Set Microsoft Defender for DNS to the Standard tier#
Security · Microsoft Defender for Cloud · Rule · 2023_03
Enable Microsoft Defender for DNS.
Description#
Microsoft Defender for DNS provides additional protection for virtual networks and resources. It does this by monitoring Azure-provided DNS for suspicious and anomalous activity. By analyzing telemetry for DNS, Microsoft Defender for DNS can detect and alert on persistent threats such as:
- Data exfiltration from your Azure resources using DNS tunneling.
- Malware communicating with command and control servers.
- DNS attacks - communication with malicious DNS resolvers.
- Communication with domains used for malicious activities such as phishing and crypto mining.
Microsoft Defender for DNS can be enabled at the subscription level.
Recommendation#
Consider using Microsoft Defender for DNS to provide additional protection to virtual network and resources.
Examples#
Configure with Azure template#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2022-03-01",
"name": "Dns",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Dns'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure CLI#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
Configure with Azure PowerShell#
To enable Microsoft Defender for DNS:
- Set the
Standard
pricing tier for Microsoft Defender for DNS.
For example:
Notes#
This rule applies when analyzing resources deployed (in-flight) to Azure.
Links#
- Security operations in Azure
- What is Microsoft Defender for Cloud?
- Overview of Microsoft Defender for DNS
- Quickstart: Enable enhanced security features
- Azure security baseline for Azure DNS
- LT-1: Enable threat detection capabilities
- Azure Policy built-in policy definitions
- Azure deployment reference