You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/protect-network-resources.md
+15-17Lines changed: 15 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,19 +12,18 @@ For a full list of the recommendations for Networking, see [Networking recommend
12
12
13
13
This article addresses recommendations that apply to your Azure resources from a network security perspective. Networking recommendations center around next generation firewalls, Network Security Groups, JIT VM access, overly permissive inbound traffic rules, and more. For a list of networking recommendations and remediation actions, see [Managing security recommendations in Microsoft Defender for Cloud](review-security-recommendations.md).
14
14
15
-
The **Networking** features of Defender for Cloud include:
15
+
The **Networking** features of Defender for Cloud include:
16
16
17
17
- Network map (requires [Microsoft Defender for Servers Plan 2](plan-defender-for-servers-select-plan.md#plan-features))
18
18
-[Adaptive network hardening](adaptive-network-hardening.md) (requires [Microsoft Defender for Servers Plan 2](plan-defender-for-servers-select-plan.md#plan-features))
19
19
- Networking security recommendations
20
-
20
+
21
21
## View your networking resources and their recommendations
22
22
23
23
From the [asset inventory page](asset-inventory.md), use the resource type filter to select the networking resources that you want to investigate:
The interactive network map provides a graphical view with security overlays giving you recommendations and insights for hardening your network resources. Using the map you can see the network topology of your Azure workloads, connections between your virtual machines and subnets, and the capability to drill down from the map into specific resources and the recommendations for those resources.
@@ -38,7 +37,7 @@ To open the Network map:
38
37
:::image type="content" source="media/protect-network-resources/workload-protection-network-map.png" alt-text="Screenshot showing selection of network map from workload protections." lightbox="media/protect-network-resources/workload-protection-network-map.png":::
39
38
40
39
1. Select the **Layers** menu choose **Topology**.
41
-
40
+
42
41
The default view of the topology map displays:
43
42
44
43
- Currently selected subscriptions - The map is optimized for the subscriptions you selected in the portal. If you modify your selection, the map is regenerated with the new selections.
@@ -51,33 +50,33 @@ The default view of the topology map displays:
51
50
52
51
## Understanding the network map
53
52
54
-
The network map can show you your Azure resources in a **Topology** view and a **Traffic** view.
53
+
The network map can show you your Azure resources in a **Topology** view and a **Traffic** view.
55
54
56
55
### The topology view
57
56
58
57
In the **Topology** view of the networking map, you can view the following insights about your networking resources:
59
58
60
59
- In the inner circle, you can see all the VNets within your selected subscriptions, the next circle is all the subnets, the outer circle is all the virtual machines.
61
-
- The lines connecting the resources in the map let you know which resources are associated with each other, and how your Azure network is structured.
60
+
- The lines connecting the resources in the map let you know which resources are associated with each other, and how your Azure network is structured.
62
61
- Use the severity indicators to quickly get an overview of which resources have open recommendations from Defender for Cloud.
63
-
- You can click any of the resources to drill down into them and view the details of that resource and its recommendations directly, and in the context of the Network map.
62
+
- You can select any of the resources to drill down into them and view the details of that resource and its recommendations directly, and in the context of the Network map.
64
63
- If there are too many resources being displayed on the map, Microsoft Defender for Cloud uses its proprietary algorithm to 'smart cluster' your resources, highlighting the ones that are in the most critical state, and have the most high severity recommendations.
65
64
66
65
Because the map is interactive and dynamic, every node is clickable, and the view can change based on the filters:
67
66
68
67
1. You can modify what you see on the network map by using the filters at the top. You can focus the map based on:
69
68
70
-
-**Security health**: You can filter the map based on Severity (High, Medium, Low) of your Azure resources.
69
+
-**Security health**: You can filter the map based on Severity (High, Medium, Low) of your Azure resources.
71
70
-**Recommendations**: You can select which resources are displayed based on which recommendations are active on those resources. For example, you can view only resources for which Defender for Cloud recommends you enable Network Security Groups.
72
71
-**Network zones**: By default, the map displays only Internet facing resources, you can select internal VMs as well.
73
-
74
-
2. You can click**Reset** in top left corner at any time to return the map to its default state.
72
+
73
+
1. You can select**Reset** in top left corner at any time to return the map to its default state.
75
74
76
75
To drill down into a resource:
77
76
78
-
1. When you select a specific resource on the map, the right pane opens and gives you general information about the resource, connected security solutions if there are any, and the recommendations relevant to the resource. It's the same type of behavior for each type of resource you select.
77
+
1. When you select a specific resource on the map, the right pane opens and gives you general information about the resource, connected security solutions if there are any, and the recommendations relevant to the resource. It's the same type of behavior for each type of resource you select.
79
78
2. When you hover over a node in the map, you can view general information about the resource, including subscription, resource type, and resource group.
80
-
3. Use the link to zoom into the tool tip and refocus the map on that specific node.
79
+
3. Use the link to zoom into the tool tip and refocus the map on that specific node.
81
80
4. To refocus the map away from a specific node, zoom out.
82
81
83
82
### The Traffic view
@@ -86,22 +85,21 @@ The **Traffic** view provides you with a map of all the possible traffic between
86
85
87
86
### Uncover unwanted connections
88
87
89
-
The strength of this view is in its ability to show you these allowed connections together with the vulnerabilities that exist, so you can use this cross-section of data to perform the necessary hardening on your resources.
88
+
The strength of this view is in its ability to show you these allowed connections together with the vulnerabilities that exist, so you can use this cross-section of data to perform the necessary hardening on your resources.
90
89
91
90
For example, you might detect two machines that you weren’t aware could communicate, enabling you to better isolate the workloads and subnets.
92
91
93
92
### Investigate resources
94
93
95
94
To drill down into a resource:
96
95
97
-
1. When you select a specific resource on the map, the right pane opens and gives you general information about the resource, connected security solutions if there are any, and the recommendations relevant to the resource. It's the same type of behavior for each type of resource you select.
98
-
2.Click**Traffic** to see the list of possible outbound and inbound traffic on the resource - this is a comprehensive list of who can communicate with the resource and who it can communicate with, and through which protocols and ports. For example, when you select a VM, all the VMs it can communicate with are shown, and when you select a subnet, all the subnets which it can communicate with are shown.
96
+
1. When you select a specific resource on the map, the right pane opens and gives you general information about the resource, connected security solutions if there are any, and the recommendations relevant to the resource. It's the same type of behavior for each type of resource you select.
97
+
2.Select**Traffic** to see the list of possible outbound and inbound traffic on the resource - this is a comprehensive list of who can communicate with the resource and who it can communicate with, and through which protocols and ports. For example, when you select a VM, all the VMs it can communicate with are shown, and when you select a subnet, all the subnets which it can communicate with are shown.
99
98
100
-
**This data is based on analysis of the Network Security Groups as well as advanced machine learning algorithms that analyze multiple rules to understand their crossovers and interactions.**
99
+
**This data is based on analysis of the Network Security Groups as well as advanced machine learning algorithms that analyze multiple rules to understand their crossovers and interactions.**
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments