alerts and assessments to stay informed about your cloud security.