1 00:00:01,040 --> 00:00:05,870 Microsoft Defender for Cloud. Microsoft Defender for Cloud, again, 2 00:00:05,870 --> 00:00:11,980 there's a theme, hybrid cloud/multi‑cloud AI‑backed cloud‑hosted security 3 00:00:11,980 --> 00:00:17,310 posture management solution. That's quite a mouthful. Under the hood, this 4 00:00:17,310 --> 00:00:21,750 product began as Azure Security Center, which was essentially a recommendation 5 00:00:21,750 --> 00:00:28,020 engine. That still exists even now with the rebrand. You get a secure score for 6 00:00:28,020 --> 00:00:32,470 your environment that you've onboarded into Defender for Cloud, and this is an 7 00:00:32,470 --> 00:00:38,430 arbitrary number where higher values denote a better security posture. And as 8 00:00:38,430 --> 00:00:43,470 you take action on the security recommendations that Defender for Cloud gives 9 00:00:43,470 --> 00:00:46,540 you, that improves your secure score. 10 00:00:46,540 --> 00:00:50,890 The idea is that it's going to give everybody on your team, not 11 00:00:50,890 --> 00:00:56,080 only dedicated InfoSec professionals, a way to view the overall 12 00:00:56,080 --> 00:01:01,200 security posture of your environment to use Microsoft‑provided 13 00:01:01,200 --> 00:01:05,390 proven practices to improve the security posture of your 14 00:01:05,390 --> 00:01:07,350 environment. And just go from there. 15 00:01:07,350 --> 00:01:10,470 You'll find that Defender for Cloud integrates tightly with Azure 16 00:01:10,470 --> 00:01:14,710 Policy, and Azure Policy integrates tightly with many of the 17 00:01:14,710 --> 00:01:17,750 world's compliance and legal frameworks, 18 00:01:17,750 --> 00:01:21,140 so you'll find that by leveraging Azure Policy 19 00:01:21,140 --> 00:01:23,370 within Microsoft Defender for Cloud, 20 00:01:23,370 --> 00:01:27,540 it can go a long way to help your compliance with whatever 21 00:01:27,540 --> 00:01:32,590 regulatory or legislative or industry‑specific certifications 22 00:01:32,590 --> 00:01:34,840 your business has to attest to. 23 00:01:34,840 --> 00:01:38,840 There is also an automated security alert system. 24 00:01:38,840 --> 00:01:41,390 It's not as robust as Sentinel, but it's not 25 00:01:41,390 --> 00:01:44,040 intended to be. Defender, as I said, 26 00:01:44,040 --> 00:01:48,600 is more of a general‑purpose security hygiene tool set. Sentinel 27 00:01:48,600 --> 00:01:54,140 is for dedicated full‑time InfoSec analysis. 28 00:01:54,140 --> 00:02:00,190 I created this diagram as a way to depict the overlap between Microsoft Defender 29 00:02:00,190 --> 00:02:03,960 for Cloud on one side and Microsoft Sentinel on the other. 30 00:02:03,960 --> 00:02:07,710 We could look at it that Microsoft Defender for Cloud covers 31 00:02:07,710 --> 00:02:11,140 data collection, remediation, and detection, 32 00:02:11,140 --> 00:02:13,840 but not so much the automated response. 33 00:02:13,840 --> 00:02:17,000 Although, technically, if I were to refactor this diagram, 34 00:02:17,000 --> 00:02:19,600 I might want to bring respond in because you can do 35 00:02:19,600 --> 00:02:23,250 playbooks in Microsoft Defender for Cloud, 36 00:02:23,250 --> 00:02:27,030 but you don't get the full KQL, Kusto Query Language, threat 37 00:02:27,030 --> 00:02:29,890 hunting that you do with Microsoft Sentinel. 38 00:02:29,890 --> 00:02:33,930 See, Sentinel could really be looked at as a superset 39 00:02:33,930 --> 00:02:35,850 of Microsoft Defender for Cloud. 40 00:02:35,850 --> 00:02:36,820 As a matter of fact, 41 00:02:36,820 --> 00:02:40,140 guess what one of the connectors is for Microsoft 42 00:02:40,140 --> 00:02:42,050 Sentinel. It's Defender for Cloud. 43 00:02:42,050 --> 00:02:42,560 So, again, 44 00:02:42,560 --> 00:02:46,480 that idea is you can take all of the general‑purpose security 45 00:02:46,480 --> 00:02:51,240 recommendations from MDC, surface those, and take action on them 46 00:02:51,240 --> 00:02:54,240 centrally within Microsoft Sentinel. 47 00:02:54,240 --> 00:02:59,300 This would be particularly useful for businesses who have multiple Azure AD 48 00:02:59,300 --> 00:03:08,000 tenants with associated subscriptions because those environments are going to have separate instances of Microsoft defender for cloud