Azure

At Ignite 2025, Microsoft announced that Defender for Cloud is now available in the Microsoft Defender unified security portal (security.microsoft.com). This integration brings a single pane of glass experience across the Microsoft security product line. Security teams who don’t necessarily work directly with Azure workload deployments can now view important security metrics concerning: asset vulnerabilities attack paths secure scores prioritized security recommendations Prerequisites Before enabling this feature, ensure you have: ...

Using container app jobs for self-hosted Azure DevOps agents allows for more control over what is running on your DevOps agents. Both VMSS and the newer managed DevOps pools give you the option to run agents on your own virtual network which is excellent for securing network traffic but if you also need to have control what is running on them then configuring the agents with docker in a container app job is a good option. You also have the added security of Defender for containers integration to ensure you can keep your images secure. ...

Regulatory compliance Azure has a feature in Microsoft Defender for Cloud called regulatory compliance that allows you to start getting your cloud compliance under control. Central to this feature is the Microsoft Cloud Security Benchmark. What is the Microsoft Cloud Security Benchmark? The MCSB for short, is a set of practices that form a track of the Cloud adoption framework for Azure from Microsoft. This has been traditionally a set of best practices and guidelines for cloud deployments but more recently it has been integrated into the Defender for Cloud portal to provide that bridge from the adoption framework to reporting on resources against best practices. ...

In my previous blog DevOps Security with Microsoft Defender for Cloud I introduced the DevOps Security features in Defender for Cloud and how you can link and scan your GitHub code repositories for vulnerabilities before they hit your infrastructure platforms. In this blog I am going to focus on the options for fixing code issues based on the reporting findings from Defender for Cloud. Findings As mentioned previously, all of the reporting from your connected repositories appears under findings in the security overview dashboard of DevOps Security. ...

Following Microsoft Ignite in Nov 2023, Defender for DevOps has now become DevOps security. In practice this means that a lot of the features which were previously in public preview are now generally available. But first… what is DevOps security in Defender for Cloud? DevOps Security This feature of Defender for Cloud provides end-to-end security for code-based deployments from the well-known major source code repositories available in the market. These can be selected from the environment settings of the DevOps security blade in Defender for Cloud with GitLab being the most recent addition to the environment list. ...