More Info:

Enable Microsoft Defender Standard Pricing Tier

Risk Level

Medium

Address

Operational Maturity

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of enabling Microsoft Defender Standard Pricing Tier in AZURE, you can follow these step-by-step instructions:
  1. Login to the AZURE portal using your credentials.
  2. Navigate to the Security Center from the left-hand menu.
  3. In the Security Center, click on the “Security Policy” option from the left-hand menu.
  4. In the Security Policy page, scroll down to the “Pricing tier” section and click on the “Edit” button.
  5. In the Pricing tier page, select the “Standard” option and click on the “Save” button.
  6. After saving the changes, wait for a few minutes to allow the changes to take effect.
  7. Verify that the Microsoft Defender Standard Pricing Tier is now enabled by checking the “Pricing tier” section in the Security Policy page.
By following these steps, you should be able to remediate the misconfiguration of enabling Microsoft Defender Standard Pricing Tier in AZURE.

To remediate the misconfiguration “Enable Microsoft Defender Standard Pricing Tier” in AZURE using AZURE CLI, follow these steps:
  1. Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.
  2. Login to your AZURE account using the command:
az login
  1. Once you are logged in, set the subscription that you want to work on using the command:
az account set --subscription <subscription_id>
  1. Next, enable Microsoft Defender Standard Pricing Tier using the command:
az security pricing create --name 'Default' --tier 'Standard'
  1. Verify that the pricing tier has been set to Standard using the command:
az security pricing show --name 'Default'
This will show you the details of the pricing tier that you have set.By following the above steps, you can remediate the misconfiguration “Enable Microsoft Defender Standard Pricing Tier” in AZURE using AZURE CLI.
To enable Microsoft Defender Standard Pricing Tier in Azure using Python, you can follow these steps:
  1. Install the Azure SDK for Python using the following command:
    pip install azure-mgmt-resource
    
  2. Authenticate using the Azure CLI or a service principal. You can use the following code to authenticate using a service principal:
    from azure.common.credentials import ServicePrincipalCredentials
    
    # Replace the values with your own
    subscription_id = 'your-subscription-id'
    client_id = 'your-client-id'
    secret = 'your-client-secret'
    tenant = 'your-tenant-id'
    
    credentials = ServicePrincipalCredentials(
        client_id=client_id,
        secret=secret,
        tenant=tenant
    )
    
  3. Create a ResourceManagementClient object using the authenticated credentials and the subscription ID:
    from azure.mgmt.resource import ResourceManagementClient
    from azure.mgmt.resource.resources.models import GenericResource
    
    resource_client = ResourceManagementClient(credentials, subscription_id)
    
  4. Get the resource group and the Microsoft Defender Security Center workspace. You can use the following code to get the resource group and workspace:
    resource_group_name = 'your-resource-group-name'
    workspace_name = 'your-workspace-name'
    
    workspace_resource = resource_client.resources.get(
        resource_group_name,
        'Microsoft.OperationalInsights/workspaces',
        workspace_name
    )
    
  5. Update the pricing tier for the workspace to PerNode. You can use the following code to update the pricing tier:
    workspace_resource.properties['sku'] = {
        'name': 'PerNode',
        'tier': 'Standard'
    }
    
    resource_client.resources.create_or_update(
        resource_group_name,
        'Microsoft.OperationalInsights/workspaces',
        workspace_name,
        GenericResource(location=workspace_resource.location, properties=workspace_resource.properties)
    )
    
  6. Verify that the pricing tier has been updated by checking the workspace properties:
    workspace = resource_client.resources.get(
        resource_group_name,
        'Microsoft.OperationalInsights/workspaces',
        workspace_name
    )
    
    print(workspace.properties['sku'])
    
This should enable Microsoft Defender Standard Pricing Tier in Azure for the specified workspace.