Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected

This setting enables Microsoft Defender for Cloud Apps (MCAS) integration with Microsoft Defender for Cloud.

Risk Level: High
Cloud Entity: Defender Integrations
CloudGuard Rule ID: D9.AZU.MON.73
Covered by Spectral: Yes
Category: Security Center

GSL LOGIC

DefenderIntegrations where name='MCAS' should have properties.enabled=true

REMEDIATION

From Portal

  1. Go to 'Microsoft Defender for Cloud'.
  2. Click on 'Environment Settings' blade.
  3. Select Security policy blade.
  4. Click On Edit Settings to alter the security policy for a subscription.
  5. Select the 'Integrations' blade under Settings.
  6. Check/Enable option 'Allow Microsoft Defender for Cloud Apps to access my data'.
  7. Click Save.

From TF
Set the 'setting_name' and 'enabled ' arguments under 'azurerm_security_center_setting' as below:

resource "azurerm_security_center_setting" "example" {
	...
	setting_name = "MCAS"
	enabled      = true
	...
}

From Command Line
Use the below command to enable Microsoft Defender for Cloud Apps
Run

az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/MCAS?api-version=2021-06-01 -d@'input.json''

Where input.json contains the Request body json data as mentioned below.
{
'id': '/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/settings/MCAS',
'kind': 'DataExportSettings',
'type': 'Microsoft.Security/settings',
'properties': {
'enabled': 'true'
}
}

References

  1. https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
  2. https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting

Defender Integrations

To enable Defender for Cloud to integrate with other Microsoft security services

Compliance Frameworks

  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset