Azure Introduction
Azure Pricing
Azure Threats
Enable Microsoft Defender Standard Pricing Tier
More Info:
Enable Microsoft Defender Standard Pricing Tier
Risk Level
Medium
Address
Operational Maturity
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of enabling Microsoft Defender Standard Pricing Tier in AZURE, you can follow these step-by-step instructions:
- Login to the AZURE portal using your credentials.
- Navigate to the Security Center from the left-hand menu.
- In the Security Center, click on the “Security Policy” option from the left-hand menu.
- In the Security Policy page, scroll down to the “Pricing tier” section and click on the “Edit” button.
- In the Pricing tier page, select the “Standard” option and click on the “Save” button.
- After saving the changes, wait for a few minutes to allow the changes to take effect.
- Verify that the Microsoft Defender Standard Pricing Tier is now enabled by checking the “Pricing tier” section in the Security Policy page.
By following these steps, you should be able to remediate the misconfiguration of enabling Microsoft Defender Standard Pricing Tier in AZURE.
To remediate the misconfiguration “Enable Microsoft Defender Standard Pricing Tier” in AZURE using AZURE CLI, follow these steps:
-
Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.
-
Login to your AZURE account using the command:
az login
- Once you are logged in, set the subscription that you want to work on using the command:
az account set --subscription <subscription_id>
- Next, enable Microsoft Defender Standard Pricing Tier using the command:
az security pricing create --name 'Default' --tier 'Standard'
- Verify that the pricing tier has been set to Standard using the command:
az security pricing show --name 'Default'
This will show you the details of the pricing tier that you have set.
By following the above steps, you can remediate the misconfiguration “Enable Microsoft Defender Standard Pricing Tier” in AZURE using AZURE CLI.
To enable Microsoft Defender Standard Pricing Tier in Azure using Python, you can follow these steps:
-
Install the Azure SDK for Python using the following command:
pip install azure-mgmt-resource -
Authenticate using the Azure CLI or a service principal. You can use the following code to authenticate using a service principal:
from azure.common.credentials import ServicePrincipalCredentials # Replace the values with your own subscription_id = 'your-subscription-id' client_id = 'your-client-id' secret = 'your-client-secret' tenant = 'your-tenant-id' credentials = ServicePrincipalCredentials( client_id=client_id, secret=secret, tenant=tenant ) -
Create a
ResourceManagementClientobject using the authenticated credentials and the subscription ID:from azure.mgmt.resource import ResourceManagementClient from azure.mgmt.resource.resources.models import GenericResource resource_client = ResourceManagementClient(credentials, subscription_id) -
Get the resource group and the Microsoft Defender Security Center workspace. You can use the following code to get the resource group and workspace:
resource_group_name = 'your-resource-group-name' workspace_name = 'your-workspace-name' workspace_resource = resource_client.resources.get( resource_group_name, 'Microsoft.OperationalInsights/workspaces', workspace_name ) -
Update the pricing tier for the workspace to
PerNode. You can use the following code to update the pricing tier:workspace_resource.properties['sku'] = { 'name': 'PerNode', 'tier': 'Standard' } resource_client.resources.create_or_update( resource_group_name, 'Microsoft.OperationalInsights/workspaces', workspace_name, GenericResource(location=workspace_resource.location, properties=workspace_resource.properties) ) -
Verify that the pricing tier has been updated by checking the workspace properties:
workspace = resource_client.resources.get( resource_group_name, 'Microsoft.OperationalInsights/workspaces', workspace_name ) print(workspace.properties['sku'])
This should enable Microsoft Defender Standard Pricing Tier in Azure for the specified workspace.