Set Microsoft Defender for Cosmos DB to the Standard tier#
Security · Microsoft Defender for Cloud · Rule · 2023_06 · Critical
Enable Microsoft Defender for Azure Cosmos DB.
Description#
Microsoft Defender for Azure Cosmos DB provides additional security insight for Azure Cosmos DB accounts.
Protection is provided by analyzing onboarded Cosmos DB accounts for unusual and potentially harmful attempts to access or exploit the accounts. Which allows Microsoft Defender for Cloud to produce security alerts that are triggered when anomalies in activity occur.
Security alerts for onboarded Cosmos DB accounts shows up in Defender for Cloud with details of the suspicious activity and recommendations on how to investigate and remediate the threats.
Microsoft Defender for Cosmos DB can be enabled at the subscription level and by doing so ensures all Cosmos DB accounts in the subscription will be protected, including future ones.
Recommendation#
Consider using Microsoft Defender for Azure Cosmos DB to provide additional security insights for Azure Cosmos DB accounts.
Examples#
Configure with Azure template#
To enable Microsoft Defender for Azure Cosmos DB accounts:
- Set the
Standard
pricing tier for Microsoft Defender for Azure Cosmos DB.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2024-01-01",
"name": "CosmosDbs",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep#
To enable Microsoft Defender for Azure Cosmos DB accounts:
- Set the
Standard
pricing tier for Microsoft Defender for Azure Cosmos DB.
For example:
resource defenderForCosmosDbs 'Microsoft.Security/pricings@2024-01-01' = {
name: 'CosmosDbs'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure Verified Modules
A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:
To use the latest version:
Configure with Azure CLI#
To enable Microsoft Defender for Azure Cosmos DB accounts:
- Set the
Standard
pricing tier for Microsoft Defender for Azure Cosmos DB.
For example:
Configure with Azure PowerShell#
To enable Microsoft Defender for Azure Cosmos DB accounts:
- Set the
Standard
pricing tier for Microsoft Defender for Azure Cosmos DB.
For example:
Notes#
Microsoft Defender for Azure Cosmos DB is currently available only for the NoSQL API.
Links#
- SE:10 Monitoring and threat detection
- What is Microsoft Defender for Cloud?
- Overview of Microsoft Defender for Azure Cosmos DB
- Enable Microsoft Defender for Azure Cosmos DB
- Quickstart: Enable enhanced security features
- Azure security baseline for Azure Cosmos DB
- DP-2: Monitor anomalies and threats targeting sensitive data
- LT-1: Enable threat detection capabilities
- Azure Policy built-in policy definitions
- Azure deployment reference