Skip to content

Set Microsoft Defender for Cosmos DB to the Standard tier#

Security · Microsoft Defender for Cloud · Rule · 2023_06 · Critical

Enable Microsoft Defender for Azure Cosmos DB.

Description#

Microsoft Defender for Azure Cosmos DB provides additional security insight for Azure Cosmos DB accounts.

Protection is provided by analyzing onboarded Cosmos DB accounts for unusual and potentially harmful attempts to access or exploit the accounts. Which allows Microsoft Defender for Cloud to produce security alerts that are triggered when anomalies in activity occur.

Security alerts for onboarded Cosmos DB accounts shows up in Defender for Cloud with details of the suspicious activity and recommendations on how to investigate and remediate the threats.

Microsoft Defender for Cosmos DB can be enabled at the subscription level and by doing so ensures all Cosmos DB accounts in the subscription will be protected, including future ones.

Recommendation#

Consider using Microsoft Defender for Azure Cosmos DB to provide additional security insights for Azure Cosmos DB accounts.

Examples#

Configure with Azure template#

To enable Microsoft Defender for Azure Cosmos DB accounts:

  • Set the Standard pricing tier for Microsoft Defender for Azure Cosmos DB.

For example:

Azure Template snippet
{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "CosmosDbs",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep#

To enable Microsoft Defender for Azure Cosmos DB accounts:

  • Set the Standard pricing tier for Microsoft Defender for Azure Cosmos DB.

For example:

Azure Bicep snippet
resource defenderForCosmosDb 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'CosmosDbs'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

To enable Microsoft Defender for Azure Cosmos DB accounts:

  • Set the Standard pricing tier for Microsoft Defender for Azure Cosmos DB.

For example:

Azure CLI snippet
az security pricing create -n 'CosmosDbs' --tier 'standard'

Configure with Azure PowerShell#

To enable Microsoft Defender for Azure Cosmos DB accounts:

  • Set the Standard pricing tier for Microsoft Defender for Azure Cosmos DB.

For example:

Azure PowerShell snippet
Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard'

Notes#

Microsoft Defender for Azure Cosmos DB is currently available only for the NoSQL API.

Comments