Description:

Microsoft Defender for External Attack Surface Monitoring (EASM) is a security solution that helps you identify and mitigate risks to your organization's external attack surface. EASM continuously scans the internet for information about your organization's exposed assets, such as websites, IP addresses, and domains. It then uses this information to identify potential risks, such as misconfigurations, exposed vulnerabilities, and malicious activity.


Rationale:

The following are some of the reasons why it is important to implement Microsoft Defender for EASM:


To identify and mitigate risks to your organization's external attack surface: EASM can help you identify potential risks to your organization's external attack surface that you may not be aware of. This can help you to mitigate these risks before they are exploited by attackers.To comply with security regulations: Many security regulations, such as PCI DSS and HIPAA, require organizations to have a process in place to identify and mitigate risks to their external attack surface. EASM can help you to meet these requirements. To improve your organization's security posture: By implementing EASM, you can improve your organization's security posture by reducing your risk of attack.


Impact:

Implementing Microsoft Defender for EASM will have the following impact:

You will be able to identify and mitigate risks to your organization's external attack surface.

You will be able to comply with security regulations that require you to have a process in place to identify and mitigate risks to your external attack surface.You will improve your organization's security posture by reducing your risk of attack.

Default Value:

The default value for this policy is "Not Enabled."


Prerequisites:

You must have an Azure subscription.

You must have a Microsoft Defender for Cloud subscription.


Remediation Steps:

To remediate this policy, you must enable Microsoft Defender for EASM. You can do this by following these steps:


  • In the Azure portal, go to the Security Center blade.
  • Select the Settings tab.
  • Under Integrations, select Microsoft Defender for External Attack Surface Monitoring.
  • Make sure that the Enable Microsoft Defender for External Attack Surface Monitoring setting is enabled.
  • Select Save.

Test Plan:

To test whether Microsoft Defender for EASM is enabled, you can follow these steps:


  1. In the Azure portal, go to the Security Center blade.
  2. Select the Threat Protection tab.
  3. Under Overview, look for the Microsoft Defender for External Attack Surface Monitoring section.
  4. If Microsoft Defender for EASM is enabled, you will see a message that says "Microsoft Defender for External Attack Surface Monitoring is enabled."

Implementation Plan:

To implement this policy, you can follow these steps:

  1. Create a new policy in the Azure Policy Management blade.
  2. Set the policy rule to "Enable Microsoft Defender for External Attack Surface Monitoring."
  3. Set the policy effect to "Enabled."
  4. Set the policy scope to your desired scope.
  5. Create a remediation action for the policy.
  6. Assign the policy to your desired resources.

Azure Console:

To enable Microsoft Defender for EASM using the Azure console, follow these steps:


  1. In the Azure portal, go to the Security Center blade.
  2. Select the Settings tab.
  3. Under Integrations, select Microsoft Defender for External Attack Surface Monitoring.
  4. Make sure that the Enable Microsoft Defender for External Attack Surface Monitoring setting is enabled.
  5. Select Save.

Azure CLI:

To enable Microsoft Defender for EASM using the Azure CLI, run the following command:


az security center integration enable --name "Microsoft Defender for External Attack Surface Monitoring"


Backout Plan:

To back out of this policy, you can follow these steps:


  1. In the Azure portal, go to the Security Center blade.
  2. Select the Settings tab.
  3. Under Integrations, select Microsoft Defender for External Attack Surface Monitoring.
  4. Disable the Enable Microsoft Defender for External Attack Surface Monitoring setting.
  5. Select Save.

Note:

This policy is recommended for all organizations that have an Azure subscription and a Microsoft Defender for Cloud subscription.

If you have any questions or concerns, please contact your Azure support team.

Reference: