Blogs by Ashwin

  To read part 1 please click  here To read part 2 please click  here To read part 3 please click  here Azure Defender for Resource Manager Azure Resource Manager is the deployment and management service for Azure which provides a management layer that allows you to create, update, and delete resources in your Azure account as well as capable of automatically monitoring the resource management operations in your organization, even if  they are performed through the Azure portal, Azure REST APIs, Azure CLI, or the other Azure programmatic clients while simultaneously running advanced security analytics to detect threats and alert you about any suspicious activity. What are the benefits of Azure Defender for Resource Manager? Azure Defender for Resource Manager readily protects against issues including: Suspicious resource management operations, such as the operations from suspicious IP addresses, disabling antimalware and suspicious scripts running in VM extensions. Use of exploitation

  To read part 4 please click  here To read part 1 please click  here To read part 2 please click  here Azure Defender for SQL Azure Defender for SQL consists of two types of Azure Defender plans that can easily extend Azure Security Center's data security package to secure your databases and their data no matter where they are located. What does Azure Defender for SQL protect? Azure Defender for SQL's two separate Azure Defender plans are: Azure Defender for Azure SQL database servers  protects- Azure SQL database, Azure SQL Managed Instance, and Dedicated SQL pool in Azure Synapse.  Azure Defender for SQL servers on machines extends the protections of your Azure-native SQL Servers to completely support hybrid environments as well as protect SQL servers (all supported version) hosted in Azure, other cloud environments, and even on-premises machines like SQL Servers on VMs, and On-premises SQL servers (Azure Arc enabled SQL Server (preview), SQL Server running on Windows machin

  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here Azure Defender for App Service Azure App Service is a fully managed platform for building and hosting your web apps as well as APIs without worrying about having to manage the infrastructure while providing management, monitoring, and operational insights to meet the enterprise-grade performance, security as well as compliance requirements.  Azure Defender for App Service widely uses the scale of the cloud to identify the attacks targeting the applications running over the App Service. Generally attackers probe web applications to find and exploit weaknesses, so before being routed to the specific environments, you should first request to the applications running in Azure to go through  the various gateways, where they can be inspected and logged and can then further be used to identify exploits as well as attackers and learn new patterns that will be used later. What does Azure Defe

  To read part 2 please click  here To read part 3 please click  here To read part 4 please click  here Azure Defender for Servers Azure Defender for servers adds threat detection and advanced defenses for your Windows in which   Azure Defender integrates with Azure services to monitor and protect your windows-based machines  as well as Linux machines where   it collects the audit records from Linux machines by using audited, one of the common Linux auditing frameworks.  What are the benefits of Azure Defender for servers? The threat detection and protection capabilities provided with Azure Defender for servers includes: Integrated license for Microsoft Defender for Endpoint (Windows only)- Azure Defender for servers includes Microsoft Defender for Endpoint and together they can provide comprehensive Endpoint Detection and Response (EDR) capabilities.          When Defender for Endpoint detects a threat, it triggers an alert which is shown in Security                     Center. From t

  To read part 1 please click  here Azure Security Center Azure Security Center is a unified infrastructure security management system that is capable of strengthening the security posture of your data centers while providing advanced threat protection across your hybrid workloads in the cloud- whether they are in Azure or not- and on-premises. It offers you all the tools needed to harden your network, secure your services, as well as make sure you're on top of your security posture and addresses the three most urgent security challenges: Rapidly changing workloads- It's both the strength and challenge of the cloud. On the one hand, end users are empowered to do more, while on the other, how do you make sure that ever-changing services people are using and creating are up to your security standards as well as follow the best security practices? Increasingly sophisticated attacks- Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure yo

  To read part 2 please click  here Plan for Cloud Workload Protections Using Azure Defender  Azure Defender Azure Defender is known as the Cloud workload protection feature of the Azure Security Center and covers the two broad pillars of cloud security: Cloud Security Posture Management (CSPM)- Security Center is available for free to all the Azure users which includes CSPM features such as secure score, detection of the security misconfigurations in your Azure machines, asset inventory, and more. You can also use these CSPM features to strengthen your hybrid cloud posture and track compliance with the built-in policies. Cloud Workload Protection (CWP)- Security center's integrated Cloud Workload Protection Platform (CWPP), Azure Defender, brings advanced, intelligent protection to your Azure as well as hybrid resources and workloads while also enabling a wide range of extra security features. In addition to the built-in policies, if you enable any Azure Defender plan, you can als

  To read part 1 please click  here Assign Permissions A global administrator will always need to assign you and other compliance officers to the Insider Risk Management or Insider Risk Management Admin role group by using the Permissions module in the Microsoft 365 compliance center and once assigned to one of these roles, you will have the ability to assign additional users to the specific role groups to manage different sets of insider risk management features. You have the ability to choose from the following role group options when configuring insider risk management: Insider Risk Management- You can use this role group to manage risk management for your organization in a single group. It contains all the insider risk management permission roles and is the easiest way to quickly get started with insider risk management as well as a good fit for organizations that do not need separate permissions defined for separate groups of the users. Insider Risk Management Admin- You can use t

  For further details please click  here Insider Risk Management Traditional approaches to identify insider risks like user behavior analytics, monitoring user activity, and data loss prevention always suffers from the limitations such as complex deployment scenarios, limited insights, and a lack of workload integration beyond SecOps.  The Insider Risk Management solution in the Microsoft 365 leverages the Microsoft Graph, security services, and connectors to Human Resources (HR) systems like SAP, to obtain real-time native signals such as file activity, communication sentiment, abnormal user behaviors, and resignation date. The built-in policy templates allows you to identify and mitigate the risky activities while simultaneously balancing the employee privacy versus organization risks with privacy-by-design architecture. Finally, the end-to-end integrated workflows ensures that the right people across security, HR, legal, and compliance are involved to quickly investigate and take ac