Evaluate Network Threat Protection Strategy

Implementation Effort: Medium

User Impact: Low

Overview

Evaluate your network threat protection strategy by leveraging Microsoft Defender for Cloud’s security recommendations and aligning to the Azure Security Benchmark’s Network Security controls.

On the Recommendations dashboard, review Enable network threat protection to identify VNets lacking DDoS Protection Plans or Azure DDoS IP Protection, and missing WAF policies on Application Gateway or Front Door .

Use Secure Score and the Regulatory Compliance view to prioritize gaps in your perimeter defenses in accordance with Azure Security Benchmark’s Network Security requirements.

Assess any existing on-premises or third-party firewall IDS/IPS capabilities and threat-intelligence feeds, mapping those to Azure Firewall Premium’s built-in Threat Intelligence and IDPS features .

Finally, inventory your VNets, subnets, and routing topology using Network Watcher’s Topology view to ensure that every ingress and lateral-movement path is accounted for and that your environment is prepared for a comprehensive, Zero Trust–aligned Azure Firewall deployment .

Reference

• Azure Security Benchmark – Network Security controls (v3)
• Review security recommendations in Defender for Cloud
• Enable network threat protection recommendation
• Azure Firewall threat intelligence-based filtering
• Network topology with Azure Network Watcher