Skip to main content

Workbook - Network Security Dashboard

· 3 min read
Hasan Gural

You might be managing a very complex or non-complex environment in your organization. At some point, your organization would probably have Azure Resources such as Public IP Address(s), Network Security Group(s), Traffic Manager, Virtual Network Peerings, VPN Gateway(s), etc.

I have seen this challenge in many Azure Environments. The leading question is, what is the attack surface of my organization, that can be exploited by an attacker. Identifying this type of endpoint can be complex sometimes. For all kind of these questions, we will claim the help of the Network Security Dashboard from Microsoft Azure.

💬Introducing the Network Security Dashboard

The new Network Security Dashboard gives you a single pane of glass view and enhanced visibility into the configuration of your overall cloud networking and network security services for your Azure Environments. The Network Security Dashboard uses two components in Azure:

  • 💡Azure Resource Graph for querying your environments.
  • 💡Visualizing the results of Resource Graph with Azure Workbooks
Public IPs & exposed portsports exposed to the internet and mapping of public IPs to asset types
Network security services:DDoS protections plans, Azure Firewall and Firewall policies, Azure WAF policies and NSG views
Internal networking mappingnetwork interfaces, route tables, private links and virtual networks with DDoS protection status
Gateway and VPN services:consolidated view of Bastion hosts, VPN gateways, Virtual Network Gateways and Express Route circuits
Traffic Managerdetails of all your traffic manager profiles
Virtual WAN (vWAN)consolidated view of Virtual WANs (inlcuding VPN/ExpressRoute/P2S)
Security Center recommendations:related recommendations including resource count, severity, and security control
PaaS Services:ipRules, virtualNetworkRules and privateEndpointConnections for Databases & Storage Accounts & Web Apps and Key Vaults

⚡Is this a paid service ?

No, it is entirely free, and you are not required to be a paid customer of Azure Defender for Cloud (ADfC).

🧑‍💻How to get the Network Security Dashboard in your estate

There are various ways to get this Dashboard. You either go to the below GitHub Page to click on the Deploy-to-Azure button or use the PowerShell Script below to provision Azure Workbook in your resource group.

Option 1: Deploy it from GitHub Template

Once you have clicked above the Deploy To Azure button, you will see that page redirects you to Azure Portal. You will require to complete deployment parameters to create a Microsoft Workbook for your organization.

Option 2: Deploy it from Azure PowerShell

# --- Set resource group name and create

$ResourceGroupName = "rg-weu-netsec-dashboard"
$subscriptionName = "<your-subscription-name>"

Set-AzContext -Subscription $subscriptionName

New-AzResourceGroup -Name $ResourceGroupName -Location "UK West" -Force

# --- Deploy infrastructure
$DeploymentParameters = @{

workbookDisplayName = "Network Security Dashboard"
workbookType = "workbook"
workbookSourceId = "Azure Security Center"
workbookId = "[newGuid()]"


New-AzResourceGroupDeployment -Name "netsec-deplyoment-01" -ResourceGroupName $ResourceGroupName `
-TemplateUri "" @DeploymentParameters

After the deployment is completed successfully, you can open Azure Workbook to explore your environment without having a hassle!