Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
Turning on Microsoft Defender for Storage enables threat detection for Storage, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Risk Level: High
Cloud Entity: Defender Integrations
CloudGuard Rule ID: D9.AZU.MON.72
Covered by Spectral: Yes
Category: Security Center
GSL LOGIC
DefenderIntegrations where name='WDATP' should have properties.enabled=true
REMEDIATION
From Portal
- Go to 'Microsoft Defender for Cloud'.
- Click on 'Environment Settings' blade.
- Select Security policy blade.
- Click On Edit Settings to alter the security policy for a subscription.
- Select the 'Integrations' blade under Settings.
- Check/Enable option 'Allow Microsoft Defender for Endpoint to access my data'.
- Click Save.
From TF
Set the 'setting_name' and 'enabled ' arguments under 'azurerm_security_center_setting' as below:
resource "azurerm_security_center_setting" "example" {
...
setting_name = "WDATP"
enabled = true
...
}
From Command Line
Use the below command to enable Microsoft Defender for Endpoint Integration
Run
az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/WDATP?api-version=2021-06-01 -d@'input.json''
Where input.json contains the Request body json data as mentioned below.
{
'id': '/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/settings/WDATP',
'kind': 'DataExportSettings',
'type': 'Microsoft.Security/settings',
'properties': {
'enabled': 'true'
}
}
References
- https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
- https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting
Defender Integrations
To enable Defender for Cloud to integrate with other Microsoft security services
Compliance Frameworks
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago