Set Microsoft Defender for DNS to the Standard tier

Security · Microsoft Defender for Cloud · Rule · 2023_03

Enable Microsoft Defender for DNS.

Description

Microsoft Defender for DNS provides additional protection for virtual networks and resources. It does this by monitoring Azure-provided DNS for suspicious and anomalous activity. By analyzing telemetry for DNS, Microsoft Defender for DNS can detect and alert on persistent threats such as:

• Data exfiltration from your Azure resources using DNS tunneling.
• Malware communicating with command and control servers.
• DNS attacks - communication with malicious DNS resolvers.
• Communication with domains used for malicious activities such as phishing and crypto mining.

Microsoft Defender for DNS can be enabled at the subscription level.

Recommendation

Consider using Microsoft Defender for DNS to provide additional protection to virtual network and resources.

Examples

Configure with Azure template

To enable Microsoft Defender for DNS:

• Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure Template snippet

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "Dns",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep

To enable Microsoft Defender for DNS:

• Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure Bicep snippet

resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'Dns'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI

To enable Microsoft Defender for DNS:

• Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure CLI snippet

az security pricing create -n 'Dns' --tier 'standard'

Configure with Azure PowerShell

To enable Microsoft Defender for DNS:

• Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'Dns' -PricingTier 'Standard'

Notes

This rule applies when analyzing resources deployed (in-flight) to Azure.

Links

• Security operations in Azure
• What is Microsoft Defender for Cloud?
• Overview of Microsoft Defender for DNS
• Quickstart: Enable enhanced security features
• Azure security baseline for Azure DNS
• LT-1: Enable threat detection capabilities
• Azure Policy built-in policy definitions
• Azure deployment reference

---

Last update: 2023-02-19

Comments