Cloud security explorer

Defender for Cloud's contextual security capabilities assists security teams in the reduction of the risk of impactful breaches. Defender for Cloud uses environmental context to perform a risk assessment of your security issues, and identifies the biggest security risks and distinguishes them from less risky issues.

By using the cloud security explorer, you can proactively identify security risks in your cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine. You can prioritize your security team's concerns, while taking your organization's specific context and conventions into account.

With the cloud security explorer, you can query all of your security issues and environment context such as assets inventory, exposure to internet, permissions, lateral movement between resources and more.

Learn more about the cloud security graph, attack path analysis, and the cloud security explorer?.


Aspect Details
Release state Preview
Prerequisite - Enable agentless scanning
- Enable Defender for CSPM
- Enable Defender for Containers, and install the relevant agents in order to view attack paths that are related to containers. This will also give you the ability to query containers data plane workloads in security explorer.
Required plans - Defender Cloud Security Posture Management (CSPM) enabled
Required roles and permissions: - Security Reader
- Security Admin
- Reader
- Contributor
- Owner
Clouds: Commercial clouds (Azure, AWS)
Commercial clouds (GCP)
National (Azure Government, Azure China 21Vianet)

Build a query with the cloud security explorer

You can use the cloud security explorer to build queries that can proactively hunt for security risks in your environments.

To build a query:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Cloud Security Explorer.

    Screenshot of the cloud security explorer page.

  3. Select a resource from the drop-down menu.

    Screenshot of the resource drop-down menu.

  4. Select + to add other filters to your query. For each filter selected you can add more subfilters as needed.

  5. Select Search.

    Screenshot that shows a full query and where to select on the screen to perform the search.

The results will populate on the bottom of the page.

Query templates

You can select an existing query template from the bottom of the page by selecting Open query.

Screenshot that shows you where the query templates are located.

You can alter any template to search for specific results by changing the query and selecting search.

Query options

The following information can be queried in the cloud security explorer:

  • Recommendations - All Defender for Cloud security recommendations.

  • Vulnerabilities - All vulnerabilities found by Defender for Cloud.

  • Insights - Contextual data about your cloud resources.

  • Connections - Connections that are identified between cloud resources in your environment.

You can review the full list of recommendations, insights and connections.

Next steps

View the reference list of attack paths and cloud security graph components

Learn about the Defender CSPM plan options