The Azure Security Benchmark (ASB) Workbook provides a single pane of glass for gathering and managing data to address ASB control requirements. The power of this workbook lies in its ability to aggregate data from 25+ Microsoft security products and to apply these insights to relevant controls in the ASB framework. Rather than separately interfacing with Microsoft Defender for Cloud, Microsoft Sentinel, Azure Resource Graph, Azure Active Directory, Microsoft Defender for Endpoint, and additional products to understand compliance posture, the Azure Security Benchmark Workbook centralizes the relevant data within the context of the ASB controls.
By aggregating data across multiple sources and aligning it to ASB controls, this new workbook enhances situational and operational awareness to create a more complete view of security posture. The workbook helps address compliance requirements with applicable control evidence, which can be used in support of audit requirements. It includes direct links to actionable workflows within the products, like direct hardening and remediation steps in Microsoft Defender for Cloud and investigation workflows in Microsoft Sentinel. In this way, the process of hardening workloads and improving security posture is streamlined and optimized. The workbook also allows for easy exporting and creation of reports, with relevant data aligned to each control, for sharing with stakeholders.
What is the Azure Security Benchmark?
The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. Many organizations rely on standard frameworks such as CISv7.1 or NIST 800-53 R4 to improve their cloud defenses. Mapped to both CISv7.1 and NIST 800-53 R4, ASB brings consistency of security capabilities across the Azure platform. Compliance and security baselines are critical for successful cloud migration and adoption by providing consistent security standards. Whether you are new to Azure or not, ASB provides streamlined guidance for improving the security and compliance posture of your Azure resources.
While the Azure Security Benchmark workbook aggregates and builds on telemetry from 25+ Microsoft Security products, only Microsoft Defender for Cloud is mandatory for this offering. Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security, Microsoft 365 Defender, Microsoft Defender for Office, Azure Firewall, Azure Virtual Networks, Azure Web Application Firewall, Azure ExpressRoute, Azure Lighthouse, Azure Active Directory, and additional offerings enhance this workbook with alignment to ASB.
- Onboard Microsoft Defender for Cloud
- Onboard Microsoft Sentinel (optional)
- Enable Continuous Export of SecurityRecommendation data
- Consolidate Microsoft Defender for Cloud and Microsoft Sentinel Logging in a Log Analytics Workspace
- Access the Azure Security Benchmark Workbook on Github, Select Deploy to Azure (or Azure Gov)
- Authenticate to your Azure subscription
- Configure options > Review + Create
- Navigate to Microsoft Defender for Cloud
- Select Workbooks > Workbooks tab > AzureSecurityBenchmark
- Review the workbook and provide feedback through our survey
The Azure Security Benchmark Workbook breaks down each control family into sub-controls with their own control card. The control cards centralize telemetry across Microsoft products around the relevant ASB sub-control. Here, security professionals can view actionable insights into recommendation data over time by filtering on resource, resource type, severity, state, and more. For example, teams can use filters to understand the most prevalent recommendation then navigate directly to the Microsoft Defender for Cloud portal to address that recommendation and harden their attack surface. Understanding recommendation data over time empowers security teams to understand where they need to build in guardrails and focus on getting secure by default. Direct links to ASB, CIS and NIST documentation provides necessary context for teams looking to drive compliance in Azure. Recommended logs also empower auditors to easily pivot to supplementary information required as part of an audit or to meet a compliance requirement.
Built-in filters, including time, subscription, and workplace filters, facilitate the creation of custom reports. For example, security governance professionals preparing for an audit can create a report with historical compliance data for a set of Microsoft Defender for Cloud recommendations that apply to a control, which can easily be printed or exported for sharing. Teams can also export additional artifacts to supplement the report, like relevant logs that are surfaced in the workbook. Best of all, even without expertise in Kusto Query Language, teams can adjust predefined queries to bring in additional evidence data as required.
- Single pane of glass for aggregating, managing, and actioning data from 25+ Microsoft products to address ASB control requirements
- Deep links for seamless pivots between products
- Over-time analysis for more complete understanding of security and compliance posture
- One-click, customizable reporting
- Leverage pre-written KQL queries to gain insights from log telemetry with the option to customize for further analysis
Learn More About Hardening Workloads with Microsoft Security
- Azure Security Benchmark Introduction
- Meeting the Cybersecurity Executive Order requirements with Azure Security
- Announcing the Microsoft Sentinel: Zero Trust (TIC3.0) Workbook
- Microsoft Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook
The Microsoft Defender for Cloud: Azure Security Benchmark Workbook demonstrates best practice guidance. This workbook provides visibility and situational awareness for cloud workload protection delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations for operation. Recommendation cards do not imply coverage of respective controls as they are often one of several courses of action for approaching requirements which is unique to each customer. Recommendations should be considered a starting point for planning full or partial coverage of respective areas.