Description:
Microsoft Defender for Azure Cosmos DB scans all incoming network requests for threats to your Azure Cosmos DB resources.
Rationale:
In scanning Azure Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.
Impact:
Enabling Microsoft Defender for Azure Cosmos DB requires enabling Microsoft Defender for your subscription. Both will incur additional charges.
Audit:
From Azure Portal
1. Go to Microsoft Defender for Cloud
2. Select Environment Settings blade
3. Click on the subscription name
4. Select the Defender plans blade
5. On the Database row click on Select types >
6. Ensure the radio button next to Azure Cosmos DB is set to On.
From Azure CLI
Ensure the output of the below command is Standard
az security pricing show -n CosmosDbs --query pricingTier
From PowerShell
Get-AzSecurityPricing -Name 'CosmosDbs' | Select-Object Name,PricingTier
Ensure output of -PricingTier is Standard
Remediation:
From Azure Portal
1. Go to Microsoft Defender for Cloud.
2. Select Environment Settings blade.
3. Click on the subscription name.
4. Select the Defender plans blade.
5. On the Database row click on Select types >.
6. Set the radio button next to Azure Cosmos DB to On.
7. Click Continue.
8. Click Save.
From Azure CLI
Run the following command:
az security pricing create -n 'CosmosDbs' --tier 'standard'
From PowerShell
Use the below command to enable Standard pricing tier for Azure Cosmos DB
Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard
Default Value:
By default, Microsoft Defender for Azure Cosmos DB is not enabled.
References:
1. https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
2. https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhancedsecurity
3. https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
4. https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cosmosdb-security-baseline
5. https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enabledatabase-protections