# Microsoft Defender for Cloud ## Lab scenario You have been asked to create a proof of concept of Microsoft Defender for Cloud-based environment. Specifically, you want to: * Configure Microsoft Defender for Cloud to monitor a virtual machine. * Review Microsoft Defender for Cloud recommendations for the virtual machine. * Implement recommendations for guest configuration and Just in time VM access. * Review how the Secure Score can be used to determine progress toward creating a more secure infrastructure. > For all the resources in this lab, we are using the **East US** region. Verify with your instructor this is the region to use for class. ## Lab objectives In this lab, you will complete the following exercise: * Exercise 1: Implement Microsoft Defender for Cloud ### Microsoft Defender for Cloud diagram ![image](https://user-images.githubusercontent.com/91347931/157537800-94a64b6e-026c-41b2-970e-f8554ce1e0ab.png) ## Exercise 1: Implement Microsoft Defender for Cloud In this exercise, you will complete the following tasks: * Task 1: Configure Microsoft Defender for Cloud * Task 2: Review the Microsoft Defender for Cloud recommendations ### **Task 1: Configure Microsoft Defender for Cloud** In this task, you will on-board and configure Microsoft Defender for Cloud. 1. Sign-in to the Azure portal **`https://portal.azure.com/`**. > **Note**: Sign in to the Azure portal using an account that has the Owner or Contributor role in the Azure subscription you are using for this lab. 2. In the Azure portal, in the **Search resources, services, and docs** text box at the top of the Azure portal page, type **Microsoft Defender for Cloud** and press the **Enter** key. 3. If it hasn't been completed previously, on the **Microsoft Defender for Cloud | Getting started** blade, click **Upgrade**. 4. If it hasn't been completed previously, on the **Microsoft Defender for Cloud | Getting started** blade, in the **Install agents** tab, scroll down and click **Install agents**. 5. On the **Microsoft Defender for Cloud | Getting started** blade, on the **Upgrade** tab >> in the **Select workspaces with enhanced security features** section >> turn on the **Microsoft Defender plan** by selecting your Log Analytics Workspace. > **Note**: Review all the features that are available as part of Microsoft Defender plans. 6. Navigate to **Microsoft Defender for Cloud** and click **Environment Settings** under the Management settings, in the vertical menu bar on the left side. 7. On the **Microsoft Defender for Cloud | Environment Settings** blade, click the relevant subscription. 8. On the **Defender plans** blade, select **Enable all Microsoft Defender for Cloud Plans** and click **Save**. 9. On the **Settings | Defender Plans** blade, in the verticle menu on the left side, click **Auto provisioning**. 10. On the **Settings | Auto provisioning** blade, make sure that Auto provisioning is set to **On** for the first item **Log Analytics agent for Azure VMs**. 11. On the **Settings | Workflow automation** blade, review the available settings. > **Note**: You can trigger actions based threat detection alerts and Microsoft Defender for Cloud recommendations. You can also configure an action based on Logic apps. 12. On the **Add workflow automation** blade, review the avilable settings. > **Note**: Microsoft Defender for Cloud provides many insights into virtual machines including system update status, OS security configurations, and endpoint protection. 13. On the **Add workflow automation** blade, click **Cancel**. 14. Navigate back to the **Microsoft Defender for Cloud | Environment Settings** blade, expand your subscription, and click the entry representing the Log Analytics workspace you created in the previous lab. 15. On the **Settings | Defender plans** blade, ensure that **Enable all Microsoft Defender for Cloud plans** is selected and click **Save**. 16. Select **Data collection** from the **Microsoft Defender for Cloud | Settings** blade. Select **All Events** and **Save**. ### **Task 2: Review the Microsoft Defender for Cloud recommendation** In this task, you will review the Microsoft Defender for Cloud recommendations. 1. In the Azure portal, navigate back to the **Microsoft Defender for Cloud | Overview** blade. 2. On the **Microsoft Defender for Cloud | Overview** blade, review the **Secure Score** tile. > **Note**: Record the current score if it is available. 3. Navigate back to the **Microsoft Defender for Cloud | Overview** blade, select **Assessed resources**. 4. On the **Inventory** blade, select the **myVM** entry. > **Note**: You might have to wait a few minutes and refresh the browser page for the entry to appear. 5. On the **Resource health** blade, on the **Recommendations** tab, review the list of recommendations for **myVM**.