forked from Azure/Microsoft-Defender-for-Cloud
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from martinalang/onboarding
Naming update: Microsoft Defender for Cloud
- Loading branch information
Showing
9 changed files
with
109 additions
and
109 deletions.
There are no files selected for viewing
File renamed without changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,17 @@ | ||
# Inventory (for reporting purposes) | ||
|
||
Most enterprise customers today have deployed Azure Security Center at least to some extent in their organizations. In this case, they can use [Azure Resource Graph](https://docs.microsoft.com/en-us/azure/governance/resource-graph/) queries to get an overview of their current security state and answer the following questions: | ||
Most enterprise customers today have deployed Microsoft Defender for Cloud at least to some extent in their organizations. In this case, they can use [Azure Resource Graph](https://docs.microsoft.com/en-us/azure/governance/resource-graph/) queries to get an overview of their current security state and answer the following questions: | ||
1. How many subscriptions do I have? | ||
2. How many of these subscriptions have been onboarded to ASC? | ||
3. How many of these subscriptions have not yet been onboarded to ASC? | ||
4. Which subscriptions have not yet been onboarded to ASC? | ||
5. Which subscriptions are using ASC with Azure Defender fully enabled? | ||
6. Which subscriptions are using ASC without Azure Defender fully enabled? | ||
7. What is the coverage (On | On (partial) | Off) for Azure Defender across all of my subscriptions? | ||
8. Which Azure Defender plans (Azure Defender for VMs, Azure Defender for KeyVaults, etc.) are enabled across all of my subscriptions? | ||
2. How many of these subscriptions have been onboarded to MDC? | ||
3. How many of these subscriptions have not yet been onboarded to MDC? | ||
4. Which subscriptions have not yet been onboarded to MDC? | ||
5. Which subscriptions are using MDC with Microsoft Defender for Cloud fully enabled? | ||
6. Which subscriptions are using MDC without Microsoft Defender for Cloud fully enabled? | ||
7. What is the coverage (On | On (partial) | Off) for Microsoft Defender for Cloud across all of my subscriptions? | ||
8. Which Microsoft Defender plans (Microsoft Defender for VMs, Microsoft Defender for KeyVaults, etc.) are enabled across all of my subscriptions? | ||
|
||
The matching Azure Resource Graph queries can be found [here](https://github.com/Azure/Azure-Security-Center/tree/master/Kusto/Azure%20Resource%20Graph/Starter%20Kit%20-%20ASC%20Pricing). | ||
The matching Azure Resource Graph queries can be found [here](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Kusto/Azure%20Resource%20Graph/Starter%20Kit%20-%20ASC%20Pricing). | ||
|
||
In order to run these Azure Resource Graph queries, we recommend that customers have at least *Security Admin* and *Reader* permissions on the appropriate management group level. For further details, refer to [Step #2 in Module 2 - Roles and permissions](./Modules/2-Roles-and-Permissions.md#step-2---assign-the-necessary-rbac-permissions-to-the-central-security-team). | ||
|
||
Running these queries is an optional step, but it helps to compare the customers current security state to the security state after rolling out and governing ASC centrally, and it may be useful for reporting progress to management. | ||
Running these queries is an optional step, but it helps to compare the customers current security state to the security state after rolling out and governing MDC centrally, and it may be useful for reporting progress to management. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,17 @@ | ||
# Next steps | ||
|
||
After successfully onboarding all enterprise subscriptions and customizing ASC to their needs, the customer’s central security team should regularly monitor the ASC Secure Score and see it as a key performance indicator for their security posture. | ||
After successfully onboarding all enterprise subscriptions and customizing MDC to their needs, the customer’s central security team should regularly monitor the MDC Secure Score and see it as a key performance indicator for their security posture. | ||
|
||
The following articles can help customers to establish a routine in regularly checking ASC recommendations and alerts: | ||
The following articles can help customers to establish a routine in regularly checking MDC recommendations and alerts: | ||
* [Monitor the security health of your Azure resources](https://docs.microsoft.com/en-us/azure/security-center/security-center-monitoring) | ||
* [Manage security recommendations in Security Center](https://docs.microsoft.com/en-us/azure/security-center/security-center-recommendations) | ||
* [Manage security recommendations in Microsoft Defender for Cloud](https://docs.microsoft.com/en-us/azure/security-center/review-security-recommendations) | ||
* [Learn how to remediate recommendations](https://docs.microsoft.com/en-us/azure/security-center/security-center-remediate-recommendations) | ||
* [Manage and respond to security alerts in Azure Security Center](https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts) | ||
* [Manage and respond to security alerts in Microsoft Defender for Cloud](https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts) | ||
* [Prevent misconfigurations with Enforce/Deny](https://docs.microsoft.com/en-us/azure/security-center/prevent-misconfigurations) | ||
* [Deliver a Secure Score weekly briefing](https://techcommunity.microsoft.com/t5/azure-security-center/deliver-a-security-score-weekly-briefing/ba-p/1411515) | ||
|
||
|
||
<br /> | ||
|
||
### ⇨ For some hands-on experience, we recommend to take one of our ASC Labs: [Azure Security Center Labs](https://github.com/Azure/Azure-Security-Center/tree/master/Labs) | ||
### ⇨ For some hands-on experience, we recommend to take one of our MDC Labs: [Microsoft Defender for Cloud Labs](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Labs) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.