Skip to content

Set Microsoft Defender Cloud Security Posture Management to the Standard plan#

Security · Microsoft Defender for Cloud · Rule · 2023_06

Enable Microsoft Defender Cloud Security Posture Management Standard plan.

Description#

Microsoft Defender Cloud Security Posture Management (CSPM) provides additional visibility across cloud environments to quickly detect configuration errors and remediate them through automation. It does this by keeping constant eye on the security state of your cloud resources in different environments.

By enabling the Defender Cloud CSPM Standard plan, Microsoft Defender provides advanced posture management capabilities such as:

  • Attack path analysis
  • Cloud security explorer
  • Advanced threat hunting
  • Security governance capabilities
  • Tools to assess your security compliance with a wide range of benchmarks, regulatory standards, and any custom security policies required in your organization, industry, or region

Microsoft Defender Cloud Security Posture Management (CSPM) can be enabled at the subscription level.

Recommendation#

Consider using Microsoft Defender Cloud Security Posture Management (CSPM) Standard plan to provide additional visibility across cloud environments.

Examples#

Configure with Azure template#

To enable Microsoft Defender Cloud Security Posture Management Standard plan:

  • Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure Template snippet
{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "CloudPosture",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep#

To enable Microsoft Defender Cloud Security Posture Management Standard plan:

  • Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure Bicep snippet
resource defenderCspm 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'CloudPosture'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

TTo enable Microsoft Defender Cloud Security Posture Management Standard plan:

  • Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure CLI snippet
az security pricing create -n 'CloudPosture' --tier 'standard'

Configure with Azure PowerShell#

To enable Microsoft Defender Cloud Security Posture Management Standard plan:

  • Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure PowerShell snippet
Set-AzSecurityPricing -Name 'CloudPosture' -PricingTier 'Standard'

Notes#

This rule applies when analyzing resources before deployed (pre-flight) and deployed (in-flight) to Azure.

Comments