Quick Guide to Microsoft Defender for Cloud Security Workbooks

Get running with your first workbook in no time

Save to My DOJO

Quick Guide to Microsoft Defender for Cloud Security Workbooks

Microsoft Azure enables you to create different workloads and host them in the cloud. These workloads are virtual machines, databases, NSG, load balancers, and many others. They are stored within resource groups (logical boundaries). Ingress and egress traffic is something that is continuously cycling, and they need to be properly protected.

Microsoft does everything it can to protect cloud workloads against malicious security activities. They provide us with controls such as ACLs and network security services such as DDoS protection, NSG (Network Security Groups), WAP (Web Application Firewall), and Azure Firewall. All these security controls had their own dashboard to visualize the existing security statuses.

That is the exact challenge many IT professionals are facing. Several security controls are visualized in several different dashboards. This was not convenient. IT administrators needed a single user interface (UI) that visualizes everything in one place, so Microsoft released Azure Security Center.

Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud. Microsoft also renamed Azure Defender plans to Microsoft Defender plans. You can learn more about affected renaming on this Protect your business with Microsoft Security’s comprehensive protection.

What does Microsoft Defender for Cloud Include?

It covers three parts: continuously assess, secure, and defend. Continuous assessment helps you understand your security posture, Secure to harden connected resources and services and Defend to detect and resolve threats to cloud workloads.

Defender for Cloud fills three vital needs

Defender for Cloud fills three vital needs

Microsoft Defender for Cloud protects Azure native services, hybrid, and multi-cloud protection. That includes protection for Azure PaaS (Azure App Services, Azure SQL, Azure Storage Accounts, Azure activity log, and many more), Azure data services (automatically classify your data in Azure SQL), and Networks (protection against brute force attacks).

That is not all. You can extend protection from the cloud to on-premises workloads. In order to do it, you will need to deploy Azure Arc.

How to Deploy a Workbook

As Microsoft Defender for Cloud is a native Azure service, the installation does not take long. Firstly, you need a subscription to Microsoft Azure, if you don’t have it, you can get a trial subscription.

What are the minimal permissions to load the workbook? Azure requires read permissions on the subscription from which you want to read data from.

Secondly, you need to know that the free Microsoft Defender plan is already enabled on all your Azure subscriptions. If you want to extend it to more advanced protection that includes more features, you must enable it. There is a 30 days trial that comes at no cost.

Microsoft Defender for Cloud plans

Microsoft Defender for Cloud plans

Microsoft provides you with a pricing calculator to estimate how much does it cost to protect your multi-cloud and hybrid environments with Defender for Cloud. You can access it here Microsoft Defender for Cloud pricing.

The deployment procedure of the workbook itself is quite straightforward, and it takes up to a minute. You can install one of two options and deploy the workbook either to the commercial or the Azure government cloud. You can click directly on one of the buttons below to make an installation or navigate to Network Security Dashboard for Microsoft Defender for Cloud Github repository.

Once you choose the deployment option, you need to specify the subscription, resource group, region, and workgroup name, type, source ID, and ID. You will also need to agree to the terms of service to create the resource successfully.

Create Azure workbook

Create Azure workbook

Once you deploy it, open Microsoft Defender for Cloud (search for it) and navigate to Workbook on the left side within the Azure device tree. That will open the workbooks you have. You can open the one you created by clicking on Recently modified workbooks. In my case, that is “Network Security Dashboard” for resource group “prod-infra-EU.”

Choose your workbook

Choose your workbook

What does the Microsoft Defender for Cloud cover?

Upon activation, Microsoft Defender for Cloud will be enabled for resources within your resource group including servers, app service, SQL, MySQL, MariaDB, storage, containers, Kubernetes, ARM, DNS, Key Vault, and others.

Some of the Azure resources covered by Microsoft Defender for Cloud

Some of the Azure resources covered by Microsoft Defender for Cloud

The new dashboard provides a unified view of your Azure subscription’s network configuration and security. It is based on Azure Resource Graphs (ARG) queries. Using these queries Azure can retrieve real-time metrics and visualize them accordingly. The workbook comes predefined, but you can customize it based on your needs.

Microsoft: The Network Security Dashboard is free to use for all customers and does not require you to be a paid customer of Defender for Cloud.

Once you open it will provide you with several tabs and options including an Overview, Public IPs & Exposed Ports, Network Security Services, Internal Networking, Gateway/VPN services, Traffic Manager, Security Recommendations. All these options include several sub-options which you can see if you navigate to a certain tab.

Network Security Dashboard for Microsoft Defender for Cloud

Network Security Dashboard for Microsoft Defender for Cloud

You can also contribute to the community with your customized queries. If you want to learn more please check Azure Workbooks for Microsoft Defender for Cloud.

Does Microsoft plan any enhancements?

According to Microsoft, Application Security Group (ASG) and Outbound rules on Azure Firewall will be added in the future.

Did you know that Altaro Backup supports backing up virtual machines from your Hyper-V or VMware to Azure storage? Indeed, it does. Firstly, you need to create an Azure storage account within your Azure resource group. After that, by using the Altaro VM Backup console, you need to create and configure offsite copies from on-premise to Azure cloud storage.

Here is quite an interesting real-world scenario: Altaro VM backup backs up virtual machines to the onsite location to Synology and offsite backup to Azure Cloud storage. You can read more details on how to do it in this article: Backup Hyper-V VMs to Synology and Azure Cloud Storage.

Conclusion

This free workbook we’ve covered is a handy way to visualize your security posture in a single pane of glass. I hope you enjoyed reading this article. Feel free to connect with me and check out the latest content on my blog TechwithJasmin.com.

Altaro Hyper-V Backup
Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Leave a comment or ask a question

Your email address will not be published. Required fields are marked *

Your email address will not be published.

Notify me of follow-up replies via email

Yes, I would like to receive new blog posts by email

What is the color of grass?

Please note: If you’re not already a member on the Dojo Forums you will create a new account and receive an activation email.

cyber security roundtable