lacework-global-610
2.1.13 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' (Manual)
Profile Applicability
• Level 2
Description
Microsoft Defender for Resource Manager scans incoming administrative requests to change your infrastructure from both CLI and the Azure portal.
Rationale
Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.
Impact
Enabling Microsoft Defender for Resource Manager requires enabling Microsoft Defender for your subscription. Both will incur additional charges.
Audit
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade - Click on the subscription name
- Select the
Defender plans
blade - Review the chosen pricing tier. For the
Resource Manager
resource typePlan
should be set toOn
.
From Azure CLI
Ensure the output of the below command is Standard
az security pricing show -n 'Arm' --query 'PricingTier'
From Azure PowerShell
Get-AzSecurityPricing -Name 'Arm' | Select-Object Name,PricingTier
Ensure the output of PricingTier
is Standard
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade - Click on the subscription name
- Select the
Defender plans
blade - On the line in the table for
Resource Manager
SelectOn
underPlan
. - Select `Save
From Azure CLI
Use the below command to enable Standard pricing tier for Defender for Resource Manager
az security pricing create -n 'Arm' --tier 'Standard'
From Azure PowerShell
Use the below command to enable Standard pricing tier for Defender for Resource Manager
Set-AzSecurityPricing -Name 'Arm' -PricingTier 'Standard'
References
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-resource-manager-introduction
https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities