Instruire
Certificare
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.
Acest browser nu mai este acceptat.
Faceți upgrade la Microsoft Edge pentru a profita de cele mai noi funcții, actualizări de securitate și asistență tehnică.
Microsoft Defender for Cloud continuously analyzes the security state of your Azure resources for network security best practices. When Defender for Cloud identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed controls to harden and protect your resources.
Review Defender for Cloud networking recommendations.
This article addresses recommendations that apply to your Azure resources from a network security perspective. Networking recommendations center around next generation firewalls, Network Security Groups, JIT VM access, overly permissive inbound traffic rules, and more. For a list of networking recommendations and remediation actions, see Managing security recommendations in Microsoft Defender for Cloud.
The Networking features of Defender for Cloud include:
From the asset inventory page, use the resource type filter to select the networking resources that you want to investigate:
The interactive network map provides a graphical view with security overlays giving you recommendations and insights for hardening your network resources. Using the map you can see the network topology of your Azure workloads, connections between your virtual machines and subnets, and the capability to drill down from the map into specific resources and the recommendations for those resources.
To open the Network map:
From Defender for Cloud's menu, open the Workload protections dashboard.
Select Network map.
The default view of the topology map displays:
The network map can show you your Azure resources in a Topology view and a Traffic view.
In the Topology view of the networking map, you can view the following insights about your networking resources:
Because the map is interactive and dynamic, every node is clickable, and the view can change based on the filters:
You can modify what you see on the network map by using the filters at the top. You can focus the map based on:
You can select Reset in top left corner at any time to return the map to its default state.
To drill down into a resource:
The Traffic view provides you with a map of all the possible traffic between your resources. This provides you with a visual map of all the rules you configured that define which resources can communicate with whom. This enables you to see the existing configuration of the network security groups as well as quickly identify possible risky configurations within your workloads.
The strength of this view is in its ability to show you these allowed connections together with the vulnerabilities that exist, so you can use this cross-section of data to perform the necessary hardening on your resources.
For example, you might detect two machines that you weren’t aware could communicate, enabling you to better isolate the workloads and subnets.
To drill down into a resource:
This data is based on analysis of the Network Security Groups as well as advanced machine learning algorithms that analyze multiple rules to understand their crossovers and interactions.
To learn more about recommendations that apply to other Azure resource types, see the following:
Instruire
Certificare
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.