PART 7: SECURITY SERVICES

7.1 Microsoft Defender for Cloud

Overview

Cloud security posture management + workload protection.

Key Features

• Secure Score
• Recommendations
• Regulatory Compliance
• Asset Inventory
• Workflow Automation

Defender Plans

Plan	Protects
Servers	VMs, on-prem
SQL	Database security
Storage	Blob, Files
Containers	AKS, ACR

Key Feature

JIT VM Access: Opens RDP/SSH ports temporarily to reduce attack surface.

7.2 Microsoft Sentinel

Overview

Cloud-native SIEM + SOAR platform.

Components

• Data Connectors
• Analytics Rules
• Incidents
• Workbooks
• Playbooks
• Threat Hunting

Key Features

• UEBA
• Automation (SOAR)
• KQL queries
• Threat intelligence integration

7.3 Azure Policy

Overview

Enforce compliance rules across resources.

Key Concepts

• Policy Definition
• Policy Assignment
• Initiatives
• Exemptions

Effects

Effect	Description
Deny	Block non-compliant resources
Audit	Log violations
DeployIfNotExists	Auto-deploy missing configs
Modify	Update resource properties

7.4 Azure Blueprints

Package of policies, RBAC, and templates for compliant deployments.

7.5 Azure WAF

Overview

Protect web apps from OWASP Top 10 attacks.

Modes

• Detection (log only)
• Prevention (block + log)

7.6 Azure Confidential Computing

Encrypt data in use using trusted execution environments.