Ensure that Next Generation Firewall (NGFW) monitoring is enabled within your Microsoft Azure cloud account so that Microsoft Defender for Cloud can assess if the necessary network endpoints have a NGFW solution deployed. A Next Generation Firewall (NGFW) represents the third generation of firewall technology that combines a traditional firewall with other network device filtering functionalities such as application firewalls using in-line Deep Packet Inspection (DPI), Intrusion Prevention Systems (IPSs), TLS/SSL encrypted traffic inspectors, website filtering, QoS/bandwidth management, antivirus and 3rd-party identity management integration (i.e. LDAP, Active Directory, RADIUS). The goal of NGFWs is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A Next Generation Firewall (NGFW) extends Azure cloud network protection beyond Network Security Groups (NSGs). Once the monitoring feature is enabled, the Microsoft Defender for Cloud will search for deployments where a NGFW is recommended.
Audit
To determine if the Next Generation Firewall (NGFW) monitoring is enabled within the Microsoft Defender for Cloud security policy, perform the following actions:
Remediation / Resolution
To turn on the Next Generation Firewall (NGFW) monitoring in order to detect overly permissive inbound Network Security Group (NSG) rules, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Azure Policy built-in policy definitions
- Manage security policies
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token