Azure External Attack Surface Management

What it does

This skill gives an agent targeted, practical expertise for Azure External Attack Surface Management (EASM). It explains billing and billable-asset concepts, inventory filtering by asset type (domains, hosts, IPs, ASNs, pages, contacts, SSL certs), policy engine automation, and patterns for exporting discovery data to Log Analytics or Azure Data Explorer. The skill combines concise local reference material with links and fetch patterns for remote Microsoft Learn documentation so the agent can retrieve up-to-date guidance when needed.

When to use it

Use this skill when the agent must: estimate EASM billing impacts, construct inventory queries and filters, configure automation rules in Defender EASM, or integrate EASM discovery exports into Log Analytics / ADX for analysis. Avoid using it for unrelated Azure security domains (there are separate skills for Defender for Cloud, Sentinel, Firewall).

What's included

• Scripts: none included in the skill bundle (has_scripts=false)
• References: inline links to Microsoft Learn docs for limits, filters, and data connections (has_references=false but includes doc links in content)
• Instructions: category index for quick lookup, guidance to use network-fetch helpers (mcp_microsoftdocs or generic fetch_webpage) and to refresh generated metadata older than 3 months.

Compatible agents

Best suited for agents that can fetch remote docs and run web fetchers: Claude Code, GitHub Copilot-like assistants, and other agent runtimes with web-fetch capability.