Azure Microsoft Defender for Cloud Defender plans is set to Off
Description
The standard pricing tier enables threat detection for networks and virtual machines and allows greater defense-in-depth. It provides threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center. Threat detection is provided by the Microsoft Security Response Center (MSRC).
Code Example
shell
{
"az account get-access-token
--query
"{subscription:subscription,accessToken:accessToken}"
--out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type:
application/json"
https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pr
icings/default?api-version=2017-08-01-preview -d@"input.json"'",
}Remediation
- Azure Portal To change the policy using the Azure Portal, follow these steps:*
. Log in to the Azure Portal at https://portal.azure.com.
. Navigate to the * Azure Security Center*.
. Select * Security policy* blade.
. To alter the the security policy for a subscription, click * Edit Settings*.
. Select * Pricing tier* blade.
. Select * Standard*.
. Select * Save*.
- CLI Command*
To set the * Pricing Tier* to * Standard*, use the following command:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0530 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | ARM, |
| Checkov ID | CKV_AZURE_19 |