The Azure Resource Graph security baseline for Microsoft Defender for Cloud and the power of Azure Monitor bring you infinite possibilities to custom Microsoft Defender for Cloud information. Consider a scenario where you want to have visibility of the Secure Score for different subscriptions that are in different regions in a single dashboard. This article explains how to leverage Azure Monitor workbooks to create that. The workbook is available in our GitHub community page and the result looks like this:
This workbook has two queries created using Azure Resource Graph:
To obtain the individual score, use the sample query below:
securityresources | where type == "microsoft.security/securescores" | extend subscriptionSecureScore = round(100 * ((todouble(properties.score.current))/ todouble(properties.score.max))) | project subscriptionSecureScore, subscriptionId | order by subscriptionSecureScore asc
When you run the query in ARG, you will get a similar result to this:
Behind the scenes, each security control Current Score and Maximum Score is found here:
To get the overall secure score of more than one subscription, you can use the next query:
securityresources | where type == "microsoft.security/securescores" | extend subscriptionScore = todouble(properties.score.current)/todouble(properties.score.max) | extend subScoreXsubWeight = todouble(subscriptionScore)*todouble(properties.weight) | summarize upperValue = sum(subScoreXsubWeight), underValue = sum(todouble(properties.weight)) | extend overallScore = round(100*((upperValue)/(underValue)))
The result would be similar to this:
Follow this blog post to see the formulas used for Microsoft Defender for Cloud Secure Score.
The workbook will show by default four groups. Each group has five variables: group, title, subscription picker, overall secure score, secure score per subscription.
To modify the workbook, start by clicking the Edit button:
Try it out and share your experience. The workbook is published here in the Microsoft Defender for Cloud GitHub repository.
Miri Landau, Senior PM, Microsoft Defender for Cloud Engineering
Yuri Diogenes, Principal PM, CxE Security ASC
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.