March 7, 2025May 25, 2025 Defender for Cloud – Part 8: Workbooks Overview Table of Contents Azure Workbooks are a powerful tool in Microsoft Azure (and in Defender for Cloud and in Sentinel) that allows users to create interactive reports, dashboards, and visualizations based on data from various Azure services. They are especially useful for monitoring, diagnostics, and reporting across Azure resources, helping users analyze and gain insights from their data in real time.There are also Azure monitoring workbooks available with which you can do the following:Explore the usage of your virtual machine when you don’t know the metrics of interest in advance. You can discover metrics for CPU utilization, disk space, memory, and network dependencies.Explane to your team how a recently provisioned VM is performing. You can show metrics for key counters and other log events.Share the results of a resizing experiment of your VM with other members of your team. You can explain the goals for the experiment with text. Then you can show each usage metric and the analytics queries used to evaluate the experiment, along with clear call-outs for whether each metric was above or below target.Report the impact of an outage on the usage of your VM. You can combine data, text explanation, and a discussion of next steps to prevent outages in the future. An example of Defender CSPM workbook. Click to enlarge Key Features of Azure workbooks Data Exploration & VisualizationWorkbooks support rich visualizations like charts, graphs, grids, and text blocks.Visual elements can be interactive, letting users drill down into specific metrics.Multi-Source Data IntegrationPulls data from multiple Azure services, including:Azure Monitor logs (Kusto Query Language – KQL)Azure Resource GraphAzure MetricsAzure Application InsightsCustomizable TemplatesUsers can create custom reports or use pre-built templates for common use cases such as security monitoring, performance analysis, or cost management.Interactive QueriesSupports dynamic parameters, allowing you to adjust inputs (like time ranges or filters) directly in the report for real-time data analysis.Collaboration & SharingWorkbooks can be shared across teams and integrated into Azure dashboards for a unified view. Common use cases Actionable Data: Combine visualizations and data-driven alerts for faster issue resolution.Cost Management: Track and analyze Azure spending patterns.Collaboration: Share insights and dashboards with teams seamlessly.Customizable Insights: Tailor reports to meet specific business or technical needs.Incident Analysis: Use logs from Application Insights to troubleshoot issues quickly.Real-time Monitoring: Visualize real-time data on resource health, performance, and activity logs.Security Insights: Integrate with Microsoft Defender for Cloud to track vulnerabilities and security alerts also integration with Microsoft Sentinel. Workbook data sources Workbooks can extract data from these data sources: Logs (Analytics Tables, Application Insights)Logs (Basic, Auxiliary Tables)MetricsAzure Resource GraphAzure Resource ManagerAzure Data ExplorerJSONMergeCustom endpointWorkload healthAzure resource healthAzure RBACChange Analysis (classic)Prometheus(Source MS Learn) Workbook Gallery and deployment You can find workbook gallery from Defender for Cloud and select Workbooks.There are Microsoft-made workbooks and Community-made workbooks. Main view looks like this: Workbooks panel in Defender for Cloud. Click to enlarge. In the top section of the page there is Community Git repo function. Links to Github repos:Azure Monitor githubMicrosoft Defender for Cloud githubYou can deploy those Github repo templates to your Azure subscriptions by selecting the wanted template from github and pressing “Deploy to Azure” button.If you do that, you can see recently modified workbooks in the gallery like this: Recently modified workbooks. Click to enlarge. You can pin the workbook to the Dashboard so others can see it (If user has correct Azure RBAC roles) by pressing “Pin to dashboard”. The function opens the panel to right side of the screen and you can make suitable choises. Pin to dashboard. Click to enlarge. Pin to dashboard. Click to enlarge. Click to enlarge. Here was the Defender for Cloud workbooks in short. In the future I’ll make a post how to create workbooks. The parts of the MDC blog series Part 0: Microsoft Defender for Cloud – The EPIC blog series – introductionPart 1: Getting started aka Setup Part 2: The Asset Inventory Part 3: Security posturePart 4: Security recommendationsPart 5: Security alertsPart 6: Attack path analysisPart 7: Cloud security explorerPart 8: WorkbooksPart 9: Regulatory compliancePart 10: Workload protectionspart 10.5: Advanced Workload protectionPart 11: Data and AI security – The end of the series Jussi Metso Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Media x facebook linkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe DEFENDER FOR CLOUD #cloudsecurity#mdcseries
DATA SECURITY Sensitive data & Data Security Dashboard October 3, 2023October 3, 2023 Table of Contents Data-aware security posture in Defender for Cloud Microsoft have brought a new… Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 10.5: CWP Advanced protection May 10, 2025May 25, 2025 Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 4: Security Recommendations August 24, 2024May 25, 2025 Resources and workloads protected by Microsoft Defender for Cloud are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture. Read More