Description:

Azure Defender uses advanced security analytics and machine-learning technologies to evaluate events across the entire cloud fabric. Turning on Azure Defender enables threat detection for Server, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.


Rationale:

Azure Defender for Servers is the first Azure Defender plan available in the price settings for the subscription, and when you enable Azure Defender for Servers, the following some of the features become available:

  • Threat detections for supported versions of Windows and Linux.

  • Integration with Microsoft Defender for Endpoint (MDE), which is the Microsoft Endpoint Detection and Response (EDR) solution. In this case, the license is included for Servers only and not clients.

  • Regulatory compliance dashboard.


Impact:

Azure Defender for Storage provides:

  • Azure-native security - With 1-click enablement, Defender for Storage protects data stored in Azure Blob, Azure Files, and Data Lakes. 

  • Rich detection suite - Powered by Microsoft Threat Intelligence, the detections in Defender for Storage cover the top storage threats such as anonymous access, compromised credentials, social engineering, privilege abuse, and malicious content.

  • Response at scale - Security Center's automation tools make it easier to prevent and respond to identified threats.

Note: Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.


Default Value:

By default, Azure Defender off is selected.


Audit:

  1. Sign into your Azure account.

  2. Go to Security Center

  3. Select Pricing & settings blade

  4. Click on the appropriate subscription name for which you wanted to turned on the defender on

  5. Select the Azure Defender plans blade

  6. Review the chosen pricing tier(Enhanced Security plan must be selected). For the Storage resource type Plan should be set to On



Remediation:

Pre-requisites:

  1. An Azure account

  2. An Azure Defender plan for Enhanced security plan (Azure Defender is free for the first 30 days. At the end of 30 days, if you choose to continue using the service, you’ll automatically charged for usage).

Implementation Steps:

  1. Go to Security Center

  2. Select Pricing & settings blade

  3. Click on the subscription name

  4. Select the Azure Defender plans blade

  5. Review the chosen pricing tier. For the Storage resource type Plan should be set to On.

Backout Plan:

  1. Go to Security Center

  2. Select Pricing & settings blade

  3. Click on the subscription name

  4. Select the Azure Defender plans blade

  5. Review the chosen pricing tier. For the Storage resource type Plan should be set to Off(To revoke the changes to default).


References: