Set Microsoft Defender for Key Vault to the Standard tier

Security · Microsoft Defender for Cloud · Rule · 2023_03 · Critical

Enable Microsoft Defender for Key Vault.

Description

Microsoft Defender for Key Vault provides additional protection for keys and secrets stored in Key Vaults. It does this by detecting unusual and potentially harmful attempts to access or exploit Key Vault accounts. This protection is provided by analyzing telemetry from Key Vault and Microsoft Defender for Cloud.

When anomalous activities occur, Defender for Key Vault shows alerts to relevant members of your organization. These alerts include the details of the suspicious activity and recommendations on how to investigate and remediate threats.

Microsoft Defender for Key Vault can be enabled at the subscription level for all Key Vaults in the subscription. Azure Policy can be used to automatically enable Microsoft Defender for Key Vault a subscription.

Recommendation

Consider using Microsoft Defender for Key Vault to provide additional protection to Key Vaults.

Examples

Configure with Azure template

To enable Microsoft Defender for Key Vault:

• Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

Azure Template snippet

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "KeyVaults",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep

To enable Microsoft Defender for Key Vault:

• Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

Azure Bicep snippet

resource defenderForKeyVaults 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'KeyVaults'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI

To enable Microsoft Defender for Key Vault:

• Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

Azure CLI snippet

az security pricing create -n 'KeyVaults' --tier 'standard'

Configure with Azure PowerShell

To enable Microsoft Defender for Key Vault:

• Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'KeyVaults' -PricingTier 'Standard'

Notes

This rule applies when analyzing resources deployed (in-flight) to Azure.

Links

• Security operations in Azure
• What is Microsoft Defender for Cloud?
• Overview of Microsoft Defender for Key Vault
• Quickstart: Enable enhanced security features
• Azure security baseline for Key Vault
• LT-1: Enable threat detection capabilities
• Azure Policy built-in policy definitions
• Azure deployment reference

Comments