Description:

Microsoft Defender for Azure Cosmos DB adds extra security to your Cosmos DB databases by detecting threats, monitoring for suspicious activity, and identifying risks or misconfigurations. Turning it “On” ensures your databases are continuously protected and that you receive alerts if any potential security issues arise.


Rationale:

Enabling Microsoft Defender for Azure Cosmos DB provides continuous monitoring, detects vulnerabilities and suspicious activities, improves threat protection, and helps maintain compliance. This reduces security risks and keeps your Cosmos DB environment protected.


Impact:

Enabling Microsoft Defender for Azure Cosmos DB improves security by providing continuous monitoring, real-time threat alerts, and vulnerability detection. It helps administrators respond quickly to unauthorized access or misconfigurations and offers recommendations to fix issues. This enhances overall protection and supports compliance with security best practices.


Default Value:

Microsoft Defender for Azure Cosmos DB is Off by default. It must be manually enabled at the subscription level in Microsoft Defender for Cloud.


Pre-requisites:

  • At least one Azure Cosmos DB account is deployed in the subscription.

  • Appropriate permissions (such as Security Admin, Owner, or Contributor) to enable Defender plans.

  • Defender for Cloud Billing is enabled for the subscription, as Microsoft Defender for Azure Cosmos DB is a paid plan.


Test Plan:

  1. Sign in to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Microsoft Defender for Cloud.

  3. Under Management, open Environment settings.

  4. Select the target subscription and go to Defender plans.

  5. Under Cloud Workload Protection (CWPP), select Databases to view the resource types.

  6. Locate Azure Cosmos DB and verify that its toggle is set to On.

  1. If it is off, follow the implementation Plan.


Implementation Plan:

  1. Sign in to the Azure Portal at https://portal.azure.com

  2. In the portal, search for Microsoft Defender for Cloud.

  3. Under Management, open Environment settings.

  4. Select the target subscription, and go to Defender plans.

                                

  1. Under Cloud Workload Protection (CWPP), select Databases to view the resource types.

                          

  1. locate Azure Cosmos DB, and verify that its toggle is set to On.

  1. Click Save to apply.


Backout Plan:

  1. Sign in to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Microsoft Defender for Cloud.

  3. Under Management, open Environment settings.

  4. Select the target subscription and go to Defender plans.

  5. Under Cloud Workload Protection (CWPP), select Databases to view the resource types.

  6. Locate Azure Cosmos DB and toggle it back to On.

  7. Click Save to apply the previous configuration.

Reference: