DEASM new article

Author: ElazarK

articles/defender-for-cloud/TOC.yml

@@ -207,8 +207,8 @@
       - name: Investigating risks with security explorer/attack paths
         displayName: cloud security graph, attack path analysis, cloud security explorer, attack, path, graph, security, explorer
         href: concept-attack-path.md
-      - name: Integration with Defender EASM
-        displayName: EASM, attack surface management
+      - name: External attack surface management (EASM)
+        displayName: EASM, attack surface management, integration
         href: concept-easm.md
       - name: Critical assets protection
         href: critical-assets-protection.md
@@ -424,6 +424,9 @@
         - name: Build queries with cloud security explorer
           displayName: queries, security explorer, explorer, templates, query
           href: how-to-manage-cloud-security-explorer.md
+        - name: Detect exposed IP addresses
+          displayName: exposed, ip, addresses, easm
+          href: detect-exposed-ip-addresses.md
     - name: Built-in security protections
       items:
         - name: Use Purview to protect sensitive data

articles/defender-for-cloud/concept-easm.md

@@ -1,18 +1,14 @@
 ---
-title: Microsoft Defender for Cloud integration with Defender External attack surface management (EASM)
+title: External attack surface management (EASM)
 description: Learn about Defender for Cloud integration with Defender External attack surface management (EASM) to enhance security and reduce the risk of attacks.
 ms.topic: concept-article
-ms.date: 05/20/2024
+ms.date: 07/02/2024
 #customer intent: As a reader, I want to learn about the integration between Defender for Cloud and Defender External attack surface management (EASM) so that I can enhance my organization's security.
 ---
 
-# Integration with Defender EASM
+# External attack surface management (EASM)
 
-You can use Microsoft Defender for Cloud's integration with Microsoft Defender External Attack Surface Management (EASM) to improve your organization's security posture, and reduce the potential risk of being attacked.
-
-An external attack surface is the entire area of an organization or system that is susceptible to an attack from an external source. The attack surface is made up of all the points of access that an unauthorized person could use to enter their system. The larger your attack surface is, the harder it's to protect.
-
-Defender EASM continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall.
+Microsoft Defender for Cloud's integration with Microsoft Defender External Attack Surface Management (EASM), allows organizations to improve their security posture while reducing the potential risk of being attacked by exploring their external attack surface.
 
 Defender EASM applies Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by applying vulnerability and infrastructure data to showcase the key areas of concern for your organization, such as:
 
@@ -21,14 +17,17 @@ Defender EASM applies Microsoft’s crawling technology to discover assets that
 - Pinpoint attacker-exposed weaknesses, anywhere and on-demand
 - Gain visibility into third-party attack surfaces
 
-EASM collects data for publicly exposed assets (“outside-in”). Defender for Cloud CSPM (“inside-out”) can use that data to assist with internet-exposure validation and discovery capabilities, to provide better visibility to customers.
+With this information, security and IT teams are able to identify unknowns, prioritize risks, eliminate threats, and extend vulnerability and exposure control beyond the firewall. The attack surface is made up of all the points of access that an unauthorized person could use to enter their system. The larger your attack surface is, the harder it's to protect.
+
+EASM collects data on publicly exposed assets (“outside-in”) which Defender for Cloud's  Cloud Security Posture Management (CSPM) (“inside-out”) plan uses to assist with internet-exposure validation and discovery capabilities.
 
 ## Defender CSPM integration
 
-While [Defender CSPM](concept-cloud-security-posture-management.md) includes some external attack surface management capabilities, it doesn't include the full EASM solution. Instead, it provides detection of internet accessible assets via Defender for Cloud recommendations and attack paths.
+The intergartion with Defender EASM is included with the Defender CSPM plan and doesn't require a license from DEASM.
 
-## Next steps
+While [Defender CSPM](concept-cloud-security-posture-management.md) includes some external attack surface management capabilities, it doesn't include the full EASM solution. Instead, it provides detection of internet accessible assets via Defender for Cloud recommendations and attack paths.
 
