Skip to main content

πŸ“ Azure Subscription Microsoft Defender For Azure Cosmos DB is not set to On 🟒

  • Contextual name: πŸ“ Microsoft Defender For Azure Cosmos DB is not set to On 🟒
  • ID: /ce/ca/azure/subscription/microsoft-defender-for-cosmos-db
  • Located in: πŸ“ Azure Subscription

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Logic​

Description​

Open File

Description​

Microsoft Defender for Azure Cosmos DB scans all incoming network requests for threats to your Azure Cosmos DB resources.

Rationale​

In scanning Azure Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.

Impact​

Enabling Microsoft Defender for Azure Cosmos DB requires enabling Microsoft Defender for your subscription. Both will incur additional charges.

Audit​

From Azure Portal​
  1. Go to Microsoft Defender for Cloud.
  2. Under Management, select Environment Settings.
  3. Click on the subscription name.
  4. Select the Defender plans blade.
  5. On the Database row click on Select types >.
  6. Ensure the toggle switch next to Azure Cosmos DB is set to On.
From Azure CLI​

Ensure the output of the below command is Standard:

az security pricing show -n CosmosDbs --query pricingTier

... [see more](description.md)

Remediation​

Open File

Remediation​

From Azure Portal​

  1. Go to Microsoft Defender for Cloud.
  2. Under Management, select Environment Settings.
  3. Click on the subscription name.
  4. Select the Defender plans blade.
  5. On the Database row click on Select types >.
  6. Set the toggle switch next to Azure Cosmos DB to On.
  7. Click Continue.
  8. Click Save.

From Azure CLI​

Run the following command:

az security pricing create -n 'CosmosDbs' --tier 'standard'

From PowerShell​

Use the below command to enable Standard pricing tier for Azure Cosmos DB:

Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v2.1.0 β†’ πŸ’Ό 2.1.6 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' - Level 2 (Automated)1
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 3.1.7.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' (Automated)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Microsoft Defender Configuration26