Description
Microsoft Defender for Resource Manager scans incoming administrative requests to change your infrastructure from both CLI and the Azure portal.
Rationaleβ
Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.
Impactβ
Enabling Microsoft Defender for Resource Manager requires enabling Microsoft Defender for your subscription. Both will incur additional charges.
Auditβ
This policy flags an Azure Subscription as INCOMPLIANT if the related Azure Defender Plan for Resource Manager has its Pricing Tier set to Free.
A Subscription is also marked as INCOMPLIANT if the Defender Plan for Resource Manager does not exist in the CMDB.
Default Valueβ
By default, Microsoft Defender for Resource Manager is not enabled.
Referencesβ
- https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
- https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-resource-manager-introduction
- https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
- https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-1-enable-threat-detection-capabilities