Azure audit securitycenter defender pricing tier remediation

Using Console

Using CLI

To remediate the misconfiguration “Enable Microsoft Defender Standard Pricing Tier” in AZURE using AZURE CLI, follow these steps:

Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.
Login to your AZURE account using the command:

az login

Once you are logged in, set the subscription that you want to work on using the command:

az account set --subscription <subscription_id>

Next, enable Microsoft Defender Standard Pricing Tier using the command:

az security pricing create --name 'Default' --tier 'Standard'

Verify that the pricing tier has been set to Standard using the command:

az security pricing show --name 'Default'

This will show you the details of the pricing tier that you have set.By following the above steps, you can remediate the misconfiguration “Enable Microsoft Defender Standard Pricing Tier” in AZURE using AZURE CLI.

Using Python

To enable Microsoft Defender Standard Pricing Tier in Azure using Python, you can follow these steps:

Install the Azure SDK for Python using the following command:
```
pip install azure-mgmt-resource
```

Authenticate using the Azure CLI or a service principal. You can use the following code to authenticate using a service principal:

from azure.common.credentials import ServicePrincipalCredentials

# Replace the values with your own
subscription_id = 'your-subscription-id'
client_id = 'your-client-id'
secret = 'your-client-secret'
tenant = 'your-tenant-id'

credentials = ServicePrincipalCredentials(
    client_id=client_id,
    secret=secret,
    tenant=tenant
)

Create a ResourceManagementClient object using the authenticated credentials and the subscription ID:

from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.resource.resources.models import GenericResource

resource_client = ResourceManagementClient(credentials, subscription_id)

Get the resource group and the Microsoft Defender Security Center workspace. You can use the following code to get the resource group and workspace:

resource_group_name = 'your-resource-group-name'
workspace_name = 'your-workspace-name'

workspace_resource = resource_client.resources.get(
    resource_group_name,
    'Microsoft.OperationalInsights/workspaces',
    workspace_name
)

Update the pricing tier for the workspace to PerNode. You can use the following code to update the pricing tier:

workspace_resource.properties['sku'] = {
    'name': 'PerNode',
    'tier': 'Standard'
}

resource_client.resources.create_or_update(
    resource_group_name,
    'Microsoft.OperationalInsights/workspaces',
    workspace_name,
    GenericResource(location=workspace_resource.location, properties=workspace_resource.properties)
)

Verify that the pricing tier has been updated by checking the workspace properties:

workspace = resource_client.resources.get(
    resource_group_name,
    'Microsoft.OperationalInsights/workspaces',
    workspace_name
)

print(workspace.properties['sku'])

This should enable Microsoft Defender Standard Pricing Tier in Azure for the specified workspace.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Azure audit securitycenter defender pricing tier remediation

Triage and Remediation

Remediation