March 7, 2025April 24, 2025 Defender for Cloud – Part 8: Workbooks Overview Table of Contents Azure Workbooks are a powerful tool in Microsoft Azure (and in Defender for Cloud and in Sentinel) that allows users to create interactive reports, dashboards, and visualizations based on data from various Azure services. They are especially useful for monitoring, diagnostics, and reporting across Azure resources, helping users analyze and gain insights from their data in real time.There are also Azure monitoring workbooks available with which you can do the following:Explore the usage of your virtual machine when you don’t know the metrics of interest in advance. You can discover metrics for CPU utilization, disk space, memory, and network dependencies.Explane to your team how a recently provisioned VM is performing. You can show metrics for key counters and other log events.Share the results of a resizing experiment of your VM with other members of your team. You can explain the goals for the experiment with text. Then you can show each usage metric and the analytics queries used to evaluate the experiment, along with clear call-outs for whether each metric was above or below target.Report the impact of an outage on the usage of your VM. You can combine data, text explanation, and a discussion of next steps to prevent outages in the future. An example of Defender CSPM workbook. Click to enlarge Key Features of Azure workbooks Data Exploration & VisualizationWorkbooks support rich visualizations like charts, graphs, grids, and text blocks.Visual elements can be interactive, letting users drill down into specific metrics.Multi-Source Data IntegrationPulls data from multiple Azure services, including:Azure Monitor logs (Kusto Query Language – KQL)Azure Resource GraphAzure MetricsAzure Application InsightsCustomizable TemplatesUsers can create custom reports or use pre-built templates for common use cases such as security monitoring, performance analysis, or cost management.Interactive QueriesSupports dynamic parameters, allowing you to adjust inputs (like time ranges or filters) directly in the report for real-time data analysis.Collaboration & SharingWorkbooks can be shared across teams and integrated into Azure dashboards for a unified view. Common use cases Actionable Data: Combine visualizations and data-driven alerts for faster issue resolution.Cost Management: Track and analyze Azure spending patterns.Collaboration: Share insights and dashboards with teams seamlessly.Customizable Insights: Tailor reports to meet specific business or technical needs.Incident Analysis: Use logs from Application Insights to troubleshoot issues quickly.Real-time Monitoring: Visualize real-time data on resource health, performance, and activity logs.Security Insights: Integrate with Microsoft Defender for Cloud to track vulnerabilities and security alerts also integration with Microsoft Sentinel. Workbook data sources Workbooks can extract data from these data sources: Logs (Analytics Tables, Application Insights)Logs (Basic, Auxiliary Tables)MetricsAzure Resource GraphAzure Resource ManagerAzure Data ExplorerJSONMergeCustom endpointWorkload healthAzure resource healthAzure RBACChange Analysis (classic)Prometheus(Source MS Learn) Workbook Gallery and deployment You can find workbook gallery from Defender for Cloud and select Workbooks.There are Microsoft-made workbooks and Community-made workbooks. Main view looks like this: Workbooks panel in Defender for Cloud. Click to enlarge. In the top section of the page there is Community Git repo function. Links to Github repos:Azure Monitor githubMicrosoft Defender for Cloud githubYou can deploy those Github repo templates to your Azure subscriptions by selecting the wanted template from github and pressing “Deploy to Azure” button.If you do that, you can see recently modified workbooks in the gallery like this: Recently modified workbooks. Click to enlarge. You can pin the workbook to the Dashboard so others can see it (If user has correct Azure RBAC roles) by pressing “Pin to dashboard”. The function opens the panel to right side of the screen and you can make suitable choises. Pin to dashboard. Click to enlarge. Pin to dashboard. Click to enlarge. Click to enlarge. Here was the Defender for Cloud workbooks in short. In the future I’ll make a post how to create workbooks. The parts of the MDC blog series Part 0: Microsoft Defender for Cloud – The EPIC blog series – introductionPart 1: Getting started aka Setup Part 2: The Asset Inventory Part 3: Security posturePart 4: Security recommendationsPart 5: Security alertsPart 6: Attack path analysisPart 7: Cloud security explorerPart 8: WorkbooksPart 9: Regulatory compliancePart 10: Workload protectionsPart 11: Data and AI securityPart 12: Environment settings & Defender plans Jussi Metso Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Media x facebook linkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe DEFENDER FOR CLOUD
DEFENDER FOR CLOUD Defender for Cloud – Part 5: Security Alerts August 31, 2024April 24, 2025 Defender for Cloud helps you to detect and prevent threats to your hybrid cloud environment. When a threat is detected, Defender for Cloud raises security alerts. On this security alerts page, you can triage your alerts, investigate the findings, and quickly respond manually or with predefined automated workflows. Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 9: Regulatory compliance March 13, 2025April 24, 2025 Microsoft Defender for Cloud provides Regulatory Compliance capabilities to help organizations assess and maintain compliance with industry standards, frameworks, and regulatory requirements. It continuously monitors cloud resources and provides insights into security posture, ensuring alignment with compliance benchmarks. Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 3: Security Posture June 22, 2024April 24, 2025 Properly managing security posture in public cloud environments is challenging due to lack of awareness and resource constraints. The post introduces Microsoft Defender for Cloud, highlighting its Security Posture feature, which assists with governance, risk assessment, and security management across hybrid and multi-cloud environments, thereby enhancing overall asset security. Read More