Skip to main content
Get network security recommendations with Microsoft Defender for Cloud. This lesson explains how Defender for Cloud evaluates and protects your Azure virtual networks and connected cloud resources. You will learn the recommended security controls, the baselines and benchmarks Defender for Cloud applies, and how to monitor, investigate, and respond to network-related security findings. Topics covered:
  • Microsoft’s recommended best practices for network security.
  • Security baselines and benchmarks applied by Defender for Cloud to evaluate your environment.
  • How Defender for Cloud helps identify compliance gaps and map findings to regulatory standards.
  • Methods to monitor, investigate, and respond to security alerts and recommendations that Defender for Cloud generates.
By the end of this lesson you will understand how Defender for Cloud assesses network security posture, surfaces actionable recommendations, and supports continuous monitoring and incident response.
Tip: To follow along, ensure you have Reader access to a subscription or resource group with Defender for Cloud enabled. For recommendation remediation, contributor-level permissions are typically required.

What you will learn (at a glance)

Why this matters

Defender for Cloud continuously assesses your network configuration and traffic controls to surface misconfigurations, unprotected exposures, or deviations from recommended baselines. Addressing these recommendations reduces attack surface, improves compliance, and helps prevent lateral movement and data exposure.
Important: Some network security recommendations require configuration changes that may impact traffic flow. Always validate changes in a staging environment and test connectivity after applying rule or route updates.

High-level workflow

  1. Defender for Cloud collects configuration and telemetry from your subscription and resources.
  2. It evaluates resources against built-in security controls and chosen benchmarks.
  3. Recommendations and alerts are generated, prioritized by severity and exposure.
  4. You investigate findings using the portal, logs, and integrated threat intelligence.
  5. Apply remediations manually or with automated playbooks and track progress.

Resources and next steps

By the end of this lesson you will be prepared to use Defender for Cloud to assess network security posture, act on prioritized recommendations, and implement continuous monitoring and incident response processes.

Watch Video