Utilize Defender for Cloud's Free Features to Enhance Your Security Posture

Introduction
A common misunderstanding is that Microsoft Defender for Cloud (MDC) is expensive. And whilst a lot of the features inside the cloud workload protection platform (CWPF) comes with a price tag MDC also has the cloud security posture management (CSPM) feature which is free.
A huge capability in the CSPM feature set is the Secure Score which lets you track the score of your security posture right now and over time.
How does it work?
The recommendations you see and your secure score is under the hood powered by Azure Policy. When you onboard a subscription to MDC it gets assigned the Microsoft cloud security benchmark policy (When viewed in Azure Policy you may see policies called ASC default: Subscription xxxx-xxxx, this is the same set of policies)
This contains a set of standard and best practice policies for enforcing security and protecting your workloads in the cloud for a range of services. This will audit your environment and match with the policy innitiatives and give you a secure score based on how closely your environment matches best practices.
When viewed in Microsoft Defender for Cloud it can look like this:

When viewed in Azure Policy:

You can now use the Defender Portal in Azure and see your secure score and work with the recommendations that are highlighted there. Some will not be applicable to you and you can chose to exempt those resources in order to get a better score. Here you can see that I get a secure score, recommendations divided into categories and the status of my resources:

Conclusion
Microsoft Defender for Cloud does not have to cost you a lot in order to start gaining benefits and give you an advantage. You can use the recommendations that are created from MDC working with Azure Policy and improve your secure score by remediating vulnerabilites.
It is shown though that paying the price for some of the more premium features in MDC has a decent ROI but that is a discussion for another time.
About me
