Review & Remediate Security Risk Concerns via Cloud Security Explorer
Implementation Effort: Medium — Using Cloud Security Explorer requires familiarity with query building and collaboration between security and platform teams to investigate and remediate risks across services.
User Impact: Low — These activities are performed by security analysts and administrators, with no direct impact on end users.
Overview
Cloud Security Explorer in Microsoft Defender for Cloud enables security teams to proactively identify and investigate risks across Azure services, including App Service, Key Vault, and Resource Manager. It uses a graph-based query engine to surface misconfigurations, vulnerabilities, and potential attack paths based on real-time context.
Key Capabilities
- Graph-Based Queries: Run contextual queries across your cloud environment to identify risky configurations, exposed resources, and lateral movement opportunities 1.
- Predefined Templates: Use built-in query templates to quickly identify common risks, such as internet-exposed services with sensitive data or overly permissive access controls 2.
- Custom Queries: Build custom queries to explore specific concerns, such as:
- App Services with public endpoints and no authentication.
- Key Vaults accessible from untrusted networks.
- Resource Manager operations performed by high-privilege accounts 1.
Steps to Review and Remediate
-
Open Cloud Security Explorer:
- Navigate to Microsoft Defender for Cloud > Cloud Security Explorer.
-
Run a Query:
- Select a predefined query (e.g., “Internet-exposed storage containers with sensitive data”) or build a custom one.
- Review the results and identify affected resources 2.
-
Investigate and Remediate:
These actions align with the "Assume Breach" and "Verify Explicitly" principles of Zero Trust by proactively identifying and mitigating risks before they can be exploited.