Skip to main content

lacework-global-610

2.1.13 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' (Manual)

Profile Applicability

• Level 2

Description

Microsoft Defender for Resource Manager scans incoming administrative requests to change your infrastructure from both CLI and the Azure portal.

Rationale

Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.

Impact

Enabling Microsoft Defender for Resource Manager requires enabling Microsoft Defender for your subscription. Both will incur additional charges.

Audit

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. Review the chosen pricing tier. For the Resource Manager resource type Plan should be set to On.

From Azure CLI

Ensure the output of the below command is Standard

az security pricing show -n 'Arm' --query 'PricingTier'

From Azure PowerShell

Get-AzSecurityPricing -Name 'Arm' | Select-Object Name,PricingTier

Ensure the output of PricingTier is Standard

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. On the line in the table for Resource Manager Select On under Plan.
  6. Select `Save

From Azure CLI

Use the below command to enable Standard pricing tier for Defender for Resource Manager

az security pricing create -n 'Arm' --tier 'Standard'

From Azure PowerShell

Use the below command to enable Standard pricing tier for Defender for Resource Manager

Set-AzSecurityPricing -Name 'Arm' -PricingTier 'Standard'

References

https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-resource-manager-introduction
https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities