{"id":593,"date":"2022-08-18T13:00:13","date_gmt":"2022-08-18T13:00:13","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/?p=593"},"modified":"2024-11-04T14:50:06","modified_gmt":"2024-11-04T22:50:06","slug":"secure-product-infrastructure-security","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/","title":{"rendered":"How to secure your product infrastructure security"},"content":{"rendered":"\n<p><em>This is part two of a three-part series on product infrastructure security.<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Part 1: <a href=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/assess-product-infrastructure-security\/\" target=\"_blank\" rel=\"noopener\">How to assess your product infrastructure security<\/a><\/em><\/li>\n\n\n\n<li><em>Part 3: <a href=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/defend-product-infrastructure-security\" target=\"_blank\" rel=\"noopener\">How to defend your product infrastructure security<\/a><\/em><\/li>\n<\/ul>\n\n\n\n<p>Startup organizations often face a challenge in implementing the right products for enabling security for hybrid and multi-cloud deployments. The most common reason is the complexity of security solutions, which is compounded by the lack of a specialized security team. With <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/defender-for-cloud\/\" target=\"_blank\" rel=\"noopener\">Microsoft Defender for Cloud<\/a> the process of ensuring security of your cloud assets is simplified, so that you get to focus on solutions that add value to your business without worrying about your security posture.<\/p>\n\n\n\n<p>In the <a href=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/assess-product-infrastructure-security\/\" target=\"_blank\" rel=\"noopener\">first part of this blog series<\/a>, we explored the basics of product security posture management. We also explored how Microsoft Defender for Cloud helps defend your cloud deployments from infiltrations and threats and give a unified view of the state of security of your cloud deployments across different cloud platforms. In this second part, we&#8217;ll look at how to use Microsoft Defender for Cloud to secure your cloud infrastructure step by step.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Harden security using enhanced security features<\/h2>\n\n\n\n<p>While the free plan of Microsoft Defender for Cloud provides continuous security assessments and hardening recommendations, the enhanced security features offered by the service can be a definite game changer in enabling security of your workloads. Let\u2019s take a deeper look at these capabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Microsoft Defender for Endpoint<\/h3>\n\n\n\n<p>For robust endpoint detection and response (EDR), <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/endpoint-security\/microsoft-defender-endpoint\" target=\"_blank\" rel=\"noopener\">Microsoft Defender for Endpoint<\/a> is incorporated in Microsoft Defender for Servers. It helps with real time detection of attacks in a range of devices like Windows, Linux, macOS, Android, etc. Powered by best-in-class intelligent threat management algorithms, you can automate the remediation of identified threats at scale.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Vulnerability assessment<\/h3>\n\n\n\n<p>Microsoft Defender for Cloud provides vulnerability assessment for resources like virtual machines, SQL resources and container registries. You can configure auto provisioning to onboard the resources to Microsoft Defender for Cloud. The findings will be consolidated in Defender for cloud and can be investigated directly from the service console.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Multi-cloud and hybrid cloud security<\/h3>\n\n\n\n<p>Startups with resources deployed in AWS and Google cloud can connect those environments to Microsoft Defender for Cloud and monitor the security posture from a single pane. Non-Azure windows and Linux machines can be boarded by installing log analytics agents that communicate with Microsoft Defender for Cloud. Another option is to connect them to Azure Arc, Microsoft\u2019s hybrid and multi-cloud management solution, that provides machine policy management in addition to security hardening provided by Microsoft Defender for Cloud.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Threat protection alerts<\/h3>\n\n\n\n<p>Microsoft Defender for Cloud provides next-generation protection against ever evolving threat vectors like polymorphic and metamorphic malwares. The behavioral analytics and machine learning based approach helps in early detection and mitigation of attacks. It helps identify zero-day exploits for machines, networks, SQL servers, Azure storage, etc. Microsoft Defender for Cloud&#8217;s contextual threat intelligence alerts assist you in tracking the attack vector, conducting deeper investigations, and implementing faster remedies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance tracking<\/h3>\n\n\n\n<p>With enhanced security features enabled, you can assess the hybrid and multi-cloud deployments against several industry leading compliance standards and benchmarks. It provides a clear view of how many controls have passed or failed the assessment in your deployments. Remediation guidance for failed controls is also provided by the service. This makes life easier for startups working in highly regulated industries.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Access and application control<\/h3>\n\n\n\n<p>Adaptive application controls help you to control the type of applications that you want to run in your environment. You can create an allow list and a blocklist depending on your organization&#8217;s regulations, or you can use Microsoft Defender for Cloud&#8217;s machine learning-powered recommendations. To protect against brute force attacks that target allowed ports and services on virtual machines, you can leverage the just-in-time access control mechanisms that allow access only during a defined time period.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Container security<\/h3>\n\n\n\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/defender-for-containers-introduction\" target=\"_blank\" rel=\"noopener\">Microsoft Defender for Containers<\/a> provides a comprehensive security solution for your Kubernetes workloads running in Microsoft Azure as well as other cloud platforms. The service provides run time protection for your Linux nodes and Kubernetes clusters, alerting you of any malicious activity in these systems. Container images stored are scanned in real time for any vulnerabilities before they are stored in the container registry.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Azure resource threat detection<\/h3>\n\n\n\n<p>Microsoft Defender for Cloud provides native threat detection and protection for your Microsoft Azure cloud resources. The resources like Azure networks, Key Vault, Azure DNS, Azure Resource Manager are automatically onboarded and protected by the service against possible threats.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enable enhanced security features of Microsoft Defender for Cloud<\/h2>\n\n\n\n<p>To enable enhanced security features, browse to Azure portal &gt; Microsoft Defender for cloud &gt; Environment settings:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign in to the Azure portal<\/li>\n\n\n\n<li>Search for and select Microsoft Defender for Cloud<\/li>\n\n\n\n<li>From the Defender for Cloud\u2019s main menu, select Environment settings<\/li>\n\n\n\n<li>Select the subscription or workspace that you want to protect<\/li>\n\n\n\n<li>The Microsoft Defender plans page will open up<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2024\" height=\"966\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01.png\" alt=\"Defender plans\" class=\"wp-image-612\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01.png 2024w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01-300x143.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01-1024x489.png 1024w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01-768x367.png 768w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01-1536x733.png 1536w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-01-1920x916.png 1920w\" sizes=\"auto, (max-width: 2024px) 100vw, 2024px\" \/><\/figure><\/div>\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Select individual enhanced security features that you want to enable for the subscription and click on \u201cEnable all\u201d to enable all the features together. Click \u201cSave\u201d.<\/li>\n<\/ol>\n\n\n\n<p>Once the enhanced features are enabled, you can see notifications that confirm that the process is completed.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"206\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-02.png\" alt=\"Secure 02\" class=\"wp-image-613\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-02.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-02-300x98.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Multi-cloud and hybrid cloud protection<\/h2>\n\n\n\n<p>To add non-Azure machines in hybrid cloud deployments and to protect multi-cloud resources, browse to Microsoft Defender for cloud &gt; Getting started.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Under &#8220;Protect multi-cloud environments,&#8221; click on Configure.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"307\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-03.png\" alt=\"secure 03\" class=\"wp-image-614\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-03.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-03-300x146.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>From the drop down select either AWS or Google Cloud Platform to start the configuration process<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"706\" height=\"174\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-04.png\" alt=\"secure 04\" class=\"wp-image-615\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-04.png 706w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-04-300x74.png 300w\" sizes=\"auto, (max-width: 706px) 100vw, 706px\" \/><\/figure><\/div>\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>To add a new AWS environment, follow the steps outlined here: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/quickstart-onboard-aws\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/quickstart-onboard-aws<\/a><\/li>\n\n\n\n<li>To add a Google Cloud Project, follow the steps outlined here: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/quickstart-onboard-gcp\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/quickstart-onboard-gcp<\/a><\/li>\n\n\n\n<li>To onboard non-Azure machines, browse to Microsoft Defender for Cloud &gt; Getting started &gt; \u201cAdd non-Azure Servers\u201d &gt; Configure<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"234\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-05.png\" alt=\"secure 05\" class=\"wp-image-616\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-05.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-05-300x111.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Click on \u201cCreate New Workspace\u201d. Provide details of the workspace or resource group name, workspace name and region. Click on \u201cReview + Create\u201d.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"938\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-06.png\" alt=\"secure 06\" class=\"wp-image-617\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-06.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-06-300x298.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-06-150x150.png 150w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-06-768x763.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>Click on \u201cCreate\u201d to complete the provisioning process<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"890\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-07.png\" alt=\"secure 07\" class=\"wp-image-618\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-07.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-07-300x283.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-07-768x724.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li>Now you can onboard servers by installing the log analytics agent as outlined here: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/quickstart-onboard-machines\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/quickstart-onboard-machines<\/a><\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Auto provisioning of Microsoft Defender for agents and extensions<\/h2>\n\n\n\n<p>Auto provisioning will install Microsoft Defender for Cloud agents in target resources so that any new or existing resource is automatically onboarded to the service. This helps with speedier security management for all cloud resources supported.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the Azure portal, browse to Microsoft Defender for cloud &gt; Environment settings and select the target subscription.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"281\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-08.png\" alt=\"secure 08\" class=\"wp-image-619\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-08.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-08-300x134.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Click on \u201cAuto provisioning.&#8221; Select the extensions that you want to auto provision or click on \u201cEnable all extensions.&#8221;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"310\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-09.png\" alt=\"secure 09\" class=\"wp-image-620\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-09.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-09-300x148.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>You can configure the log analytics agent workspace to collect System security related event logs and configuration.&nbsp; From the \u201cLog Analytics for Azure VM\u201d extension configuration options, update the workspace and \u201cWindows security events\u201d raw data storage settings.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"311\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-095.png\" alt=\"secure 095\" class=\"wp-image-623\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-095.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-095-300x148.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<p>The default setting is \u201cNone\u201d i.e., the security events are not stored in workspace. For a full audit trail, the optimal configuration to use is \u201cCommon\u201d. Other options available are \u201cMinimal\u201d and \u201cAll events\u201d. One of these options can be selected as per your logging requirements. Click \u201cApply\u201d<\/p>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Click on Save to complete the configuration<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Workload protection<\/h2>\n\n\n\n<p>Threat detection and protection for your workloads in AWS, Azure, GCP or on-premises are provided by Microsoft Defender for Servers.<\/p>\n\n\n\n<p>By default, in enhanced security settings, Microsoft Defender for Servers Plan 2 is enabled, which provides the following capabilities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft Defender for Endpoint<\/li>\n\n\n\n<li>Microsoft threat and vulnerability management<\/li>\n\n\n\n<li>Automatic agent onboarding, alert, and data integration<\/li>\n\n\n\n<li>Just-in-time VM access for management ports<\/li>\n\n\n\n<li>Network layer threat detection<\/li>\n\n\n\n<li>Adaptive application controls<\/li>\n\n\n\n<li>File integrity monitoring<\/li>\n\n\n\n<li>Adaptive network hardening<\/li>\n\n\n\n<li>Integrated vulnerability assessment powered by Qualys<\/li>\n\n\n\n<li>Log Analytics 500MB free data ingestion<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>To deploy integrated vulnerability scanning for your onboarded machines, browse to Microsoft Defender for Cloud-&gt;Workload protections-&gt; VM vulnerability assessment:<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"307\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-10.png\" alt=\"secure 10\" class=\"wp-image-621\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-10.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-10-300x146.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Machines where a vulnerability assessment solution is not detected will be listed as an unhealthy resource. Select the resource and click on fix.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"534\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-11.png\" alt=\"secure 11\" class=\"wp-image-624\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-11.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-11-300x170.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-11-768x434.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Select from one of the following options to implement the vulnerability assessment solution<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"734\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-12.png\" alt=\"secure 12\" class=\"wp-image-625\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-12.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-12-300x233.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-12-768x597.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<p>You can either choose from one of the following integrated solutions &#8211; Threat and vulnerability management solution by Microsoft Defender for Endpoint or the vulnerability scanner powered by Qualys. If you already have the license to a third party scanner, you can use that as well in a BYOL model. Click on Proceed.<\/p>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>In the next screen provide confirmation to fix the resource<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"314\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-13.png\" alt=\"secure 13\" class=\"wp-image-626\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-13.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-13-300x150.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Once the deployment is successfully completed, you will get a notification<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"112\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-14.png\" alt=\"secure 14\" class=\"wp-image-627\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-14.png 624w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-14-300x54.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n<p>Note: Integrated vulnerability management solution is available for the following set of supported operating systems:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"400\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-15.png\" alt=\"secure 15\" class=\"wp-image-628\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-15.png 624w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-15-300x192.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Regulatory compliance<\/h2>\n\n\n\n<p>By default, <a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/benchmark\/azure\/\" target=\"_blank\" rel=\"noopener\">Azure Security Benchmark<\/a> based compliance assessment is enabled and you can view the status from Microsoft Defender for Cloud &gt; Overview.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"454\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-16.png\" alt=\"secure 16\" class=\"wp-image-629\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-16.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-16-300x216.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol class=\"wp-block-list\">\n<li>To add additional compliance standards for assessment, click on Microsoft Defender for Cloud &gt; Environment settings &gt; Select the target subscription &gt; Security policy. You can view additional compliance standards listed under \u201cIndustry &amp; regulatory standards.\u201d<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"588\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-17.png\" alt=\"secure 17\" class=\"wp-image-630\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-17.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-17-300x187.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-17-768x478.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<p>You can choose to enable standard from this view or Click on \u201cAdd more standards\u201d to see additional compliance standards.<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Select the standard you want to assess your environment against and click Add.<br><br>For example, if your organization is focused on the healthcare vertical and want to measure compliance against HITRUST\/HIPAA, you can select the standard from the list as shown here.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"595\" height=\"293\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-18.png\" alt=\"secure 18\" class=\"wp-image-631\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-18.png 595w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-18-300x148.png 300w\" sizes=\"auto, (max-width: 595px) 100vw, 595px\" \/><\/figure><\/div>\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>From the next screen, provide the scope of the policy initiative to be assigned, Assignment name and policy enforcement status. Click on Next<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"918\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-19.png\" alt=\"secure 19\" class=\"wp-image-632\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-19.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-19-300x292.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-19-768x747.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Provide policy specific parameters in the next window such as application names, diagnostic storage, resource group, certificate thumbprints, etc. Click on Next.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"848\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-20.png\" alt=\"secure 20\" class=\"wp-image-633\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-20.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-20-300x269.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-20-768x690.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Select the remediation options in the next window. Click on Next.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"890\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-21.png\" alt=\"secure 21\" class=\"wp-image-634\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-21.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-21-300x283.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-21-768x724.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>In the next window, you can select\/edit specific non-compliance messages related to the standard or add a default non-compliance message. Click Next.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"874\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-23.png\" alt=\"secure 23\" class=\"wp-image-636\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-23.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-23-300x278.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-23-768x711.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>Click on create to complete the configuration<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"896\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-22.png\" alt=\"secure 22\" class=\"wp-image-635\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-22.png 944w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-22-300x285.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-22-768x729.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure><\/div>\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li>You will get notifications once the compliance standard is added<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"234\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-24.png\" alt=\"secure 24\" class=\"wp-image-637\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-24.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-24-300x111.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li>The standard will now be listed in the Security policy page<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"287\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-25.png\" alt=\"secure 25\" class=\"wp-image-638\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-25.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-25-300x137.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Access and application control<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>To enable just-in-time access for machines, browse to workload protection and select the \u201cJust-in-time\u201d access tile.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"334\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-26.png\" alt=\"secure 26\" class=\"wp-image-639\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-26.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-26-300x159.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>In the just-in-time VM access configuration page, click the tab \u2018Not configured\u2019 and Select the machine for which you want to enable JIT access. Click on the Enable JIT button.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"302\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-27.png\" alt=\"secure 27\" class=\"wp-image-640\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-27.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-27-300x144.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Click save to accept the recommended policies or click on \u201cAdd\u201d to create a custom policy<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"147\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-28.png\" alt=\"secure 28\" class=\"wp-image-641\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-28.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-28-300x70.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>While creating custom policy, add details like port number, protocol, allowed source IPs and maximum duration for which the access should be enabled. Click \u2018OK\u2019 to add the access rule.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"309\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-29.png\" alt=\"secure 29\" class=\"wp-image-642\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-29.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-29-300x147.