Set Up Multicloud Connectors
Implementation Effort: Medium — Requires onboarding AWS and GCP environments using connectors and configuring them via the Azure portal or programmatically.
User Impact: Low — Multicloud connector setup is handled by administrators; no end-user interaction is required.
Overview
Setting up multicloud connectors in Microsoft Defender for Storage (via Defender for Cloud) enables visibility and protection for storage workloads across AWS and GCP. These connectors allow Defender for Cloud to ingest metadata, assess security posture, and apply threat detection across non-Azure environments.
You can set up connectors in two main ways:
- Azure Portal: Use the guided onboarding experience to connect AWS accounts or GCP projects.
- Programmatic Deployment: Use the Defender for Cloud REST API along with CloudFormation templates (for AWS) or Cloud Shell scripts (for GCP). These scripts are available for download in the portal and vary depending on the Defender plans you enable 1.
Once connected, Defender for Cloud provides:
- Unified visibility across cloud platforms
- Integration with CSPM and CWP features
- Threat detection and alerting for storage and other workloads
If multicloud connectors are not configured, your organization may lack visibility into security risks and misconfigurations in AWS and GCP, leading to potential blind spots in your Zero Trust strategy.
This setup supports the Zero Trust principle of "Assume Breach" by extending threat detection and posture management to all cloud environments.