CYBERDOM

Just another day of IR, Threat-Hunting & Microsoft Security

Deploy Defender EASM

by · October 16, 2022

The challenges of managing the modern external attack surface are everyone’s challenge. While most security teams focus on the internal systems and Cloud environments, the external attack surface is exposed to the attackers with no interruptions.

The first article focused on “Deploy Defender EASM” as part of the Defender EASM Series. The recent article focused on External Attack Surface Management and gave an overview of the approaches, the need, and insights about EASM. More information is on the link below. ⬇️

https://misconfig.io/defender-easm-series-easm-overview/

Post Contents Show

Deploy Defender EASM

The Defender EASM deployment is straightforward, and I can say that it is a kind of click-next deployment, but before we run on the simple deployment, I need to put some insights into Defender EASM. Below are the top insights:

  • Defender EASM is part of the Microsoft Defender suite. Still, the deployment will be on Azure resources like Defender for Cloud. A bit different from most of the Microsoft Defender family products.
  • Defender EASM deployment is installed and configured on Azure resources but requires only specific settings with name, resource group, and location – a dedicated box with no accessible component. That means you don’t have any specific Azure resources that you can check, monitor and view.
  • Currently, Defender ESAM supports the following region: southcentralus, eastus, australiaeast, westus3, swedencentral, eastasia, japaneas.
  • Like any other security component in Azure, you must configure Defender EASM on a dedicated subscription and resource.
  • The isolation of azure private links and other network components isn’t accessible or supported.
  • RBAC can be configured from the specific resource group or based on an Azure subscription.
  • RBAC – once you create Microsoft Defender EASM, you can grant Azure RBAC permissions, such as Contribute, Reader, etc., to work on a daily basis.
  • A dedicated Azure resource is a must at this stage in order to isolate this resource from other resources.

Deployment

Before you create a Defender EASM resource group, I advise following these recommendations.

  • A dedicated subscription for Defender EASM, or if you’ve got an Azure subscription for security.
  • A contributor role is assigned for you to create a resource.
  • If you don’t have a license, you can work with the trial for 30 days for each Defender EASM

Create an Azure Resource Group

This Azure resource group is nothing special, but remember to create a dedicated resource and choose a supported region.

DefenderEASM-RG

Make sure to grant the correct permissions – A Contributor Role to the person who creates this resource.

DefenderEASM-RG

 

Create Defender EASM

Once the resource group is active, you can go to the next step and create Microsoft Defender EASM.

The Microsoft Defender EASM takes around 2-3 minutes. Once done, you can explore the Microsoft Defender EASM features and start to seed.

Microsoft Defender EASM

More about Microsoft Defender EASM

Tags:

You may also like...

Leave a Reply

error: Content is Protected !!
%d bloggers like this: