Skip to main content

Description

Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.

Rationale​

Enabling Microsoft Defender for App Service allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).

Impact​

Turning on Microsoft Defender for App Service incurs an additional cost per resource.

Audit​

From Azure Portal​

  1. Go to Microsoft Defender for Cloud.
  2. Under Management, select Environment Settings.
  3. Click on the subscription name.
  4. Select Defender plans.
  5. Ensure Status is On for App Service.

From Azure CLI​

Run the following command:

az security pricing show -n AppServices

Ensure PricingTier is set to Standard.

From PowerShell​

Run the following command:

Get-AzSecurityPricing -Name 'AppServices' |Select-Object Name,PricingTier

Ensure the PricingTier is set to Standard.

From Azure Policy​

If referencing a digital copy of this Benchmark, clicking a Policy ID will open a link to the associated Policy definition in Azure.

Default Value​

By default, Microsoft Defender plan is off.

References​

  1. https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities
  2. https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list
  3. https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
  4. https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing
  5. https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-1-enable-threat-detection-capabilities