Set Microsoft Defender for DNS to the Standard tier#
Security · Microsoft Defender for Cloud · Rule · 2023_03 · Critical
Enable Microsoft Defender for DNS.
Description#
Microsoft Defender for DNS provides additional protection for virtual networks and resources. It does this by monitoring Azure-provided DNS for suspicious and anomalous activity. By analyzing telemetry for DNS, Microsoft Defender for DNS can detect and alert on persistent threats such as:
- Data exfiltration from your Azure resources using DNS tunneling.
- Malware communicating with command and control servers.
- DNS attacks - communication with malicious DNS resolvers.
- Communication with domains used for malicious activities such as phishing and crypto mining.
Microsoft Defender for DNS can be enabled at the subscription level.
Recommendation#
Consider using Microsoft Defender for DNS to provide additional protection to virtual network and resources.
Examples#
Configure with Azure template#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2022-03-01",
"name": "Dns",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Dns'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure Verified Modules
A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:
To use the latest version:
Configure with Azure CLI#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
Configure with Azure PowerShell#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
Links#
- SE:10 Monitoring and threat detection
- What is Microsoft Defender for Cloud?
- Overview of Microsoft Defender for DNS
- Quickstart: Enable enhanced security features
- Azure security baseline for Azure DNS
- LT-1: Enable threat detection capabilities
- Azure Policy built-in policy definitions
- Azure deployment reference