Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that provides security posture management and threat protection across multicloud and hybrid environments. The platform combines two primary functions: - Cloud Security Posture Management (CSPM): Continuously assesses cloud resources for misconfigurations, compliance gaps, and security risks across Azure, AWS, and Google Cloud environments. - Cloud Workload Protection Platform (CWPP): Provides runtime threat detection and protection for workloads including virtual machines, containers, databases, storage, and app services. Key capabilities include: - Secure Score: A quantified measure of an organization's security posture with prioritized recommendations for improvement. - Regulatory compliance tracking: Maps security controls to industry standards and regulatory frameworks. - Attack path analysis: Identifies potential attack paths that adversaries could exploit to reach critical assets. - Agentless and agent-based scanning: Supports both deployment models for vulnerability assessment and threat detection. - DevSecOps integration: Provides security insights across code pipelines and development environments. - Workload-specific protections: Dedicated plans for servers, containers, databases, storage, APIs, and key vaults. - Threat intelligence integration: Uses Microsoft threat intelligence to detect active threats and suspicious activity. - Alerts and incidents: Generates security alerts with investigation details and recommended response actions. The platform is accessible through the Azure portal and integrates with Microsoft Sentinel for SIEM correlation and broader security operations workflows.