lacework-global-599
2.1.2 Set Microsoft Defender for App Services To 'On' (Manual)
Profile Applicability
• Level 2
Description
Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Rationale
Enabling Microsoft Defender for App Service allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Impact
Turning on Microsoft Defender for App Service incurs an additional cost per resource.
Audit
From Azure Portal
- Go to
Microsoft Defender for Cloud - Select
Environment Settingsblade - Click on the subscription name
- Select the
Defender plansblade - Review the chosen pricing tier. For the
App Serviceresource typePlanshould be set toOn.
From Azure CLI
Run the following command:
az security pricing show -n AppServices
Ensure -PricingTier is set to Standard
From Azure Powershell
Run the following command:
Get-AzSecurityPricing -Name 'AppServices' |Select-Object Name,PricingTier
Ensure the -PricingTier is set to Standard
Remediation
From Azure Portal
- Go to Microsoft Defender for Cloud.
- Select Environment Settings.
- Click the subscription name.
- Select Defender plans.
- Set App Service Status to On.
- Select Save.
From Azure CLI
Run the following command:
az security pricing create -n Appservices --tier 'standard'
From Azure Powershell
Run the following command:
Set-AzSecurityPricing -Name "AppServices" -PricingTier "Standard"
References
https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities
https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities