- What the compliance view shows and how to interpret it
- Compliance dashboard features and reporting
- How to attach standards and view their policy initiatives
- How recommendations are generated and acted on
- Defender plans, coverage, and cost considerations

- Which compliance standards are attached to the selected scope (so you know what’s actively monitored).
- Expanded security controls (for example, Network Security) showing discrete checks Defender for Cloud performs—NSG rules, firewall configuration, subnet association, etc. Many checks reference industry mappings like
NS-1,NS-2(CIS) or controls from the Azure Security Benchmark. - Targeted recommendations for specific resources (for example: VMs, subnets, or firewalls that require configuration changes).
- A visual summary of how many resources fail each control and the severity of those failures so you can prioritize remediation.
Below is an example security alerts dashboard that shows detected threats, their severity, and affected resources.

- Open Microsoft Defender for Cloud (search for “Defender for Cloud” in the Azure portal).
- From the Defender for Cloud overview, select Regulatory compliance.
- Click Manage compliance standards to open Environment settings.
- Choose the environment scope (subscription or management group).
- Under Security policies you’ll see the Azure Policy initiatives (frameworks) available to attach and configure.

- Microsoft Cloud Security Benchmark: ~227 recommendations
- CIS: ~169 recommendations
- NIST and others: may require additional parameters (for example, VM audit settings) before evaluation begins

- Defender for Cloud evaluates resources using the Azure Policy initiatives attached to each compliance standard plus built-in security assessment rules.
- After enabling a standard, Defender for Cloud scans resources and generates recommendations. Expect results within ~8–24 hours depending on resource count and evaluation cadence.
- Each recommendation provides context: risk details, remediation steps, automation options (Logic Apps playbooks), and the option to exempt or suppress specific resources when appropriate.

- Associate a subnet with a Network Security Group (NSG).
- Ensure NSGs follow published best practices and rules order (mappings like
NS-1,NS-2). - Configure firewalls and route tables to align with your selected benchmarks.
- Broader detection and protections for servers, App Services, containers, and databases
- Additional security recommendations and deeper telemetry
- Integration with EDR and endpoint protection for advanced investigations

Allow 8–24 hours after enabling a compliance standard for recommendations to appear. The time can vary based on resource count and evaluation cadence.
Enabling Defender plans (CSPM/CWP) increases visibility and protection but may incur additional charges. Review pricing and required coverage before enabling.
- Microsoft Defender for Cloud maps industry frameworks to Azure Policy initiatives, presents a consolidated compliance dashboard, and provides prioritized remediation recommendations.
- Attach frameworks at the subscription or management group level via Environment settings → Security policies.
- After enabling frameworks, allow time for policy evaluations to populate recommendations.
- Evaluate the cost/benefit of enabling Defender plans to expand workload protection and detection.
- Microsoft Defender for Cloud overview: https://learn.microsoft.com/azure/defender-for-cloud/
- Azure Policy overview: https://learn.microsoft.com/azure/governance/policy/overview
- Azure Security Benchmark: https://learn.microsoft.com/azure/security/fundamentals/azure-security-benchmark
- Secure Score in Defender for Cloud: https://learn.microsoft.com/azure/defender-for-cloud/secure-score
- Azure DDoS Protection: https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview