March 7, 2025March 9, 2025 Defender for Cloud – Part 8: Workbooks Overview Table of Contents Azure Workbooks are a powerful tool in Microsoft Azure (and in Defender for Cloud and in Sentinel) that allows users to create interactive reports, dashboards, and visualizations based on data from various Azure services. They are especially useful for monitoring, diagnostics, and reporting across Azure resources, helping users analyze and gain insights from their data in real time.There are also Azure monitoring workbooks available with which you can do the following:Explore the usage of your virtual machine when you don’t know the metrics of interest in advance. You can discover metrics for CPU utilization, disk space, memory, and network dependencies.Explane to your team how a recently provisioned VM is performing. You can show metrics for key counters and other log events.Share the results of a resizing experiment of your VM with other members of your team. You can explain the goals for the experiment with text. Then you can show each usage metric and the analytics queries used to evaluate the experiment, along with clear call-outs for whether each metric was above or below target.Report the impact of an outage on the usage of your VM. You can combine data, text explanation, and a discussion of next steps to prevent outages in the future. An example of Defender CSPM workbook. Click to enlarge Key Features of Azure workbooks Data Exploration & VisualizationWorkbooks support rich visualizations like charts, graphs, grids, and text blocks.Visual elements can be interactive, letting users drill down into specific metrics.Multi-Source Data IntegrationPulls data from multiple Azure services, including:Azure Monitor logs (Kusto Query Language – KQL)Azure Resource GraphAzure MetricsAzure Application InsightsCustomizable TemplatesUsers can create custom reports or use pre-built templates for common use cases such as security monitoring, performance analysis, or cost management.Interactive QueriesSupports dynamic parameters, allowing you to adjust inputs (like time ranges or filters) directly in the report for real-time data analysis.Collaboration & SharingWorkbooks can be shared across teams and integrated into Azure dashboards for a unified view. Common use cases Actionable Data: Combine visualizations and data-driven alerts for faster issue resolution.Cost Management: Track and analyze Azure spending patterns.Collaboration: Share insights and dashboards with teams seamlessly.Customizable Insights: Tailor reports to meet specific business or technical needs.Incident Analysis: Use logs from Application Insights to troubleshoot issues quickly.Real-time Monitoring: Visualize real-time data on resource health, performance, and activity logs.Security Insights: Integrate with Microsoft Defender for Cloud to track vulnerabilities and security alerts also integration with Microsoft Sentinel. Workbook data sources Workbooks can extract data from these data sources: Logs (Analytics Tables, Application Insights)Logs (Basic, Auxiliary Tables)MetricsAzure Resource GraphAzure Resource ManagerAzure Data ExplorerJSONMergeCustom endpointWorkload healthAzure resource healthAzure RBACChange Analysis (classic)Prometheus(Source MS Learn) Workbook Gallery and deployment You can find workbook gallery from Defender for Cloud and select Workbooks.There are Microsoft-made workbooks and Community-made workbooks. Main view looks like this: Workbooks panel in Defender for Cloud. Click to enlarge. In the top section of the page there is Community Git repo function. Links to Github repos:Azure Monitor githubMicrosoft Defender for Cloud githubYou can deploy those Github repo templates to your Azure subscriptions by selecting the wanted template from github and pressing “Deploy to Azure” button.If you do that, you can see recently modified workbooks in the gallery like this: Recently modified workbooks. Click to enlarge. You can pin the workbook to the Dashboard so others can see it (If user has correct Azure RBAC roles) by pressing “Pin to dashboard”. The function opens the panel to right side of the screen and you can make suitable choises. Pin to dashboard. Click to enlarge. Pin to dashboard. Click to enlarge. Click to enlarge. Here was the Defender for Cloud workbooks in short. Next time ( part 2) in the future I’ll make a post how to create workbooks. The parts of the MDC blog series Part 0: Microsoft Defender for Cloud – The EPIC blog series – introductionPart 1: Getting started aka Setup Part 2: The Asset Inventory Part 3: Security posturePart 4: Security recommendationsPart 5: Security alertsPart 6: Attack path analysisPart 7: Cloud security explorerPart 8: WorkbooksPart 9: Regulatory compliancePart 10: Workload protectionsPart 11: Data and AI securityPart 12: Firewall managerPart 13: DevOps securityPart 14: Environment settingsPart 14A: Defender PlansPart 14B: Security policiesPart 14C: Email notifications, Workflow automation and Continuous Export, Security solutionsPart 15: Community Jussi Metso Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Media x facebook linkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe DEFENDER FOR CLOUD
CSPM Cloud Security Posture Management (CSPM) and some of it’s features January 11, 2023January 16, 2023 Table of Contents What is Cloud Security Posture Management in Azure? Cloud Security Posture Management… Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 7: Cloud Security Explorer February 22, 2025February 22, 2025 The Cloud Security Explorer allows you to run graph-based queries and proactively identify security risks in your cloud environment. You can query effective exposure to internet, permisisons, vulnerabilities, potential lateral movement and much more. Your security team can create and run different queries for different scenarios Read More
DATA SECURITY Sensitive data & Data Security Dashboard October 3, 2023October 3, 2023 Table of Contents Data-aware security posture in Defender for Cloud Microsoft have brought a new… Read More