Azure audit securitycenter defender enabled for keyvault remediation

Triage and Remediation

Remediation

Using Console

Using CLI

Using Python

To remediate the misconfiguration of not having Microsoft Defender for Cloud enabled for Key Vaults in Azure using Python, you can follow the below steps:

First, you need to install the Azure SDK for Python using the following command:

pip install azure-mgmt-resource azure-mgmt-keyvault

After installation, you need to authenticate with Azure using the following code:

from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.keyvault import KeyVaultManagementClient

credential = DefaultAzureCredential()

resource_client = ResourceManagementClient(
    credential=credential,
    subscription_id="<subscription-id>"
)

keyvault_client = KeyVaultManagementClient(
    credential=credential,
    subscription_id="<subscription-id>"
)

Replace <subscription-id> with your Azure subscription ID.

Next, you need to get the resource group and Key Vault that you want to enable Microsoft Defender for Cloud on:

resource_group_name = "<resource-group-name>"
key_vault_name = "<key-vault-name>"

key_vault = keyvault_client.vaults.get(
    resource_group_name,
    key_vault_name
)

Replace <resource-group-name> and <key-vault-name> with the names of your resource group and Key Vault.

Finally, you can enable Microsoft Defender for Cloud on the Key Vault using the following code:

from azure.mgmt.keyvault.models import VaultProperties, VaultPatchProperties

key_vault.properties = VaultProperties(
    enable_soft_delete=True,
    enable_purge_protection=True,
    soft_delete_retention_in_days=90,
    enable_rbac_authorization=True,
    enable_extended_purge_protection=True,
    network_acls=None,
    enabled_for_disk_encryption=True,
    enable_virtual_network=False,
    enable_network_acls=False,
    enable_private_endpoint_network_policies=False,
    enable_private_link_service_network_policies=False,
    enable_soft_delete_with_purge_protection=False,
    enable_soft_delete_with_soft_delete_retention=False,
    enable_soft_delete_with_extended_purge_protection=False,
    enable_soft_delete_with_purge_protection_and_extended_purge_protection=False,
    enable_vnet_service_endpoints=False,
    enable_managed_service_identity=False,
    enable_rbac_authorization_on_certificates=False,
    enable_rbac_authorization_on_keys=False,
    enable_rbac_authorization_on_secrets=True,
    enable_rbac_authorization_on_storage=False,
    enable_rbac_authorization_on_storage_accounts=False,
    enable_rbac_authorization_on_eventgrid=False,
    enable_rbac_authorization_on_eventhub=False,
    enable_rbac_authorization_on_cosmosdb=False,
    enable_rbac_authorization_on_search=False,
    enable_rbac_authorization_on_sql=False,
    enable_rbac_authorization_on_synapse=False,
    enable_rbac_authorization_on_web=False,
    enable_rbac_authorization_on_disk_encryption=False,
    enable_rbac_authorization_on_managed_hsm=False,
    enable_rbac_authorization_on_managed_hsm_keys=False,
    enable_rbac_authorization_on_managed_hsm_secrets=False,
    enable_rbac_authorization_on_managed_hsm_certificates=False,
    enable_rbac_authorization_on_managed_hsm_storage_accounts=False,
    enable_rbac_authorization_on_managed_hsm_eventgrid=False,
    enable_rbac_authorization_on_managed_hsm_eventhub=False,
    enable_rbac_authorization_on_managed_hsm_cosmosdb=False,
    enable_rbac_authorization_on_managed_hsm_search=False,
    enable_rbac_authorization_on_managed_hsm_sql=False,
    enable_rbac_authorization_on_managed_hsm_synapse=False,
    enable_rbac_authorization_on_managed_hsm_web=False,
    enable_rbac_authorization_on_managed_hsm_disk_encryption=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_keys=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_secrets=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_certificates=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_storage_accounts=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_eventgrid=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_eventhub=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_cosmosdb=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_search=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_sql=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_synapse=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_web=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_disk_encryption=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_keys=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_secrets=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_certificates=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_storage_accounts=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_eventgrid=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_eventhub=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_cosmosdb=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_search=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_sql=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_synapse=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_web=False,
    enable_rbac_authorization_on_managed_hsm_managed_hsm_managed_hsm_disk_encryption=False
)

keyvault_client.vaults.update(
    resource_group_name,
    key_vault_name,
    VaultPatchProperties(properties=key_vault.properties)
)

This will enable Microsoft Defender for Cloud on the Key Vault in Azure.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Azure audit securitycenter defender enabled for keyvault remediation

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​Triage and Remediation

​Remediation

Triage and Remediation

Remediation