Detect internet exposed IP addresses

Microsoft Defender for Cloud's provides organizations the capability to perform external attack surface management (outside-in) scans to improve their security posture through its integration with Defender External Attack Surface Management. Defender for Cloud's external attack surface management scans uses the information provided by the Defender External Attack Surface Management integration to provide actionable recommendations and visualizations of attack paths to reduce the risk of bad actors exploiting internet exposed IP addresses.

Through the use Defender for Cloud's cloud security explorer, security teams can build queries and proactively hunt for security risks. Security teams can also use the attack path analysis to visualize the potential attack paths that an attacker could use to reach their critical assets.

Prerequisites

Detect internet exposed IP addresses with the cloud security explorer

The cloud security explorer allows you to build queries, such as an outside-in scan, that can proactively hunt for security risks in your environments, including IP addresses that are exposed to the internet.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud > Cloud security explorer.

  3. In the dropdown menu, search for and select IP addresses.

    Screenshot that shows where to navigate to in Defender for Cloud to search for and select the IP addresses option.

  4. Select Done.

  5. Select +.

  6. In the select condition dropdown menu, select DEASM Findings.

    Screenshot that shows where to locate the DEASM Findings option.

  7. Select the + button.

  8. In the select condition dropdown menu, select Routes traffic to.

  9. In the select resource type dropdown menu, select Select all.

    Screenshot that shows where the select all option is located.

  10. Select Done.

  11. Select the + button.

  12. In the select condition dropdown menu, select Routes traffic to.

  13. In the select resource type dropdown menu, select Virtual machine.

  14. Select Done.

  15. Select Search.

    Screenshot that shows the fully built query and where the search button is located.

  16. Select a result to review the findings.

Detect exposed IP addresses with attack path analysis

Using the attack path analysis, you can view a visualization of the attack paths that an attacker could use to reach your critical assets.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud > Attack path analysis.

  3. Search for Internet exposed.

  4. Review and select a result.

  5. Remediate the attack path.

Next step