跳到主要內容

Discover and Assess Public Network Endpoints/Resources

Implementation Effort: Medium

User Impact: Low

Overview

Comprehensively inventory and assess all externally facing network endpoints—such as public IP addresses, load balancers and Application Gateways by leveraging Azure Resource Graph for high-scale, cross-subscription queries or Defender for Cloud’s asset discovery and exposure assessment. Begin by running targeted Resource Graph queries (e.g., filtering on Microsoft.Network/publicIPAddresses and Microsoft.Network/loadBalancers) to catalogue every public endpoint. Then use Defender for Cloud’s asset inventory and “Expose to Internet” recommendations to surface unmanaged or high-risk resources, assign risk scores, and prioritize remediation. This unified view not only ensures that you understand your full external attack surface but also feeds directly into your broader Zero Trust validation and monitoring workflows.

Reference