Visualize your Azure resources
The Architect feature shows the resources that are part of your cloud environment, how resources are connected to each other and also which resources are connected to the Internet. This enables you to visually analyze solution architectures. It also makes it easier to collaborate with others regarding possible changes and improvements to your solutions or the supporting infrastructure. With it you can explore our Azure demo environment free of charge to check out how it works.
Using this feature you can easily find a specific resource, investigate it's properties and see how it has been configured. It also shows you which resources have possible issues based on the audit result from the Policies feature. This provides you with easy access to detailed information that will help with gaining an in-depth understanding of your cloud environment, the resources that have been deployed in it, while also showing how each resource fits into the big picture and which issues might need to be addressed.
Increase security and improve governance
The Audit report feature is used to identify resources where configuration changes could improve security or governance. The feature is based around numerous policies where each policy has been developed to find specific information about how resources have been configured. The purpose of this is to see if there is an indication that there could be an issue with a resource which needs to be addressed.
This automated analysis is based on Microsoft's recommendations, Best Current Practices and aligned with IT security frameworks. All with the intent to provide you with insights on why each suggested change could improve governance, reduce risk or mitigate threats that target your environment.
Identify high risk user accounts and service principals
The Asset Manager feature helps you analyze user accounts and app registrations that have been assigned access or permissions in your Azure Active Directory tenant.
This makes it easier for you to review security related settings such as which external users have been granted access, which user or admin consents that have been granted to app registrations and which specific permissions that have been assigned to these.
The purpose of this feature is to provide you with insight into which user accounts and service principals could present a potential security risk. It's also possible to review which app registrations require renewed consent.
Insecure user accounts and service principals can be misused by someone outside of your organization to enumerate sensitive information from your Azure Active Directory tenant which then could be used in an attack.
Minimize exposure and mitigate residual threats
The IP Address Manager feature is used to gain insights into the public IP addresses, private IP addresses and network segments that are a part of your Azure environment.
It can be used to see all public IP addresses that are exposed to the Internet, the private IP addresses that individual resources have and which CIDR blocks have been assigned to the virtual networks. This means that it can also be used to detect possible CIDR block collisions which will prevent routing network traffic between virtual networks.
Since external threats target your Azure environment this feature lets you review the resources that are exposed, and which resources they are connected to, so that you can reach a decision on if additional security measures are needed or not. This information will help you minimize threat exposure. Based on the information you can decide if resources need to be removed, reconfigured or if risks need to be mitigated with additional Azure security related services such as Azure Firewall, App Gateway WAF, Azure Front Door etc.