Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionimplementing-azure-defender-for-cloudExecute the skills CLI command in your project's root directory to begin installation:
Fetches implementing-azure-defender-for-cloud from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate implementing-azure-defender-for-cloud. Access via /implementing-azure-defender-for-cloud in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | implementing-azure-defender-for-cloud |
| description | 'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation. ' |
| domain | cybersecurity |
| subdomain | cloud-security |
| tags | - cloud-security - azure - defender-for-cloud - cspm - cwpp - security-recommendations |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_ai_rmf | - MEASURE-2.7 - MAP-5.1 - MANAGE-2.4 |
| atlas_techniques | - AML.T0070 - AML.T0066 - AML.T0082 |
| nist_csf | - PR.IR-01 - ID.AM-08 - GV.SC-06 - DE.CM-01 |
Do not use for non-Azure workload protection exclusively (use AWS Security Hub or GCP SCC), for application-level security testing (use Azure DevOps DAST/SAST), or for identity-specific protection (use Microsoft Defender for Identity).
Enable the appropriate Defender plans for each workload type requiring protection.
# Enable Defender for Cloud CSPM (foundational posture management)
az security pricing create --name CloudPosture --tier standard
# Enable Defender for Servers
az security pricing create --name VirtualMachines --tier standard \
--subplan P2
# Enable Defender for Containers
az security pricing create --name Containers --tier standard
# Enable Defender for Storage
az security pricing create --name StorageAccounts --tier standard \
--subplan PerStorageAccount
# Enable Defender for SQL
az security pricing create --name SqlServers --tier standard
# Enable Defender for Key Vault
az security pricing create --name KeyVaults --tier standard
# Enable Defender for App Service
az security pricing create --name AppServices --tier standard
# Verify all enabled plans
az security pricing list \
--query "[].{Plan:name, Tier:pricingTier, SubPlan:subPlan}" -o table
Enable automatic deployment of monitoring agents to VMs and containers.
# Enable auto-provisioning of Log Analytics agent
az security auto-provisioning-setting update \
--name default --auto-provision on
# Configure Log Analytics workspace for data collection
az security workspace-setting create \
--name default \
--target-workspace "/subscriptions/SUB_ID/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/SecurityWorkspace"
# Enable Defender for Containers auto-provisioning components
az security setting update \
--name Sentinel \
--setting-kind DataExportSettings
# Verify auto-provisioning status
az security auto-provisioning-setting list -o table
Retrieve security recommendations and prioritize remediation based on secure score impact.
# Get the current secure score
az security secure-score list \
--query "[].{Name:displayName, Current:current, Max:max, Percentage:percentage}" -o table
# List all active security recommendations
az security assessment list \
--query "[?status.code=='Unhealthy'].{Name:displayName, Severity:metadata.severity, Category:metadata.category, ResourceCount:status.cause}" \
-o table
# Get recommendations sorted by severity
az security assessment list \
--query "[?status.code=='Unhealthy'] | sort_by(@, &metadata.severity)" \
-o table
# Get detailed recommendation with remediation steps
az security assessment show \
--name ASSESSMENT_ID \
--query "{Name:displayName, Description:metadata.description, Severity:metadata.severity, Remediation:metadata.remediationDescription}"
# List recommendations by control
az security secure-score-controls list \
--query "[].{Control:displayName, CurrentScore:current, MaxScore:max, NotHealthy:notHealthyResourceCount}" \
-o table
Enable compliance standards and monitor adherence across subscriptions.
# List available regulatory compliance standards
az security regulatory-compliance-standards list \
--query "[].{Standard:name, State:state}" -o table
# Enable specific compliance standards
az security regulatory-compliance-standards update \
--name "CIS-Azure-2.0" --state "Enabled"
az security regulatory-compliance-standards update \
--name "PCI-DSS-4.0" --state "Enabled"
az security regulatory-compliance-standards update \
--name "NIST-SP-800-53-R5" --state "Enabled"
# Get compliance status for a specific standard
az security regulatory-compliance-controls list \
--standard-name "CIS-Azure-2.0" \
--query "[].{Control:id, Description:displayName, State:state, PassedResources:passedResources, FailedResources:failedResources}" \
-o table
# Get failing assessments for a control
az security regulatory-compliance-assessments list \
--standard-name "CIS-Azure-2.0" \
--control-name "2.1" \
--query "[?state=='Failed'].{Assessment:id, State:state}" -o table
Configure alert notifications and automated response workflows.
# Create security contact for alert notifications
az security contact create \
--name "SecurityTeam" \
--email "[email protected]" \
--phone "+1-555-0199" \
--alert-notifications on \
--alerts-to-admins on
# List active security alerts
az security alert list \
--query "[?status=='Active'].{Name:alertDisplayName, Severity:severity, Time:timeGeneratedUtc, Status:status}" \
-o table
# Create workflow automation for high-severity alerts (Logic App trigger)
az security automation create \
--name "high-severity-alert-response" \
--resource-group "security-rg" \
--scopes "[{\"description\":\"Full subscription\",\"scopePath\":\"/subscriptions/SUB_ID\"}]" \
--sources "[{
\"eventSource\":\"Alerts\",
\"ruleSets\":[{
\"rules\":[{
\"propertyJPath\":\"Severity\",
\"propertyType\":\"String\",
\"expectedValue\":\"High\",
\"operator\":\"Equals\"
}]
}]
}]" \
--actions "[{
\"logicAppResourceId\":\"/subscriptions/SUB_ID/resourceGroups/security-rg/providers/Microsoft.Logic/workflows/alert-response\",
\"actionType\":\"LogicApp\"
}]"
Configure advanced workload protection features for runtime security.