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Click \u2018Save\u2019 to complete the configuration<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"630\" height=\"159\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-30.png\" alt=\"secure 30\" class=\"wp-image-643\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-30.png 630w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-30-300x76.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/figure><\/div>\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>To enable adaptive application controls, browse to Workload protections &gt; Adaptive application control.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1301\" height=\"880\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-31.png\" alt=\"secure 31\" class=\"wp-image-644\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-31.png 1301w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-31-300x203.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-31-1024x693.png 1024w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-31-768x519.png 768w\" sizes=\"auto, (max-width: 1301px) 100vw, 1301px\" \/><\/figure><\/div>\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>View the group of recommended allowlist machines from the \u201cRecommended\u201d tab<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"887\" height=\"444\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-32.png\" alt=\"secure 32\" class=\"wp-image-645\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-32.png 887w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-32-300x150.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-32-768x384.png 768w\" sizes=\"auto, (max-width: 887px) 100vw, 887px\" \/><\/figure><\/div>\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li>Select the group for which you want to enable adaptive application control. From the next window, select the machines and review the list of recommended applications that you want to allow list. Click on \u201cAudit\u201d to apply the rule.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"456\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-33.png\" alt=\"secure 33\" class=\"wp-image-646\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-33.png 675w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-33-300x203.png 300w\" sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><\/figure><\/div>\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li>You can view the list of configured rules from Workload protections dashboard &gt; Adaptive application controls. To add additional custom rules, click on \u201cAdd rule\u2019 and add the rule data<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"502\" src=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-34.png\" alt=\"secure 34\" class=\"wp-image-647\" srcset=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-34.png 857w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-34-300x176.png 300w, https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/secure-34-768x450.png 768w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<p>Enabling Microsoft Defender for cloud protection for your multi-cloud resources is just a matter of a few clicks. You can use the details outlined in the blog to get started with strengthening your security posture with Microsoft Defender for Cloud. In the <a href=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/defend-product-infrastructure-security\" target=\"_blank\" rel=\"noopener\">final part of this blog series<\/a>, we will do a deep dive on the concept of secure score and how you can leverage it and the threat detection capabilities provided by Microsoft Defender for Cloud to protect your infrastructure from malicious attacks.<\/p>\n\n\n\n<p><em>To get access to Azure Cloud and much more for your startup, <a href=\"https:\/\/foundershub.startups.microsoft.com\/blog\/signup\" target=\"_blank\" rel=\"noopener\">sign up today to Microsoft for Startups Founders Hub<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is part two of a three-part series on product infrastructure security. Startup organizations often face a challenge in implementing the right products for enabling security for hybrid and multi-cloud deployments. The most common reason is the complexity of security solutions, which is compounded by the lack of a specialized security team. With Microsoft Defender&#8230;<\/p>\n","protected":false},"author":7,"featured_media":822,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"footnotes":""},"categories":[6],"tags":[189,188,190],"coauthors":[473],"class_list":["post-593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development","tag-hybrid-and-multi-cloud","tag-microsoft-defender-for-cloud","tag-product-infrastructure-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to secure your product infrastructure security - Microsoft for Startups Blog<\/title>\n<meta name=\"description\" content=\"Practical tips to face the challenge of implementing the right products for enabling security for hybrid and multi-cloud deployments.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Part 2 of this fascinating series on product infrastructure security\" \/>\n<meta property=\"og:description\" content=\"Follow along with Microsoft for Startups CTO-in-residence, Ilias Jennane in the second part of the series on securing your product infrastructure security\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft for Startups Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Microsoft4Startups\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-18T13:00:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-04T22:50:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/Secure-sharing.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Allison Rose\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Part 2 of this fascinating series on product infrastructure security\" \/>\n<meta name=\"twitter:description\" content=\"Follow along with Microsoft for Startups CTO-in-residence, Ilias Jennane in the second part of the series on securing your product infrastructure security\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/Secure-sharing.png\" \/>\n<meta name=\"twitter:creator\" content=\"@msft4startups\" \/>\n<meta name=\"twitter:site\" content=\"@msft4startups\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Allison Rose\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\"},\"author\":{\"name\":\"Allison Rose\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/cdc70ed36560b19aa28d20f5ca633adc\"},\"headline\":\"How to secure your product infrastructure security\",\"datePublished\":\"2022-08-18T13:00:13+00:00\",\"dateModified\":\"2024-11-04T22:50:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\"},\"wordCount\":1970,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg\",\"keywords\":[\"hybrid and multi-cloud\",\"Microsoft Defender for Cloud\",\"product infrastructure security\"],\"articleSection\":[\"Development\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\",\"name\":\"How to secure your product infrastructure security - Microsoft for Startups Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg\",\"datePublished\":\"2022-08-18T13:00:13+00:00\",\"dateModified\":\"2024-11-04T22:50:06+00:00\",\"description\":\"Practical tips to face the challenge of implementing the right products for enabling security for hybrid and multi-cloud deployments.