Set Microsoft Defender Cloud Security Posture Management to the Standard plan

Security · Microsoft Defender for Cloud · Rule · 2023_06 · Critical

Enable Microsoft Defender Cloud Security Posture Management Standard plan.

Description

Microsoft Defender Cloud Security Posture Management (CSPM) provides additional visibility across cloud environments to quickly detect configuration errors and remediate them through automation. It does this by keeping constant eye on the security state of your cloud resources in different environments.

By enabling the Defender Cloud CSPM Standard plan, Microsoft Defender provides advanced posture management capabilities such as:

• Attack path analysis
• Cloud security explorer
• Advanced threat hunting
• Security governance capabilities
• Tools to assess your security compliance with a wide range of benchmarks, regulatory standards, and any custom security policies required in your organization, industry, or region

Microsoft Defender Cloud Security Posture Management (CSPM) can be enabled at the subscription level.

Recommendation

Consider using Microsoft Defender Cloud Security Posture Management (CSPM) Standard plan to provide additional visibility across cloud environments.

Examples

Configure with Azure template

To enable Microsoft Defender Cloud Security Posture Management Standard plan:

• Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure Template snippet

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "CloudPosture",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep

To enable Microsoft Defender Cloud Security Posture Management Standard plan:

• Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure Bicep snippet

resource defenderCspm 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'CloudPosture'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI

TTo enable Microsoft Defender Cloud Security Posture Management Standard plan:

• Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure CLI snippet

az security pricing create -n 'CloudPosture' --tier 'standard'

Configure with Azure PowerShell

To enable Microsoft Defender Cloud Security Posture Management Standard plan:

• Set the Standard pricing tier for Microsoft Defender Cloud Security Posture Management.

For example:

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'CloudPosture' -PricingTier 'Standard'

Notes

This rule applies when analyzing resources before deployed (pre-flight) and deployed (in-flight) to Azure.

Links

• Security operations in Azure
• What is Microsoft Defender for Cloud?
• Cloud Security Posture Management (CSPM)
• Quickstart: Enable enhanced security features
• LT-1: Enable threat detection capabilities
• Azure Policy built-in policy definitions
• Azure deployment reference

Comments