Configure Microsoft Defender for App Services to the Standard tier

Security · Microsoft Defender for Cloud · Rule · 2022_09 · Critical

Enable Microsoft Defender for App Service.

Description

Many attacks are performed first by probing web applications to find and exploit weaknesses. It is crucial to secure your applications, even while running in PaaS services like App Service.

Microsoft Defender for App Service identifies attacks over App Service thanks to cloud scale data analysis. It offers:

• Hardening capabilities for your App Services through assessments and security recommendations.
• Detection of threats at different levels such as underlying VMs, internal logs, I/O to your App Service, etc.
• Protection against common attack patterns like MITRE ATT&CK or even dangling DNS.

The solution is particularly efficient as it can can identify attack methodologies applying to multiple targets. The log data and the infrastructure together are used to enhance Defender for App Service globally.

Recommendation

Consider using Microsoft Defender for App Service to protect your web apps and APIs.

Examples

Configure with Azure template

To enable Defender for App Service:

• Set the Standard pricing tier for Microsoft Defender for App Service.

For example:

Azure Template snippet

{
  "type": "Microsoft.Security/pricings",
  "apiVersion": "2024-01-01",
  "name": "AppServices",
  "properties": {
    "pricingTier": "Standard"
  }
}

Configure with Bicep

To enable Defender for App Service:

• Set the Standard pricing tier for Microsoft Defender for App Service.

For example:

Azure Bicep snippet

resource defenderForAppServices 'Microsoft.Security/pricings@2024-01-01' = {
  name: 'AppServices'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure Verified Modules

A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:

br/public:avm/ptn/security/security-center:<version>

To use the latest version:

br/public:avm/ptn/security/security-center:0.1.1

---

• What is Azure Verified Modules?
• Usage and parameters for this module

Configure with Azure CLI

Azure CLI snippet

az security pricing create -n 'AppServices' --tier 'standard'

Configure with Azure PowerShell

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'AppServices' -PricingTier 'Standard'

Links

• SE:10 Monitoring and threat detection
• Securing applications and PaaS deployments
• Introduction to Microsoft Defender for App Service
• App Service security best practices
• Azure deployment reference

Comments