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg\",\"width\":960,\"height\":540,\"caption\":\"Two people read data on a monitor together\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to secure your product infrastructure security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/\",\"name\":\"Microsoft for Startups Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization\",\"name\":\"Microsoft for Startups Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft for Startups Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Microsoft4Startups\/\",\"https:\/\/x.com\/msft4startups\",\"https:\/\/www.linkedin.com\/company\/microsoftforstartups\/\",\"https:\/\/www.instagram.com\/microsoftforstartups\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/cdc70ed36560b19aa28d20f5ca633adc\",\"name\":\"Allison Rose\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/image\/a53c270e688e65c23c74dbda643bc341\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cc6cd19d5baa693e4016a0319ea6811b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cc6cd19d5baa693e4016a0319ea6811b?s=96&d=mm&r=g\",\"caption\":\"Allison Rose\"},\"url\":\"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/author\/arose\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to secure your product infrastructure security - Microsoft for Startups Blog","description":"Practical tips to face the challenge of implementing the right products for enabling security for hybrid and multi-cloud deployments.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/","og_locale":"en_US","og_type":"article","og_title":"Part 2 of this fascinating series on product infrastructure security","og_description":"Follow along with Microsoft for Startups CTO-in-residence, Ilias Jennane in the second part of the series on securing your product infrastructure security","og_url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/","og_site_name":"Microsoft for Startups Blog","article_publisher":"https:\/\/www.facebook.com\/Microsoft4Startups\/","article_published_time":"2022-08-18T13:00:13+00:00","article_modified_time":"2024-11-04T22:50:06+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/Secure-sharing.png","type":"image\/png"}],"author":"Allison Rose","twitter_card":"summary_large_image","twitter_title":"Part 2 of this fascinating series on product infrastructure security","twitter_description":"Follow along with Microsoft for Startups CTO-in-residence, Ilias Jennane in the second part of the series on securing your product infrastructure security","twitter_image":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2020\/08\/Secure-sharing.png","twitter_creator":"@msft4startups","twitter_site":"@msft4startups","twitter_misc":{"Written by":"Allison Rose","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/"},"author":{"name":"Allison Rose","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/cdc70ed36560b19aa28d20f5ca633adc"},"headline":"How to secure your product infrastructure security","datePublished":"2022-08-18T13:00:13+00:00","dateModified":"2024-11-04T22:50:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/"},"wordCount":1970,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg","keywords":["hybrid and multi-cloud","Microsoft Defender for Cloud","product infrastructure security"],"articleSection":["Development"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/","name":"How to secure your product infrastructure security - Microsoft for Startups Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg","datePublished":"2022-08-18T13:00:13+00:00","dateModified":"2024-11-04T22:50:06+00:00","description":"Practical tips to face the challenge of implementing the right products for enabling security for hybrid and multi-cloud deployments.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2022\/09\/MS-Startups-Blog_Post-593_960x540.jpg","width":960,"height":540,"caption":"Two people read data on a monitor together"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/secure-product-infrastructure-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/"},{"@type":"ListItem","position":2,"name":"How to secure your product infrastructure security"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/","name":"Microsoft for Startups Blog","description":"","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#organization","name":"Microsoft for Startups Blog","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp","contentUrl":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-content\/uploads\/2024\/11\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft for Startups Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Microsoft4Startups\/","https:\/\/x.com\/msft4startups","https:\/\/www.linkedin.com\/company\/microsoftforstartups\/","https:\/\/www.instagram.com\/microsoftforstartups\/"]},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/cdc70ed36560b19aa28d20f5ca633adc","name":"Allison Rose","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/#\/schema\/person\/image\/a53c270e688e65c23c74dbda643bc341","url":"https:\/\/secure.gravatar.com\/avatar\/cc6cd19d5baa693e4016a0319ea6811b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc6cd19d5baa693e4016a0319ea6811b?s=96&d=mm&r=g","caption":"Allison Rose"},"url":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/author\/arose\/"}]}},"msxcm_display_generated_audio":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts\/593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/comments?post=593"}],"version-history":[{"count":2,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts\/593\/revisions"}],"predecessor-version":[{"id":2614,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/posts\/593\/revisions\/2614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/media\/822"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/media?parent=593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/categories?post=593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/tags?post=593"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/startups\/blog\/wp-json\/wp\/v2\/coauthors?post=593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}