Microsoft Defender External Attack Surface Overview, Concepts, and Vocabulary

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Welcome to an introduction to Microsoft Defender External Attack Surface Management (Defender EASM). This article will give you a high-level understanding of the concepts that help you understand your digital attack surface and the start of your Defender EASM Ninja Training journey. 


Enterprises have primarily invested in internal security controls to capture adversaries as they plan and execute cyber attacks. One of the recent products added to the Cyber Security portfolio, Defender EASM allows you to understand your attack surface from the outside-in perspective and see it how attackers do.


Most cyber attacks progress from the phases of attack planning to breach and data exfiltration. The sooner you can detect and stop the threat actor, the less expensive it will be for an organization. Most companies invest in solutions inside their firewall. However, organizations can leverage Defender EASM to extend visibility and control outside their firewall to detect and mitigate attacks in the planning phase and more efficiently respond to external adversaries before more material impact occurs.


Imagine seeing which or how many deprecated web components are displayed to a potential attacker so they can plan their attack. Defender EASM gives you this visibility. 


Microsoft Defender External Attack Surface Management’s technology is based on Microsoft’s acquisition of RiskIQ. These strong foundations have been developed further within Defender EASM to leverage Microsoft’s powerful threat intelligence and technology to develop a comprehensive inventory of digital assets to help defenders uncover potential infrastructure risks and highlight areas that may need attention. 



Figure 1 – Defender EASM Overview 



Figure 2 – Why Defender External Attack Surface Management? 



Figure 3 – Where does Microsoft’s External Attack Surface fit in your organization? 



Figure 4 – Where does Microsoft’s External Attack Surface fit in your organization? 

Concepts and Vocabulary

We’ll use the following terms throughout this training and the platform. Take some time to familiarize yourself with the below list. 



The attack surface is continuously changing. Defender External Attack Surface Management Discovery continually identifies new assets which need to be added to the Inventory to be put under management. 



The area where all the assets can be searched using the filter. 


Assets include IP addresses, IP Blocks, hosts, domains, pages, SSL Certificates, Autonomous System Numbers (ASNs), and Whois contacts.


Search which can be run against the Inventory to return assets that match the defined criteria.

Billable Assets 

Assets are only categorized as billable if placed in the Approved Inventory state. We do not charge for any other state. Additionally, duplicative host assets are NOT included in the billable asset count. 


Now that you have a high-level understanding of Defender EASM, you can continue your Ninja Training journey. The concepts and vocabulary shall be referenced continuously as you read through more articles and should give you the foundation knowledge needed to understand the subjects being discussed.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.