Let’s now get a good overview of Defender for Cloud and see where it fits in the security landscape. When we look at two similar products, Defender for Cloud and Azure Sentinel, we find that Defender for Cloud is really focused on proactive hardening, whereas Azure Sentinel is geared towards detection and response. We’ll delve into Azure Sentinel later on in this course, but it’s important to highlight the differences between these two, as they are often discussed together.
Microsoft Defender for Cloud Overview
In your Azure tenant, Microsoft Defender for Cloud provides you with a CNAPP, which stands for Cloud Native Application Protection Platform. This encompasses all of your cloud detection tools, CI/CD security, identity risk assessments, and runtime threat detection, all within one platform.

Within this platform, we have Cloud Security Posture Management, a feature that gives you a good idea of how secure your environment is and how secure your cloud is. Additionally, we have Cloud Workload Protection, which allows you to dive deeper into runtime protection against escalation attempts or other issues that may arise in your environment.
Proactive Hardening and Compatibility
Microsoft Defender for Cloud offers proactive hardening through recommendations that help you further secure your systems. Notably, this platform is unique because it is not limited to Azure; you can apply it to AWS, GCP, and even your on-premise workloads and bare metal infrastructure in your data centers.

Other CNAPP offerings you might compare this to include products like Prism Cloud, Wiz, or Orca.
Protection Capabilities
So, what does Defender for Cloud actually provide? It protects against a wide range of threats, including:
- Malware and ransomware
- Brute force attacks
- SQL injection and cross-site scripting
- VM vulnerabilities
- Network attacks
- File integrity and configuration drift
- Privilege escalation attempts
- Lateral movement attempts
- Exposed management ports
- Unpatched OS and software
- Misconfigured security settings

This comprehensive protection covers all workloads you may be running in Azure, such as VMs, key vaults, workloads running on AKS, containers, and storage. Essentially, it serves as a single dashboard—a single pane of glass—to manage all potential attacks and ensure you are being proactive in your defenses.
Secure Score and Compliance
A particularly unique feature of Defender for Cloud is the secure score, which provides a high-level overview of your environment’s security status. This score might be 100, or it could be lower, indicating areas that require action. It’s a useful overview that you can display on your dashboard to monitor in real time how secure you are, what levels of protection you have in place, and what changes you need to make.

Another important feature of Defender for Cloud is its focus on compliance and governance. If you are aiming for compliance with standards like NIST, CIS benchmarks, or PCI DSS, this tool allows you to track your compliance throughout its lifecycle. It helps ensure that you remain consistently compliant with these controls, such as the NS2, which may require remediation.

By default, Azure groups these controls together in what is known as Azure Security Benchmarks. These benchmarks represent best practices that encompass NIST, CIS, PCI DSS, and other popular frameworks that are essential for measuring your progress in completing compliance requirements.
Responses