Welcome to the Microsoft Defender for Cloud community repository

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

MAPS cloud scanner and response parser for Microsoft Defender research.

Microsoft Defender for Cloud threat matrix for Kubernetes

Microsoft Defender for Cloud attack simulation toolkit

Additional resources to improve customer experience with Microsoft Defender for Cloud Apps

Simple CLIENT side bypass for the Microsoft Defender for Cloud Apps Proxy

Microsoft Defender for Cloud Cookbook, published by Packt

Enable the programmatic deployment and management of Microsoft Defender for Cloud using code

Azure Logic Apps that create Azure DevOps work items from Microsoft Sentinel and Defender for Cloud alerts, and dismiss the alert upon completion of the workitem.

No description available

Cloudcooks-M365Cooking – A spicy collection of Microsoft 365 recipes for Intune, Entra ID, Defender, and beyond. From PowerShell scripts and Graph API hacks to deployment blueprints and security hardening “dishes,” this repo serves up ready-to-use automation and configuration guides for IT pros who like their cloud well-seasoned.

Microsoft Defender for Cloud Masterclass (for Partners) event

PowerShell for working with Microsoft Defender for Cloud Apps API

This Repository provides detection rule when Recommendation of Microsoft Defender for Cloud state was changed to "Unhealthy".

A curated collection of Cloud DFIR and threat‑hunting resources focused on Microsoft Sentinel, Defender XDR, Azure, and Microsoft 365. Includes KQL hunting queries, Sentinel workbook JSONs, notebook configurations, SOAR automations, and practical detection engineering artifacts for real‑world investigations and SOC operations.

NHS England's Cloud Centre of Excellence Microsoft Defender for Endpoint repo.

Terraform module to configure Microsoft Defender for Cloud (aka Security Center) on Azure

No description available

No description available

This article is about Microsoft Defender for Cloud Apps, exploring its functionalities and practical use cases to illuminate how it fortifies cloud security.

Securing Azure Virtual Machines with Microsoft Defender for Cloud

No description available

Use Microsoft Defender for Cloud, for Azure, hybrid cloud, and on-premises workload protection and security. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.

Splunk event generator add-on for Microsoft Defender for Cloud

Microsoft Sizing Scripts for Defender for Cloud CSPM and Entra Permissions Management

Microsoft Defender for Cloud の GitHub Advanced Security 機能をデモするためのリポジトリ

Portal-only lab to demonstrate governance guardrails using Azure Policy (Deny) and security posture visibility using Microsoft Defender for Cloud

Modular threat hunting and incident response toolkit using Microsoft Defender, KQL, and MITRE ATT&CK. Built for SOC analysts and cloud security engineers.

Enterprise SOC lab - Active Directory + MITRE Caldera C2 + Microsoft Defender for Business. Adversary emulation, cloud EDR incident triage, and MITRE ATT&CK detection gap analysis.