-- Learn about [cloud security explorer and attack paths](concept-attack-path.md) in Defender for Cloud.
-- Learn about [Defender EASM](../external-attack-surface-management/overview.md).
-- Learn how to [deploy Defender for EASM](../external-attack-surface-management/deploying-the-defender-easm-azure-resource.md).
+## Related content
+- [Cloud security explorer and attack paths](concept-attack-path.md) in Defender for Cloud.
+- [Defender EASM overview](../external-attack-surface-management/overview.md).
+- [Deploy Defender for EASM](../external-attack-surface-management/deploying-the-defender-easm-azure-resource.md).

articles/defender-for-cloud/detect-exposed-ip-addresses.md

@@ -0,0 +1,85 @@
+---
+title: Detect exposed IP addresses
+description: Learn how to detect exposed IP addresses with cloud security explorer in Microsoft Defender for Cloud to proactively identify security risks.
+ms.topic: how-to
+ms.date: 07/02/2024
+ms.author: dacurwin
+author: dcurwin
+ai-usage: ai-assisted
+#customer intent: As a security professional, I want to learn how to detect exposed IP addresses with cloud security explorer in Microsoft Defender for Cloud so that I can proactively identify security risks in my cloud environment and improve my security posture.
+---
+
+# Detect exposed IP addresses
+
+Microsoft Defender for Cloud's integration with Defender External Attack Surface Management (EASM) allows organizations to improve their security posture while reducing the potential risk of being attacked by exploring their external attack surface.
+
+Security teams can utilize the cloud security explorer and the attack path analysis, to understand the potential attack paths that an attacker could use to reach their critical assets. The cloud security explorer allows you to build queries that can proactively hunt for security risks in your environments. while the attack path analysis provides a visual representation of the attack paths that an attacker could use to reach your critical assets.
+
+## Prerequisites
+
+- You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can [sign up for a free subscription](https://azure.microsoft.com/pricing/free-trial/).
+
+- You must [enable the Defender CSPM plan](tutorial-enable-cspm-plan.md).
+
+## Detect exposed IP addresses with the cloud security explorer
+
+Using the cloud security explorer, you can detect exposed IP addresses in your cloud environment. The cloud security explorer allows you to build queries that can proactively hunt for security risks in your environments.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud** > **Cloud security explorer**.
+
+1. In the dropdown menu, search for and select **IP addresses**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/search-ip-addresses.png" alt-text="Screenshot that shows where to navigate to in Defender for Cloud to search for and select the IP addresses option." lightbox="media/detect-exposed-ip-addresses/search-ip-addresses.png":::
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. In the select condition dropdown menu, select **DEASM Findings**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/deasm-findings.png" alt-text="Screenshot that shows where to locate the DEASM Findings option." lightbox="media/detect-exposed-ip-addresses/deasm-findings.png":::
+
+1. Select the **+** button.
+
+1. In the select condition dropdown menu, select **Routes traffic to**.
+
+1. In the select resource type dropdown menu, select **Select all**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/select-all.png" alt-text="Screenshot that shows where the select all option is located." lightbox="media/detect-exposed-ip-addresses/select-all.png":::
+
+1. Select **Done**.
+
+1. Select the **+** button.
+
+1. In the select condition dropdown menu, select **Routes traffic to**.
+
+1. In the select resource type dropdown menu, select **Virtual machine**.
+
+1. Select **Done**.
+
+1. Select **Search**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/search.jpg" alt-text="Screenshot that shows the fully built query and where the search button is located." lightbox="media/detect-exposed-ip-addresses/search.jpg":::
+
+1. Select a result to review the findings.
+
+## Detect exposed IP addresses with attack path analysis
+
+Using the attack path analysis, you can view a visualization of the attack paths that an attacker could use to reach your critical assets.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud** > **Attack path analysis**.
+
+1. Search for **Internet exposed**.
+
+1. Review and select a result.
+
+1. [Remediate the attack path](how-to-manage-attack-path.md#remediate-attack-paths).
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Identify and remediate attack paths](how-to-manage-attack-path.md)