# Enable Just-In-Time VM access
az security jit-policy create \
--resource-group "production-rg" \
--name "jit-policy" \
--virtual-machines "[{
\"id\":\"/subscriptions/SUB_ID/resourceGroups/production-rg/providers/Microsoft.Compute/virtualMachines/web-server-01\",
\"ports\":[
{\"number\":22,\"protocol\":\"TCP\",\"allowedSourceAddressPrefix\":\"*\",\"maxRequestAccessDuration\":\"PT3H\"},
{\"number\":3389,\"protocol\":\"TCP\",\"allowedSourceAddressPrefix\":\"*\",\"maxRequestAccessDuration\":\"PT3H\"}
]
}]"
# Request JIT access when needed
az security jit-policy initiate \
--resource-group "production-rg" \
--name "jit-policy" \
--virtual-machines "[{
\"id\":\"VM_ID\",
\"ports\":[{\"number\":22,\"endTimeUtc\":\"2026-02-23T15:00:00Z\",\"allowedSourceAddressPrefix\":\"10.0.1.50\"}]
}]"
# Review adaptive application control recommendations
az security adaptive-application-controls list \
--query "[].{Group:displayName, Recommendation:recommendationAction, VMCount:vmRecommendations|length(@)}" \
-o table
| Term | Definition |
|---|---|
| Microsoft Defender for Cloud | Azure-native security platform providing CSPM and cloud workload protection (CWP) across Azure, hybrid, and multi-cloud environments |
| Secure Score | Numerical measure of an organization's security posture based on the percentage of security recommendations that have been implemented |
| Security Recommendation | Actionable guidance from Defender for Cloud to improve security posture, prioritized by severity and secure score impact |
| Defender Plan | Workload-specific protection tier (Servers, Containers, SQL, Storage, etc.) that enables advanced threat detection for specific resource types |
| Just-In-Time VM Access | Feature that reduces attack surface by blocking management ports (SSH/RDP) by default and granting time-limited access on request |
| Adaptive Application Controls | Machine-learning-based allowlisting that recommends which applications should be allowed to run on VMs |
Context: An enterprise with 20 Azure subscriptions needs to enable Defender for Cloud with server, container, and SQL protection while establishing a compliance baseline against CIS Azure 2.0.
Approach:
Pitfalls: Defender for Servers P2 costs per server per hour. For environments with many VMs, costs can escalate quickly. Use Defender for Servers P1 for development subscriptions and P2 only for production. Auto-provisioning of agents may conflict with existing agent deployments managed by SCCM or other tools.
Microsoft Defender for Cloud Deployment Report
=================================================
Organization: Acme Corp
Subscriptions: 20 (12 production, 8 non-production)
Deployment Date: 2026-02-23
DEFENDER PLANS ENABLED:
CloudPosture (CSPM): 20 / 20 subscriptions
Servers P2: 12 / 20 (production only)
Containers: 12 / 20 (production only)
SQL: 12 / 20 (production only)
Storage: 20 / 20 all subscriptions
Key Vault: 20 / 20 all subscriptions
SECURE SCORE:
Current: 62% (baseline)
Target: 80% within 90 days
COMPLIANCE STATUS (CIS Azure 2.0):
Compliant controls: 78 / 142 (55%)
Non-compliant controls: 52 / 142
Not applicable: 12 / 142
RECOMMENDATIONS:
Critical: 8 recommendations affecting 34 resources
High: 24 recommendations affecting 89 resources
Medium: 56 recommendations affecting 234 resources
Low: 34 recommendations affecting 112 resources
SECURITY ALERTS (Last 7 Days):
High severity: 3
Medium severity: 12
Low severity: 28
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
Registry listing for implementing-azure-defender-for-cloud matched our evaluation — installs cleanly and behaves as described in the markdown.
I recommend implementing-azure-defender-for-cloud for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
implementing-azure-defender-for-cloud reduced setup friction for our internal harness; good balance of opinion and flexibility.
Keeps context tight: implementing-azure-defender-for-cloud is the kind of skill you can hand to a new teammate without a long onboarding doc.
I recommend implementing-azure-defender-for-cloud for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Registry listing for implementing-azure-defender-for-cloud matched our evaluation — installs cleanly and behaves as described in the markdown.
I recommend implementing-azure-defender-for-cloud for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
implementing-azure-defender-for-cloud fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Useful defaults in implementing-azure-defender-for-cloud — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
implementing-azure-defender-for-cloud reduced setup friction for our internal harness; good balance of opinion and flexibility.
showing 1-10 of 32