Skip to main content

lacework-global-606

2.1.9 Set Microsoft Defender for Cosmos DB To 'On' (Manual)

Profile Applicability

• Level 2

Description

Microsoft Defender for Cosmos DB scans all incoming network requests for threats to your Cosmos DB resources.

Rationale

In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.

Impact

Enabling Microsoft Defender for Cosmos requires enabling Microsoft Defender for your subscription. Both will incur additional charges.

Audit

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. On the Database row click on Select types >
  6. In the list of databases determine if the Cosmos DB radio button is set to On.

From Azure CLI

Ensure the output of the below command is Standard

az security pricing show -n CosmosDbs --query pricingTier

From Azure PowerShell

Get-AzSecurityPricing -Name 'CosmosDbs' | Select-Object Name,PricingTier

Ensure output of -PricingTier is Standard

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud.
  2. Select Environment Settings blade.
  3. Click the subscription name.
  4. Select the Defender plans blade.
  5. On the Database row click Select types >.
  6. Set the radio button next to Azure Cosmos DB to On.
  7. Click Continue.
  8. Click Save.

From Azure CLI

Run the following command:

az security pricing create -n 'CosmosDbs' --tier 'standard'

From Azure Powershell

Use the below command to enable Standard pricing tier for Cosmos DB:

Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard'

References

https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cosmos-db-security-baseline
https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enable-database-protections
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities

Last updated on