This article describes the scope of services and support available when requesting assistance implementing Microsoft Defender for Cloud with your Managed Cloud PaaS 1.0 Deployment.
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that is made up of security measures and practices that are designed to protect cloud-based applications from various cyber threats and vulnerabilities.
Microsoft Defender for Cloud helps to prevent, detect, and respond to threats with the increased visibility into and control over the security of your resources. It provides integrated security monitoring and policy management across your subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
Defender for Cloud combines the capabilities of:
* Azure Policies for Microsoft Defender for Cloud are not included, configured or enabled for Microsoft Defender for Cloud on MCS PaaS 1.0.
For the detailed information, refer to the following sections:
Sitecore Managed Cloud Standard – PaaS 1.0 includes the option to provision Azure Defender for Cloud CPSM and Workload protection.
Review the official Microsoft Azure Defender for Cloud documentation for a comprehensive overview of the features and services when deploying Microsoft Defender for Cloud.
Sitecore will deploy the Azure Services required to implement Microsoft Defender for Cloud while provisioning your Sitecore Environment.
Customers looking to apply for Microsoft Defender for Cloud in their environments should submit a request through the Sitecore Support Portal or contact their Sitecore Account Manager.
Review the following article for further details on the Azure Services included in your Sitecore Environment PaaS 1.0:
Support Information - Sitecore Managed Cloud Standard – topologies and tiers for Sitecore XP 10.0 and higher
Note that not all Azure Resources are eligible for Defender Workload protection. Upon deployment, Sitecore will enable Defender plans for Cloud Workload protection on the following resource types.
To enable Microsoft Defender for Cloud in a Sitecore Managed Cloud environment, customers must:
Sitecore will review and confirm the request, after which Microsoft Defender for Cloud will be enabled and configured.
The charts on the following pages use the coding system outlined as follows:
|
RACI Description |
Customer/Partner |
Sitecore |
|
Customer to request Sitecore Environment |
R, A |
C, I |
|
Sitecore Managed Cloud Operations team to deploy Microsoft Defender Workload Protection |
C, I |
R, A |
|
Microsoft Defender Logging enabled within Customers Log Analytics Workspace |
C, I |
R, A |
|
Ongoing Monitoring of Cloud Defender Logs and recommendations |
R, A |
C, I |
|
Production Implementation Actions |
Customer/Partner |
Sitecore |
|
Microsoft Defender for Cloud Workload Protection for App Services Enabled |
C, I |
R, A |
|
Microsoft Defender for Cloud Workload Protection for SQL Server Enabled |
C, I |
R, A |
|
Microsoft Defender for Cloud Workload Protection for Storage Accounts Enabled |
C, I |
R, A |
|
Sitecore Environment – Provisioning |
Customer/Partner |
Sitecore |
|
Review of Microsoft Defender for Cloud Logs and Recommendations |
R, A |
C, I |
|
Ingestion of Microsoft Defender for Cloud Logs into Customer defined SIEM |
R, A |
C, I |
Refer to the following links provided by Microsoft for a definitive guide to implementing Microsoft Azure Defender for Cloud:
Is Azure Defender for Cloud included for all Managed Cloud customers?
No. Defender for Cloud is available as an add-on service for PaaS 2.0 customers only. Customers who choose PaaS 2.0 Advanced Hub will benefit from workload protection for their Production Spoke and Primary Hub resources. To activate this service on PaaS 1.0 customers will need to contact their account manager.
Is Azure Defender available for DR and non-production environments?
Yes, the customers may request that Azure Defender Workload Protection be deployed into their Non-Production Environments.
Is Sitecore actively analyzing the Defender for Cloud findings and recommendations?
Sitecore will not provide ongoing analysis of the Defender for Cloud findings and recommendations. The service intends to give the customers out-of-the-box protection as developed by Microsoft.
Is this service intended to replace my existing SIEM?
No, the customers should not see this as a replacement for any existing SIEM already in place. The recommendation is for customers to extend the logging provided by Azure Defender for Cloud into their existing log management and SIEM tools.