Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Attention: All Microsoft Defender for Cloud features will be officially retired in Azure in China region on August 18, 2026 per the announcement posted by 21Vianet.
Internet exposure analysis in Microsoft Defender for Cloud lets you understand which of your resources are exposed to the internet. Defender for Cloud uses internet exposure to determine the risk level of your misconfigurations, vulnerabilities, and other issues.
How Defender for Cloud detects internet exposure
Defender for Cloud assesses connected cloud resources to see if they're configured for internet exposure. Detecting internet exposure can be as simple as checking if a virtual machine (VM) has a public Internet Protocol (IP) address. However, the process can be more complex. Defender for Cloud attempts to locate internet-exposed resources in complex architectures. For example, a VM might not be directly exposed to the internet but could be behind a load balancer, which distributes network traffic across multiple servers to ensure no single server becomes overwhelmed.
The following table lists the resources that Defender for Cloud assesses for internet exposure:
| Category | Services/Resources |
|---|---|
| Virtual machines | Azure VM |
| Virtual machine clusters | Azure Virtual Machine Scale Set |
| Databases (DB) | Azure SQL Azure PostgreSQL Azure MySQL Azure SQL Managed Instance Azure MariaDB Azure Cosmos DB Azure Synapse |
| Storage | Azure Storage |
| AI | Azure OpenAI Service Azure AI Services Azure Cognitive Search |
| Containers | Azure Kubernetes Service (AKS) |
| API | Azure API Management Operations |
The following table lists the network components that Defender for Cloud assesses for internet exposure:
| Category | Services/Resources |
|---|---|
| Azure | Application gateway Load Balancer Azure Firewall Network Security Groups |
How to view internet exposed resources
Defender for Cloud offers a few different ways to view internet-exposed resources.
- Recommendations - Defender for Cloud prioritizes recommendations based on their exposure to the internet.