Description
Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Rationaleβ
Enabling Microsoft Defender for Key Vault allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Impactβ
Turning on Microsoft Defender for Key Vault incurs an additional cost per resource.
Auditβ
This policy flags an Azure Subscription as INCOMPLIANT if the related Azure Defender Plan for Key Vaults has its Pricing Tier set to Free.
A Subscription is also marked as INCOMPLIANT if the Defender Plan for Key Vaults does not exist in the CMDB.
Default Valueβ
By default, Microsoft Defender plan is off.
Referencesβ
- https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities
- https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list
- https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
- https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-1-enable-threat-detection-capabilities