T
Tom_Janetscheck
While Defender for Cloud plans are enabled per subscription, and can become challenging to know which plan has been enabled on which subscription; especially in larger environments. That is why we added the Coverage workbook to Defender for Cloud's Workbook Gallery. While some plans simply need to be enabled, others will have additional dependencies. For example, in Defender CSPM, it is not enough to enable the plan on an Azure subscription, or multicloud connector, you will also want to enable agentless scanning for machines, agentless Kubernetes discovery, sensitive data discovery, and agentless vulnerability scanning for container registries. While all of these settings are enabled by default when enabling Defender CSPM today at no additional cost, or resource impact, that was not the case in the past. Also, someone might still accidentally disable one or all of these capabilities, while keeping Defender CSPM still enabled.
With the updated Coverage workbook, it is easy to detect such misconfigurations.
Updated navigation pane
The navigation pane on top of the workbook now lets you select the table(s) you are most interested in.
The screenshot above shows detailed information for three subscriptions that have the Defender CSPM plan enabled. There is one subscriptions that does not have all settings enabled, which you can easily fix by clicking into the relevant field. The workbook will automatically take you to Defender for Cloud's Monitoring and Settings page for the plan and subscription you want to enable the setting on, so you can easily remediate this misconfiguration for your environment.
All information used in the Coverage workbook is based on KQL queries against Azure Resource Graph that you can change according to your needs.
Now it's your turn, go ahead and give it a try to get insights into your current configuration status and remediate it if needed. The wortkbook comes with an option to provide feedback in the upper navigation area. With that, let us know what you think so we can further improve the workbook going forward.
Bye for now,
Tom
Continue reading...
With the updated Coverage workbook, it is easy to detect such misconfigurations.
Updated navigation pane
The navigation pane on top of the workbook now lets you select the table(s) you are most interested in.
- The Additional information toggle will display additional information about the workbook. It is disabled by default.
- With Relative coverage, you can enable an overview table that will show the percentage of subscriptions, or multicloud connectors that have a particular plan enabled.
Relative coverage across all Azure subscriptions - The Absolute coverage table will show an overview with all subscriptions and multicloud connectors, including information about each Defender for Cloud plan's status.
Absolute coverage of Defender for Cloud plans - The Detailed coverage option has been added as a new view. Once enabled, it will show a toggle to select the plan you would like to show coverage details for. This includes Defender CSPM, Defender for Servers Plan 2, Defender for Containers, and Defender for Storage V2. All these plans have additional settings that need to be enabled in order to get the most out of each plan's enhanced capabilities. Once selected, the workbook will show a table with detailed information about the selected plan's enhanced capabilities.
Detailed coverage for Defender CSPM across subscriptions with the plan enabled
The screenshot above shows detailed information for three subscriptions that have the Defender CSPM plan enabled. There is one subscriptions that does not have all settings enabled, which you can easily fix by clicking into the relevant field. The workbook will automatically take you to Defender for Cloud's Monitoring and Settings page for the plan and subscription you want to enable the setting on, so you can easily remediate this misconfiguration for your environment.
All information used in the Coverage workbook is based on KQL queries against Azure Resource Graph that you can change according to your needs.
Now it's your turn, go ahead and give it a try to get insights into your current configuration status and remediate it if needed. The wortkbook comes with an option to provide feedback in the upper navigation area. With that, let us know what you think so we can further improve the workbook going forward.
Bye for now,
Tom
Continue reading...