Description:
Azure Defender uses advanced security analytics and machine-learning technologies to evaluate events across the entire cloud fabric. Turning on Azure Defender enables threat detection for Server, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.
Rationale:
Azure Defender for Servers is the first Azure Defender plan available in the price settings for the subscription, and when you enable Azure Defender for Servers, the following are some of the features become available:
Threat detections for supported versions of Windows and Linux.
Integration with Microsoft Defender for Endpoint (MDE), which is the Microsoft Endpoint Detection and Response (EDR) solution. In this case, the license is included for Servers only and not clients.
Regulatory compliance dashboard.
Impact:
When you enable Azure Defender for App Service, you immediately benefit from the following services offered by this Azure Defender plan:
Azure Defender for App Service uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that will be used later.
threats that can Azure Defender for App Service detect are:
Threats by MITRE ATT&CK tactics [Pre-attack, Intitial access, Execution threats]
Dangling DNS detection
Note: Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.
Default Value:
By default, Azure Defender off is selected.
Audit:
Sign in to your Azure account.
Go to Security Center
Select Pricing & settings blade
- Click on the subscription name
- Select the Azure Defender plans blade
- Review the chosen pricing tier. For the App service resource type Plan should be set to ON
An Azure account
An Azure Defender plan for Enhanced security plan (Azure Defender is free for the first 30 days. At the end of 30 days, if you choose to continue using the service, you’ll automatically charged for usage).
Implementation Steps:
Go to Security Center
Select Pricing & settings blade
Click on the subscription name
Select the Azure Defender plans blade
Review the chosen pricing tier. For the App service resource type Plan should be set to On.
Backout Plan:
Go to Security Center
Select Pricing & settings blade
Click on the subscription name
Select the Azure Defender plans blade
Review the chosen pricing tier. For the App service resource type Plan should be set to Off(To revoke the changes to default).