AZ-500 Defender for Cloud – configure Defender for Cloud and implement JIT recommendation

source: AZ500-AzureSecurityTechnologies

  • Configure Microsoft Defender for Cloud to monitor a virtual machine.
  • Review Microsoft Defender for Cloud recommendations for the virtual machine.
  • Implement recommendations for guest configuration and Just-in-time VM access.
  • Review how the Secure Score can be used to determine progress toward creating a more secure infrastructure.
  • Task 1: Configure Microsoft Defender for Cloud
  • Task 2: Review the Microsoft Defender for Cloud recommendations
  • Task 3: Implement the Microsoft Defender for Cloud recommendation to enable Just-in-time VM Access

Task 1: Configure Microsoft Defender for Cloud

On the top search bar type defender and select Defender for Cloud

On the left side bar click on Getting started > on the upgrade tab click the Upgrade button > then on the install tab click install agents

Once agents are installed go back to Getting started tab

On the Upgrade tab > scroll down until the Select workspaces with enhanced security features section is visible > Select your Log Analytics Workspace , then click the large Blue Upgrade button to turn on the Microsoft Defender plan.

On the left side bar go to Environment settings > click on your log analytics workspace and make sure enable all plans is selected, if not click on enable all plans button and click save.

Task 2: Review the Microsoft Defender for Cloud recommendation

On the left side bar go to Overview and review the Secure Score tile if available

Now go to the Inventory tile > click myVM and on Recommendations tab, review the list of recommendations for myVM

Task 3: Implement the Microsoft Defender for Cloud recommendation to enable Just-in-time VM Access

In this task, you will implement the Microsoft Defender for Cloud recommendation to enable Just-in-time VM Access on the virtual machine.

On the left side bar go to Overview > select the Workload protections tile > look at the bottom of the page for the advanced protection section and click on the Just-in time VM access tile

Select the Not Configured tab > select myVM > and click Enable JIT on 1 VM

Remove the port 22 option and click on save to save changes

Note: Monitor the progress of configuration by clicking on the Notifications icon in the toolbar and viewing the Notifications blade.

Note: It can take some time for the implementation of recommendations in this lab to be reflected by Secure Score. Periodically check the Secure Score to determine the impact of implementing these features.

Results: You have on-boarded Microsoft Defender for Cloud and implemented virtual machine recommendations.

Note: Do not remove the resources from this lab as they are needed for the Microsoft Sentinel lab.

Author: user

Leave a Reply

Your email address will not be published. Required fields are marked *