You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/data-security.md
+10-5Lines changed: 10 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,17 +28,21 @@ When you enable Defender for Storage Malware Scanning, it may share metadata, in
28
28
## Data protection
29
29
30
30
### Data segregation
31
+
31
32
Data is kept logically separate on each component throughout the service. All data is tagged per organization. This tagging persists throughout the data lifecycle, and it's enforced at each layer of the service.
32
33
33
34
### Data access
34
-
To provide security recommendations and investigate potential security threats, Microsoft personnel may access information collected or analyzed by Azure services, including process creation events, and other artifacts, which may unintentionally include customer data or personal data from your machines.
35
35
36
-
We adhere to the [Microsoft Online Services Data Protection Addendum](https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=17880), which states that Microsoft won't use customer data or derive information from it for any advertising or similar commercial purposes. We only use customer data as needed to provide you with Azure services, including purposes compatible with providing those services. You retain all rights to customer data.
36
+
To provide security recommendations and investigate potential security threats, Microsoft personnel may access information collected or analyzed by Azure services, including process creation events, and other artifacts, which may unintentionally include customer data or personal data from your machines.
37
+
38
+
We adhere to the [Microsoft Online Services Data Protection Addendum](https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=17880), which states that Microsoft won't use Customer Data or derive information from it for any advertising or similar commercial purposes. We only use Customer Data as needed to provide you with Azure services, including purposes compatible with providing those services. You retain all rights to Customer Data.
37
39
38
40
### Data use
41
+
39
42
Microsoft uses patterns and threat intelligence seen across multiple tenants to enhance our prevention and detection capabilities; we do so in accordance with the privacy commitments described in our [Privacy Statement](https://privacy.microsoft.com/privacystatement).
40
43
41
44
## Manage data collection from machines
45
+
42
46
When you enable Defender for Cloud in Azure, data collection is turned on for each of your Azure subscriptions. You can also enable data collection for your subscriptions in Defender for Cloud. When data collection is enabled, Defender for Cloud provisions the Log Analytics agent on all existing supported Azure virtual machines and any new ones that are created.
43
47
44
48
The Log Analytics agent scans for various security-related configurations and events it into [Event Tracing for Windows](/windows/win32/etw/event-tracing-portal) (ETW) traces. In addition, the operating system raises event log events during the course of running the machine. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, logged in user, and tenant ID. The Log Analytics agent reads event log entries and ETW traces and copies them to your workspace(s) for analysis. The Log Analytics agent also enables process creation events and command line auditing.
@@ -60,12 +64,11 @@ You can specify the workspace and region where data collected from your machines
60
64
| China | China |
61
65
| Australia | Australia |
62
66
63
-
64
67
> [!NOTE]
65
68
> **Microsoft Defender for Storage** stores artifacts regionally according to the location of the related Azure resource. Learn more in [Overview of Microsoft Defender for Storage](defender-for-storage-introduction.md).
66
69
67
-
68
70
## Data consumption
71
+
69
72
Customers can access Defender for Cloud related data from the following data streams:
70
73
71
74
| Stream | Data types |
@@ -75,9 +78,11 @@ Customers can access Defender for Cloud related data from the following data str
75
78
|[Azure Resource Graph](../governance/resource-graph/overview.md)| Security alerts, security recommendations, vulnerability assessment results, secure score information, status of compliance checks, and more. |
76
79
|[Microsoft Defender for Cloud REST API](/rest/api/defenderforcloud/)| Security alerts, security recommendations, and more. |
77
80
81
+
> [!NOTE]
82
+
> If there are no Defender plans enabled on the subscription, data will be removed from Azure Resource Graph after 30 days of inactivity in the Microsoft Defender for Cloud portal. After interaction with artifacts in the portal related to the subscription, the data should be visible again within 24 hours.
78
83
79
84
## Next steps
80
85
81
-
In this document, you learned how data is managed and safeguarded in Microsoft Defender for Cloud.
86
+
In this document, you learned how data is managed and safeguarded in Microsoft Defender for Cloud.
82
87
83
88
To learn more about Microsoft Defender for Cloud, see [What is Microsoft Defender for Cloud?](defender-for-cloud-introduction.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments