lacework-global-610
Set Microsoft Defender for Resource Manager To 'On' (Manual)
Profile Applicability
• Level 2
Description
Microsoft Defender for Resource Manager scans incoming administrative requests to change your infrastructure from both CLI and the Azure portal.
Rationale
Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.
Impact
Enabling Microsoft Defender for Resource Manager requires enabling Microsoft Defender for your subscription. Both will incur additional charges.
Audit
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade - Click on the subscription name
- Select the
Defender plans
blade - Review the chosen pricing tier. For the
Resource Manager
resource typePlan
should be set toOn
.
From Azure CLI
Ensure the output of the below command is Standard
az security pricing show -n 'Arm' --query 'PricingTier'
From Azure PowerShell
Get-AzSecurityPricing -Name 'Arm' | Select-Object Name,PricingTier
Ensure the output of PricingTier
is Standard
Remediation
From Azure Portal
- Go to Microsoft Defender for Cloud.
- Select Environment Settings blade.
- Click the subscription name.
- Select the Defender plans blade.
- Select On under Status for Resource Manager.
- Select Save.
From Azure CLI
Use the below command to enable Standard pricing tier for Defender for Resource Manager:
az security pricing create -n 'Arm' --tier 'Standard'
From Azure PowerShell
Use the below command to enable Standard pricing tier for Defender for Resource Manager:
Set-AzSecurityPricing -Name 'Arm' -PricingTier 'Standard'
References
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-resource-manager-introduction
https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities