iCompaas Support

Description:

Azure Defender uses advanced security analytics and machine-learning technologies to evaluate events across the entire cloud fabric. Turning on Azure Defender enables threat detection for Server, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.

Rationale:

Enabling Azure Defender for Servers provides advanced threat detection for supported Windows and Linux servers, integrates with Microsoft Defender for Endpoint for endpoint protection, and offers a regulatory compliance dashboard to help monitor security posture and meet compliance requirements across workloads.

Impact:

Azure Defender for Servers includes an integrated Microsoft Defender for Endpoint license, built-in vulnerability assessment using Microsoft Threat and Vulnerability Management or Qualys, and Docker host hardening that detects unmanaged containers and continuously assesses container security configurations.

Note: Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.

Default Value:

By default, Azure Defender is off.

Test plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management, Select Environment settings

4. Choose the relevant subscription, under the settings, click Defender plans.

5. Open Cloud workload protection

6. Locate Microsoft Defender for Servers

7. Verify Microsoft Defender for Servers is set to On

8. If Microsoft Defender for Servers is not set to On, follow the implementation steps

Implementation steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management, Select Environment settings

4. Choose the relevant subscription, under the settings, click Defender plans.

5. Open Cloud workload protection

6. Locate Microsoft Defender for Servers

7. Set Microsoft Defender for Servers to On

8. Save the changes

Backout Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management, Select Environment settings

4. Choose the relevant subscription, under the settings, click Defender plans.

5. Open Cloud workload protection

6. Locate Microsoft Defender for Servers

7. Verify Microsoft Defender for Servers is set to off.

8. Save the changes.

References:

• https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities

• https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list

• https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update

• https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing

• https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security#es-1-use-endpoint-detection-and-response-edr