Ensure That Microsoft Defender for Servers Is Set to 'On'

Risk Level: High
Cloud Entity: Defender Plans
CloudGuard Rule ID: D9.AZU.MON.65
Covered by Spectral: No
Category: Security Center

GSL LOGIC

DefenderPlans where name='VirtualMachines' should have properties.pricingTier='Standard'

REMEDIATION

From Portal

Go to 'Microsoft Defender for Cloud'.
Click on 'Environment Settings' blade.
Click on the subscription name.
Select the Defender plans blade.
On the line in the table for Servers Select On under Plan.
Click Save.

From TF
Set the 'tier' and 'resource_type' arguments under 'azurerm_security_center_subscription_pricing' as below:

resource "azurerm_security_center_subscription_pricing" "example" {
	...
	tier    = "Standard"
	resource_type = "VirtualMachines"
	...
}

From Command Line

Use the below command to enable Azure Defender for Servers
Run

az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/VirtualMachines?api-version=2018-06-01 -d@'input.json''

Where input.json contains the Request body json data as mentioned below.

{
  "id": "/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/pricings/VirtualMachines",
  "name": "VirtualMachines",
  "type": "Microsoft.Security/pricings",
  "properties": {
    "pricingTier": "Standard"
  }
}

References

Defender Plans

The Defender plans of Microsoft Defender for Cloud offer comprehensive defenses for the compute, data, and service layers of your environment

Compliance Frameworks

Azure CIS Foundations v. 1.2.0
Azure CIS Foundations v. 1.3.0
Azure CIS Foundations v. 1.3.1
Azure CIS Foundations v. 1.4.0
Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset

Updated 7 months ago