A company uses a hybrid environment with Azure virtual machines (IaaS) and on-premises Windows servers. The security team needs a single solution that continuously assesses the security posture of these workloads, provides a regulatory compliance dashboard with actionable recommendations, and enables threat detection. Which Microsoft security solution should they use?
Defender for Cloud delivers continuous assessment of security posture, regulatory compliance monitoring, and threat detection across Azure and hybrid workloads, making it the correct solution.
Why this answer
Microsoft Defender for Cloud is the correct answer because it provides a unified security management platform that continuously assesses the security posture of both Azure VMs (IaaS) and on-premises Windows servers via Azure Arc. It offers a regulatory compliance dashboard with actionable recommendations based on built-in standards like CIS, NIST, and Azure Security Benchmark, and integrates with Microsoft Defender for Cloud's workload protection plans to enable threat detection for these hybrid workloads.
Exam trap
The trap here is that candidates often confuse Microsoft Defender for Cloud (a posture management and threat protection platform) with Microsoft Sentinel (a SIEM), but the question specifically asks for a single solution that includes a compliance dashboard and continuous assessment, which is a core feature of Defender for Cloud, not Sentinel.
How to eliminate wrong answers
Option A is wrong because Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) focused on shadow IT discovery and data protection for SaaS applications, not on assessing the security posture or providing a compliance dashboard for IaaS VMs and on-premises servers. Option B is wrong because Microsoft Defender for Endpoint is an endpoint detection and response (EDR) solution that focuses on device-level threat detection and response, but it does not provide a regulatory compliance dashboard or continuous security posture assessment across hybrid workloads. Option D is wrong because Microsoft Sentinel is a cloud-native SIEM and SOAR solution that ingests logs and alerts for threat detection and incident response, but it is not primarily designed for continuous security posture assessment or out-of-the-box regulatory compliance dashboards; it requires custom workbooks and analytics rules for compliance reporting.