Security and Microsoft Defender for Cloud
Microsoft Defender for Cloud (MDC) is Azure's native security platform. It combines two roles: CSPM (configuration and posture assessment) and CWPP (workload protection — VMs, containers, databases). ZEUS does not replace Defender — it reads data from it and enriches it with context from other clouds.
Secure Score — a measure of posture
Defender computes a Secure Score (0-100%) based on how well security recommendations are met. Each recommendation has a weight and maps to specific controls. It is a quick indicator of "how secure is my environment".
# Aktualny Secure Score subskrypcji
az security secure-scores list -o table
# Lista aktywnych rekomendacji (assessments)
az security assessment list -o table
Defender plans (CWPP)
Defender has separate, paid plans per resource type:
| Plan | Protects | Example detection |
|---|---|---|
| Defender for Servers | VMs | malware, suspicious logins |
| Defender for Containers | AKS, images | CVE vulnerabilities, runtime threats |
| Defender for SQL | Azure SQL | SQL injection, access anomalies |
| Defender for Storage | storage accounts | malware upload, anonymous access |
# Włącz plan Defender for Servers
az security pricing create --name VirtualMachines --tier Standard
Recommendations and regulatory compliance
Defender maps the environment state to standards: the Microsoft Cloud Security Benchmark (MCSB), ISO 27001, PCI DSS, NIST. This is the basis for compliance reporting — but limited to Azure. This is where ZEUS comes in.
Tip: Defender generates alerts (active threats, requiring a response) and recommendations (configuration weaknesses, to be fixed proactively). Do not confuse them — an alert is a "here and now" incident, a recommendation is technical debt.
How ZEUS sees it
ZEUS integrates with Defender for Cloud through the Azure security API (the same
Service Principal with the Reader role plus Security Reader). It pulls in:
- Recommendations and assessments — so as not to duplicate scanning that Microsoft has already performed.
- Security alerts — into the shared SecOps queue in ZEUS, alongside alerts from AWS GuardDuty and GCP SCC.
- Secure Score — as one of the posture signals in the Security360 view.
The value of ZEUS lies in consolidation: a Defender alert, an AWS finding and a GCP misconfiguration land in a single queue with one prioritization model and MITRE ATT&CK mapping — instead of in three separate consoles.
In the last lesson of this track we will see exactly how the ZEUS connector to Azure is configured.