|
1 | 1 | --- |
2 | | -title: Access & application controls tutorial - Microsoft Defender for Cloud |
| 2 | +title: Protect your VMs with Microsoft Defender for Servers |
3 | 3 | description: This tutorial shows you how to configure a just-in-time VM access policy and an application control policy. |
4 | 4 | ms.topic: tutorial |
5 | 5 | ms.custom: mvc |
6 | 6 | ms.date: 01/08/2023 |
7 | 7 |
|
8 | 8 | --- |
9 | | -# Tutorial: Protect your resources with Microsoft Defender for Cloud |
| 9 | +# Tutorial: Protect your VMs with Microsoft Defender for Servers |
10 | 10 |
|
11 | 11 | Defender for Cloud limits your exposure to threats by using access and application controls to block malicious activity. Just-in-time (JIT) virtual machine (VM) access reduces your exposure to attacks by enabling you to deny persistent access to VMs. Instead, you provide controlled and audited access to VMs only when needed. Adaptive application controls help harden VMs against malware by controlling which applications can run on your VMs. Defender for Cloud uses machine learning to analyze the processes running in the VM and helps you apply allowlist rules using this intelligence. |
12 | 12 |
|
13 | 13 | In this tutorial you'll learn how to: |
14 | 14 |
|
15 | 15 | > [!div class="checklist"] |
| 16 | +> |
16 | 17 | > * Configure a just-in-time VM access policy |
17 | 18 | > * Configure an application control policy |
18 | 19 |
|
19 | 20 | ## Prerequisites |
| 21 | + |
20 | 22 | To step through the features covered in this tutorial, you must have Defender for Cloud's enhanced security features enabled. A free trial is available. To upgrade, see [Enable enhanced protections](enable-enhanced-security.md). |
21 | 23 |
|
22 | 24 | ## Manage VM access |
| 25 | + |
23 | 26 | JIT VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. |
24 | 27 |
|
25 | 28 | Management ports don't need to be open always. They only need to be open while you're connected to the VM, for example to perform management or maintenance tasks. When just-in-time is enabled, Defender for Cloud uses Network Security Group (NSG) rules, which restrict access to management ports so they can't be targeted by attackers. |
26 | 29 |
|
27 | 30 | Follow the guidance in [Secure your management ports with just-in-time access](just-in-time-access-usage.md). |
28 | 31 |
|
29 | 32 | ## Harden VMs against malware |
| 33 | + |
30 | 34 | Adaptive application controls help you define a set of applications that are allowed to run on configured resource groups, which among other benefits helps harden your VMs against malware. Defender for Cloud uses machine learning to analyze the processes running in the VM and helps you apply allowlist rules using this intelligence. |
31 | 35 |
|
32 | 36 | Follow the guidance in [Use adaptive application controls to reduce your machines' attack surfaces](adaptive-application-controls.md). |
33 | 37 |
|
34 | 38 | ## Next steps |
| 39 | + |
35 | 40 | In this tutorial, you learned how to limit your exposure to threats by: |
36 | 41 |
|
37 | 42 | > [!div class="checklist"] |
| 43 | +> |
38 | 44 | > * Configuring a just-in-time VM access policy to provide controlled and audited access to VMs only when needed |
39 | 45 | > * Configuring an adaptive application controls policy to control which applications can run on your VMs |
40 | 46 |
|
|
0 commit comments