Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
This setting enables Microsoft Defender for Cloud Apps (MCAS) integration with Microsoft Defender for Cloud.
Risk Level: High
Cloud Entity: Defender Integrations
CloudGuard Rule ID: D9.AZU.MON.73
Covered by Spectral: Yes
Category: Security Center
GSL LOGIC
DefenderIntegrations where name='MCAS' should have properties.enabled=true
REMEDIATION
From Portal
- Go to 'Microsoft Defender for Cloud'.
- Click on 'Environment Settings' blade.
- Select Security policy blade.
- Click On Edit Settings to alter the security policy for a subscription.
- Select the 'Integrations' blade under Settings.
- Check/Enable option 'Allow Microsoft Defender for Cloud Apps to access my data'.
- Click Save.
From TF
Set the 'setting_name' and 'enabled ' arguments under 'azurerm_security_center_setting' as below:
resource "azurerm_security_center_setting" "example" {
...
setting_name = "MCAS"
enabled = true
...
}
From Command Line
Use the below command to enable Microsoft Defender for Cloud Apps
Run
az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/MCAS?api-version=2021-06-01 -d@'input.json''
Where input.json contains the Request body json data as mentioned below.
{
'id': '/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/settings/MCAS',
'kind': 'DataExportSettings',
'type': 'Microsoft.Security/settings',
'properties': {
'enabled': 'true'
}
}
References
- https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
- https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting
Defender Integrations
To enable Defender for Cloud to integrate with other Microsoft security services
Compliance Frameworks
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago