Discover insights into Microsoft Defender for Cloud as a CNAPP that combines CSPM (posture, recommendations, inventory) and CWPP (workload protection) – and learn what is truly free vs what unlocks with paid plans.

Learn the practical difference between Foundational CSPM and Defender CSPM, including attack path analysis, Cloud Security Explorer, Data & AI posture (DSPM / AI-SPM), and how risk-based prioritisation changes the way you act on findings.

Understand what the CWPP modules actually catch in real life (not marketing terms): examples like MITRE ATT&CK-style App Service threats, SQL injection/anomalous logins, storage exfiltration patterns, Kubernetes runtime threats + CI/CD image gating, Key Vault misuse, suspicious ARM control-plane operations, OWASP API threats, and GenAI risks like prompt injection and wallet abuse.

Uncover a decision framework for “what’s worth paying for” in your environment by mapping protections to business risk and tooling overlap (e.g., WAF vs App Service signals, Foundry guardrails vs Defender for AI Services, XDR integration value, and when log-based DIY monitoring is enough). This is a conference-first session: we’ll run quick audience-driven scenarios and do live walk-through style demos where participants choose the attack path, workload, and budget constraints.

I’m excited about this topic because I keep seeing organisations either enable everything blindly or avoid the platform entirely due to cost uncertainty. My goal is that you leave with a clear, actionable “starter pack” of modules, a prioritised upgrade path, and the confidence to explain the spend to both engineers and decision-makers – without turning security into a licence guessing game.

Assumed Knowledge:

You should know basic Azure components that are available.

Practical Takeaways:

Clear understanding what you are getting with paid Defender for Cloud services and my recommendations when to use and what.

Out of Session Scope:

We will NOT cover basic Azure services and deep configuration best practises on Defender for Cloud.