top of page

Configuring Microsoft Defender for External Attack Surface Management (EASM)


Well let's start off first with what exactly is Microsoft Defender EASM?


In a nutshell, it's a capability within the Azure Portal that allows you to continuously discover and map your digital attack surface to provide an external view of your online infrastructure.


So what?


For any seasoned security professional, having a good understanding of company's infrastructure is absolute gold dust, but if you add in the ability to view potential attack surface routes, vulnerabilities and compliance issues, you have a security Swiss-knife at your disposal.


Sounds complicated to set up.


Far from it. I think of all the Microsoft Defender solutions, EASM is probably the easiest to get up and running.

So let's go through the basic config now.


Note: Pre-requisite is you'll need an active Subscription for the configuration.


  1. Navigate to the Azure Portal and search for Defender. You'll see Microsoft Defender EASM listed at the top, so give that a click to open the service.




2. Click either "+Create" or the "Create Microsoft Defender EASM Workspace" button



3. Select the subscription where you want to host Defender EASM, then either choose an existing Resource Group or create a new one.


Then enter a name for the instance and select the appropriate region you want it hosted in. For this demo, I've chosen North Europe.


Click Review+Create, then Create to deploy.



4. Once deployed, click the "Go to Resource" button.



5. Welcome to Defender EASM!!!



Discovery Mode


Microsoft Defender EASM provides two methods to scan a target's environment. You can either use the "Search for an Organisation" option or "Create a custom attack surface".


From experience, I prefer the custom approach as I've seen unrelated assets being detected on previous environments.


Seeds


To manually configure your target(s) for scanning, Defender EASM uses "Seeds" which provide more granular options and in my opinion a better way to set things up. So let's dig in....


As you can see, there are six methods to configure your Discovery Seed(s). Personally I've found the "Domains" search to be extremely reliable and accurate.


Once you've configured the Seed(s), Defender EASM takes roughly 48 hours to perform its first scan of your environment. So have a little patience:)


They'll be another blog on navigating the console and making sense of the output, but I hope this guide has given you a little info on how straight forward some of these toolsets can be.


So as above, be patient and more content will be coming along soon.


In the meantime, if you'd like to have a discussion on this or any other service, please get in touch.

259 views0 comments

Comments


bottom of page