iCompaas Support

Description:

External Attack Surface Management (EASM) is automatically enabled when Defender CSPM is turned on. There is no separate setting for EASM in the Azure portal. Enabling Defender CSPM ensures that external attack surface visibility and monitoring are active by default.

Rationale:

Turning on Defender CSPM automatically enables external attack surface monitoring, which helps identify exposed or unmanaged internet-facing assets. This improves security by giving visibility into risks that attackers could discover first.

Impact:

Enabling Defender CSPM may increase the number of external exposure findings and require additional review by security teams, but it provides better protection by identifying risks on your public-facing assets.

Default Value:

By default, Defender CSPM is turned off, so external attack surface monitoring is not active until it is enabled.

Pre-requisites:

• The user must have one of the following roles on the subscription: Owner, Contributor, or Security Admin.

• The subscription must have an available Defender CSPM plan, as EASM is automatically enabled through CSPM.

Test Plan:

1. Sign in to the Azure portal https://portal.azure.com

2. In the portal, search for Microsoft Defender for Cloud.

3. Under Management, select Environment settings.

4. Choose the target subscription.

5. Under the settings, click Defender plans.

6. Verify that Defender CSPM is enabled under Cloud Security Posture Management (CSPM).

7. Confirm that enabling CSPM automatically enables External Attack Surface Monitoring (EASM).

8. If defender CSPM is off, then follow the implementation steps.

Implementation Steps:

1. Open the Azure Portal https://portal.azure.com

2. In the portal, search for Microsoft Defender for Cloud.

3. Under Management, select Environment settings.

4. Choose the target subscription.

5. Under the settings, click Defender plans.

6. Enable Defender CSPM under Cloud Security Posture Management (CSPM). Enabling CSPM automatically turns on External Attack Surface Monitoring (EASM).

7. Click Save to apply the changes.

Backout Plan:

1. Sign in to the Azure portal https://portal.azure.com

2. In the portal, search for Microsoft Defender for Cloud.

3. Under Management, select Environment settings.

4. Choose the target subscription.

5. Under the settings, click Defender plans.

6. Under Cloud Security Posture Management (CSPM), set Defender CSPM to Off

7. Click Save to apply the change.

Reference:

• https://learn.microsoft.com/azure/defender-for-cloud/defender-cspm-introduction

• https://learn.microsoft.com/azure/defender-for-cloud/concept-easm