1.4 Monitor Networks
📘Microsoft Azure Networking Solutions (AZ-700)
1. What is Microsoft Defender for Cloud?
Microsoft Defender for Cloud (previously called Azure Security Center) is a security management tool in Azure. It helps you:
- Monitor your Azure environment for potential security issues.
- Protect your network, servers, and data against attacks or misconfigurations.
- Get visibility into your resources and their security status.
For the AZ-700 exam, the focus is on using Defender for Cloud to identify network resources and see their security state.
2. What is Security Explorer in Defender for Cloud?
Security Explorer is a feature inside Microsoft Defender for Cloud that allows you to:
- View all network resources in your Azure subscription.
- Identify potential vulnerabilities in these resources.
- Filter and categorize resources for easier management.
Think of it as a control panel for your network, showing which servers, virtual networks, firewalls, and connections exist, and whether they are secure.
3. Why do you need to identify network resources?
Before you can secure your network, you must know what exists in your Azure environment. This includes:
- Virtual Machines (VMs)
- Virtual Networks (VNets)
- Network Security Groups (NSGs)
- Application Gateways or Load Balancers
- Firewalls
- VPN Gateways
Security Explorer helps you:
- Detect unmonitored or misconfigured resources
- Ensure network security policies are correctly applied
- Quickly investigate security alerts
For the exam, you might be asked how you would find and assess network resources using Microsoft Defender.
4. How to identify network resources in Security Explorer
Here’s the step-by-step process you need to know for the exam:
Step 1: Open Microsoft Defender for Cloud
- Go to the Azure Portal.
- Search for “Microsoft Defender for Cloud”.
- Open it.
Step 2: Navigate to Security Explorer
- In the Defender for Cloud menu, click on Security Explorer.
- This shows a list of resources with details about their security posture.
Step 3: Filter and search resources
Security Explorer allows you to:
- Filter by resource type (VMs, VNets, Firewalls, etc.)
- Filter by subscription or resource group
- Filter by security state (secure, warning, critical)
Example: You could filter to all VMs that have open ports or NSGs that have risky rules.
Step 4: View resource details
Click on a resource to see:
- Resource type and location
- Security recommendations
- Threat detections (if any)
- Networking connections and dependencies
This is important because some questions in AZ-700 will test whether you can identify risky or unprotected network resources.
5. Key features of Security Explorer
- Network Map: Shows how resources are connected (VMs, VNets, Firewalls).
- Security Recommendations: Suggests fixes for misconfigurations.
- Security Alerts: Flags resources that are under attack or at risk.
- Filtering: Helps focus on high-risk areas in large networks.
6. Exam Tips
- Know the types of network resources you can find in Security Explorer:
- Virtual Machines (VMs)
- Virtual Networks (VNets)
- Network Security Groups (NSGs)
- Firewalls
- Load Balancers
- Application Gateways
- Understand how to filter resources by type, subscription, resource group, or security state.
- Know how Security Explorer helps with security posture assessment.
- Remember that this is about visibility and assessment, not actually fixing vulnerabilities (though it points you to recommendations).
- You may get scenario-based questions: e.g.,
- “Which tool can you use to identify all VMs with open ports?” → Security Explorer.
- “How can you find resources with misconfigured network rules?” → Use filters in Security Explorer.
7. Summary in Simple Terms
Microsoft Defender for Cloud Security Explorer is a dashboard that lets you see all your network resources in Azure, check their security status, and find potential vulnerabilities. For the AZ-700 exam, you need to know what it is, how to access it, how to filter and inspect resources, and why it’s important for network monitoring and security.
