🛡️ Azure Subscription Microsoft Defender CSPM is not set to On🟢

• Contextual name: 🛡️ Microsoft Defender CSPM is not set to On🟢
• ID: /ce/ca/azure/subscription/microsoft-defender-for-cspm
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Subscription
  • 🔌 Azure Defender Plan - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Enable Microsoft Defender CSPM to continuously assess cloud resources for security misconfigurations, compliance risks, and exposure to threats.

Rationale

Microsoft Defender CSPM provides detailed visibility into the security state of assets and workloads and offers hardening guidance to help improve security posture.

Impact

Enabling Microsoft Defender CSPM incurs hourly charges for each billable compute, database, and storage resource. This can lead to significant costs in larger environments. Careful planning and cost analysis are recommended before enabling the service. Refer to https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/#pricing for pricing information.

Audit

This policy flags an Azure Subscription as INCOMPLIANT if the related Azure Defender Plan for CSPM has its Pricing Tier set to Free.

A Subscription is also marked as INCOMPLIANT if the Defender Plan for CSPM does not exist in the CMDB.

Default Value

By default, Microsoft Defender plan is off.

... see more

Remediation

Open File

Remediation

From Azure Portal

1. Go to Microsoft Defender for Cloud.
2. Under Management, select Environment Settings.
3. Click the name of a subscription.
4. Select the Defender plans blade.
5. Under Cloud Security Posture Management (CSPM), in the row for Defender CSPM, set the toggle switch for Status to On.
6. Click Save.

From Azure CLI

Run the following command to enable Defender CSPM:

az security pricing create --name CloudPosture --tier Standard --extensions name=ApiPosture isEnabled=true

From PowerShell

Run the following command to enable Defender CSPM:

Set-AzSecurityPricing -Name CloudPosture -PricingTier Standard -Extension '[{"name":"ApiPosture","isEnabled":"True"}]'

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 8.1.1.1 Ensure Microsoft Defender CSPM is set to 'On' (Automated)			1		no data
💼 Cloudaware Framework → 💼 Microsoft Defender Configuration			29		no data