AI-powered Defense Strategies for Cloud Workloads with Microsoft Defender

Microsoft Events, with Parul Seth and Michael Withrow, presents an advanced session on using Microsoft Defender for Cloud and AI to detect and mitigate real-world cyberattacks in the cloud.

AI-powered Defense Strategies for Cloud Workloads with Microsoft Defender

Presented by Parul Seth and Michael Withrow at Microsoft Ignite 2025

Session Overview

This session demonstrates how Microsoft Defender for Cloud leverages AI to detect, analyze, and respond to sophisticated attacks targeting cloud storage and container environments.

Agenda Highlights

• Context setting and agenda
• Demo of a real-world cyberattack scenario
• Takeaways for cloud security practitioners

Industry Context

• Growing adoption of AI and cloud technologies is creating new security challenges.
• Organizations require robust solutions like CNAPP (Cloud-Native Application Protection Platform) to secure evolving environments.

Defender for Cloud Enhancements

• Expansion of Microsoft Defender for Cloud features into the Defender portal.
• Unified dashboard for cloud workload and container security monitoring.

Live Attack Demonstration

• Attacker bypasses content filters to enumerate secrets in cloud storage and containers.
• Visualization of an AI-powered, multi-stage attack progression using Defender for Cloud.

AI-Driven Security Response

• Integration with XDR (Extended Detection and Response) tools for threat identification and termination of attack vectors.
• AI-powered attack detection and triage with deep behavioral insights.
• Automated incident response to prevent lateral movement.

Technical Insights

• Real-time monitoring of complex cloud and container topologies.
• Defender for Cloud employs AI and ML models to analyze security telemetry and detect novel threats.
• CNAPP capabilities allow organizations to gain unified visibility and orchestrate responses across cloud resources.

Key Takeaways

• Leveraging AI in Microsoft Defender for Cloud enhances detection, investigation, and automated response to cloud-based threats.
• Combining XDR and CNAPP offers a defense-in-depth strategy for modern workloads.

Further Resources

• Microsoft Ignite
• Protection Plans Overview

---

Speakers: Parul Seth, Michael Withrow

*Session: BRK262

Advanced (300) Level*

For more details, view additional Microsoft Ignite sessions or consult the Microsoft Defender for Cloud documentation.