🛡️ Azure Subscription Microsoft Defender For Azure Cosmos DB is not set to On🟢

• Contextual name: 🛡️ Microsoft Defender For Azure Cosmos DB is not set to On🟢
• ID: /ce/ca/azure/subscription/microsoft-defender-for-cosmos-db
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Subscription
  • 🔌 Azure Defender Plan - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Microsoft Defender for Azure Cosmos DB scans all incoming network requests for threats to your Azure Cosmos DB resources.

Rationale

In scanning Azure Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.

Impact

Enabling Microsoft Defender for Azure Cosmos DB requires enabling Microsoft Defender for your subscription. Both will incur additional charges.

Audit

This policy flags an Azure Subscription as INCOMPLIANT if the related Azure Defender Plan for Cosmos DBs has its Pricing Tier set to Free.

A Subscription is also marked as INCOMPLIANT if the Defender Plan for Cosmos DBs does not exist in the CMDB.

Default Value

By default, Microsoft Defender for Azure Cosmos DB is not enabled.

References

1. https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/

... see more

Remediation

Open File

Remediation

From Azure Portal

1. Go to Microsoft Defender for Cloud.
2. Under Management, select Environment Settings.
3. Click on the subscription name.
4. Select the Defender plans blade.
5. On the Database row click on Select types >.
6. Set the toggle switch next to Azure Cosmos DB to On.
7. Click Continue.
8. Click Save.

From Azure CLI

Run the following command:

az security pricing create -n 'CosmosDbs' --tier 'standard'

From PowerShell

Use the below command to enable Standard pricing tier for Azure Cosmos DB:

Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v2.1.0 → 💼 2.1.6 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' - Level 2 (Automated)			1		no data
💼 CIS Azure v3.0.0 → 💼 3.1.7.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' (Automated)			1		no data
💼 CIS Azure v4.0.0 → 💼 9.1.7.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' (Automated)			1		no data
💼 Cloudaware Framework → 💼 Microsoft Defender Configuration			26		no data