Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Azure Network Security using Microsoft Defender for Cloud integration with Azure Firewall Manager

YuriDiogenes's avatar
YuriDiogenes
Icon for Microsoft rankMicrosoft
Mar 22, 2021

Written in collaboration with Mohit_Kumar (Senior PM CxE Azure Network Security Team)

 

Current challenges

Recent attacks are a great reminder that security hygiene should be your number one priority. To implement security hygiene, you need visibility across different workloads, and network is a critical area for any infrastructure. Microsoft Defender for Cloud can help you to improve your security hygiene by providing a comprehensive cloud security posture management platform for Azure and Non-Azure workloads. Although Microsoft Defender for Cloud always had network security recommendations and capabilities, it was still not possible to have a centralized visibility of Azure firewall coverage and policies. At Ignite 2021 we announced a new integration with Azure Firewall Manager that enables you to see Azure Firewall coverage status across all networks and to centrally manage Azure Firewall policies.

 

What’s New?

With the integration of Azure Firewall Manager with the Microsoft Defender for Cloud, you can now visualize all-up status of their infrastructure and network security in one place. The Firewall Manager tile in Microsoft Defender for Cloud dashboard, under the Overview blade provides an all-up status of Azure Network Security across all Virtual Networks and Virtual Hubs spread across different regions in Azure.  With a single glance, you can see the number of Azure Firewalls, Firewall Policies and Azure regions where Azure Firewalls are deployed.

With a single click on the Firewall Manager tile or on the left-hand navigation pane in the Microsoft Defender for Cloud dashboard, you can get to the familiar Azure Firewall Manager dashboard to drill down deeper into different aspects of Network Security.

 

 

 

 

Advantages of this Integration

Prior to this integration, to determine which Virtual Networks (VNETs) and Virtual Hubs had an Azure Firewall deployed or which VNETs were peered with another VNET with an Azure Firewall in it or to find out the number of Firewall Policies they had, you had to look through multiple dashboards/blades in the Azure Firewall Manager. 

With the integration of Azure Firewall Manager with Microsoft Defender for Cloud, you will now have a single pane of glass view of their infrastructure and network security.  You will be able to see the status of Network Security from the Microsoft Defender for Cloud directly.  You no longer have to go into 2 different dashboards: in Microsoft Defender for Cloud for infrastructure security and in Firewall Manager for network security.     

 

Additional Resources

To learn more about Azure Firewall Manager, visit: https://docs.microsoft.com/en-us/azure/firewall-manager

To learn more about Microsoft Defender for Cloud, visit: https://aka.ms/ascninja

Watch a demonstration of Microsoft Defender for Cloud integration with Azure Firewall Manager in this episode of Azure Security Center in the Field – Out of Band Edition

 

Updated Oct 24, 2021
Version 5.0
  • JRobbins1240's avatar
    JRobbins1240
    Copper Contributor

    Is it possible to add Defender for Cloud Apps (MCAS) integration with Azure Firewall? Defender for Cloud Apps has the ability to integrate with Defender for Endpoint. In order to create an internet gateway with MCAS integration, a virtual machine needs to be created with TWO nics, one of which is protected with defender for endpoint, and a router software to be used to PAT/NAT the outbound (Global Interface) for outbound access.  This seems very difficult to support. 

    Azure Firewall has the ability to block URLS, but requires the URLS be imported.  I suggest: Adding an integration with Azure Firewall for Defender for Cloud Apps - where we can control application and site behavior, through the defender for cloud apps (blocking" capability.