Skip to content

Set Microsoft Defender for DNS to the Standard tier#

Security · Microsoft Defender for Cloud · Rule · 2023_03 · Critical

Enable Microsoft Defender for DNS.

Description#

Microsoft Defender for DNS provides additional protection for virtual networks and resources. It does this by monitoring Azure-provided DNS for suspicious and anomalous activity. By analyzing telemetry for DNS, Microsoft Defender for DNS can detect and alert on persistent threats such as:

  • Data exfiltration from your Azure resources using DNS tunneling.
  • Malware communicating with command and control servers.
  • DNS attacks - communication with malicious DNS resolvers.
  • Communication with domains used for malicious activities such as phishing and crypto mining.

Microsoft Defender for DNS can be enabled at the subscription level.

Recommendation#

Consider using Microsoft Defender for DNS to provide additional protection to virtual network and resources.

Examples#

Configure with Azure template#

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure Template snippet
{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "Dns",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep#

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure Bicep snippet
resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'Dns'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure CLI snippet
az security pricing create -n 'Dns' --tier 'standard'

Configure with Azure PowerShell#

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure PowerShell snippet
Set-AzSecurityPricing -Name 'Dns' -PricingTier 'Standard'

Notes#

This rule applies when analyzing resources deployed (in-flight) to Azure.

Comments