Azure Defender: Manual Configuration for Non-Auto Provisioned Azure Resources

Manually Configuring Protection for Azure Resources

Question

You are a SOC Analyst for company XYZ that is deploying cloud workload protection with Azure Defender.

Your work is to ensure Azure Defender automatically protects the Azure resources.

Your organization has a small number of Azure virtual machines that are not part of the auto provisioning scheme.

You must manually configure protection for these Azure resources.

Which of the below is an extension of auto provisioning?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: C.

xe Settings | Auto provisioning

Contoso

PB Search ctritn | «

Settings

‘Azure Defender plans
Auto provisioning ]
@ Email notifications
© integrations

3 Workflow automation

Continuous export

@ Cloud connectors

Auto provisioning - Extensions

Security Center collects security data and events from your resources and services to help you prevent, detect, and respond to threats.
‘When you enable an extension, it will be installed on any new or existing resource, by assigning a security policy. Learn more

Enable all extensions

Show in inventory

Extension Status Resources missing extension
Log Analytics agent for
‘Azure VMs @- TA 14 0f 34 virtual machines

Microsoft Dependency ©) Off 15 of 33 virtual machines
agent (preview) @ a

Show in inventory

2 1 of 1 managed cluster
Show in inventory

Description
Collects security-related configurations and
‘event logs from the machine and stores the
data in your Log Analytics workspace for
analysis. Learn more

You can collect and store network traffic

data by onboarding to the VM insights
service. Learn more

Extends Gatekeeper v3, to apply at-scale
‘enforcements and safeguards on your
clusters in a centralized, consistent manner.
Requires Kubernetes v1.140 or later.

Learn more.

Configuration

Selected workspace: nsg
Security events: Common
Edit configuration

Reference:

The correct answer is not explicitly mentioned in the options provided. However, to help you understand the concepts, let's discuss each of the options and their relevance to auto provisioning in Azure Defender.

Auto provisioning is a feature of Azure Defender that automatically protects all eligible Azure resources that are deployed or created after the Defender is enabled. The resources are automatically onboarded and enrolled for protection.

Option A: Windows Events - Windows Events are logs generated by the Windows operating system that capture information about system activities and events. While Windows Events are useful for detecting and investigating security incidents, they are not related to auto provisioning in Azure Defender.

Option B: Policy for Azure Policy - Azure Policy is a service in Azure that allows you to create, assign, and manage policies to enforce compliance and governance across your Azure resources. Policy for Azure Policy is not an extension of auto provisioning in Azure Defender, as it does not relate to the automatic protection of Azure resources.

Option C: Policy Add-on for Kubernetes - Kubernetes is an open-source container orchestration platform used for automating the deployment, scaling, and management of containerized applications. The Policy Add-on for Kubernetes is an extension of Azure Policy that allows you to create and enforce policies for Kubernetes resources deployed on Azure Kubernetes Service (AKS). While this option is related to policies and extensions, it is not related to auto provisioning in Azure Defender.

Option D: Policy for DNS - DNS (Domain Name System) is a hierarchical naming system that translates domain names into IP addresses. Policy for DNS is a feature of Azure DNS that allows you to create and enforce policies for DNS zones to ensure compliance with naming conventions and other requirements. While DNS security is important for securing Azure resources, Policy for DNS is not an extension of auto provisioning in Azure Defender.

In summary, none of the options listed are extensions of auto provisioning in Azure Defender. Therefore, the correct answer is not provided in the options given. To manually configure protection for Azure resources that are not part of the auto provisioning scheme, you would need to enroll these resources for protection manually.