iCompaas Support

Description:

Microsoft Defender for Key Vault provides advanced threat protection by detecting unauthorized access attempts, brute-force attacks, and suspicious activity that may indicate credential misuse. This check confirms that Microsoft Defender for Key Vault is enabled for the subscription under Defender for Cloud Environment Settings Key Vault, ensuring enhanced security monitoring beyond standard Key Vault logs.

Rationale:

This rule verifies that Microsoft Defender for Key Vault is enabled for the subscription. If Microsoft Defender for Key Vault is not set to On, the environment is classified as non-compliant due to the absence of enhanced threat detection and security monitoring for Key Vault resources.

Impact:

Enabling Microsoft Defender for Key Vault improves visibility into abnormal access attempts, provides continuous threat detection for sensitive Key Vault operations, and reduces the risk of secret compromise while strengthening compliance with security best practices.

Default Value:

Default behavior: Defender for Key Vault is NOT enabled by default, and it requires manual activation in Microsoft Defender for Cloud.

Pre-Requisites:

• Microsoft Defender for Cloud must be enabled in the subscription.

• Permissions required:

  • Microsoft.Security/pricings/write

  • Microsoft.KeyVault/vaults/read

• Access to Azure Portal, CLI, or PowerShell.

• Budgeting considerations for Defender plan costs.

Test Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Locate Microsoft Defender for Key Vault

7. Under Cloud Workload Protection (CWPP), Verify Microsoft Defender for Key Vault is set to On

8. If Microsoft Defender for Key Vault is not set to On, follow the implementation steps

Implementation Steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Under Cloud Workload Protection (CWPP), Locate Microsoft Defender for Key Vault

7. Set Microsoft Defender for Key Vault to On

8. Save the changes

Backout Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Search for and open Microsoft Defender for Cloud

3. Under the Management section, select Environment settings

4. Select the relevant subscription

5. Under Settings, open Defender plans

6. Under Cloud Workload Protection (CWPP), Locate Microsoft Defender for Key Vault

7. Set Microsoft Defender for Key Vault to Off

8. Save the changes

Reference:

• https://learn.microsoft.com/azure/defender-for-cloud/defender-for-key-vault-introduction

• https://learn.microsoft.com/azure/key-vault/general/security-features

• https://learn.microsoft.com/azure/security-benchmark/azure-security-benchmark-key-vault

• https://learn.microsoft.com/azure/governance/policy/samples/cis-azure-1-3-0