Configure Microsoft Defender for Servers to the Standard tier and P2#

Security · Microsoft Defender for Cloud · Rule · 2022_09 · Critical

Enable Microsoft Defender for Servers.

Description#

Microsoft Defender for Servers automatically deploys an agent into your Windows and Linux machines to protect them.

With the unified integration of Microsoft Defender for Endpoint (MDE) you benefit from features like:

Threat and vulnerability management : to discover vulnerabilities and misconfigurations in real time
Security Policy and Regulatory Compliance integration
Qualys integration for real time identification of vulnerabilities without any license needed
Threat detection at OS level, network layer and control plane
Just-in-time (JIT) access : to reduce your machine's surface attack
And more.

Recommendation#

Consider using Microsoft Defender for Servers P2 to protect your virtual machines.

Examples#

Configure with Azure template#

To enable Defender for Servers:

Set the Standard pricing tier for Microsoft Defender for Servers and set the P2 sub plan.

For example:

Azure Template snippet

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "VirtualMachines",
    "properties": {
        "pricingTier": "Standard",
        "subPlan": "P2"
    }
}

Configure with Bicep#

To enable Defender for Servers:

Set the Standard pricing tier for Microsoft Defender for Servers and set the P2 sub plan.

For example:

Azure Bicep snippet

resource defenderForServers 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'VirtualMachines'
  properties: {
    pricingTier: 'Standard',
    subPlan: 'P2'
  }
}

Configure with Azure CLI#

Azure CLI snippet

az security pricing create -n 'VirtualMachines' --tier 'standard'

Configure with Azure PowerShell#

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'VirtualMachines' -PricingTier 'Standard'

Notes#

This rule applies when analyzing resources deployed (in-flight) to Azure.