[Security] Enable Microsoft Defender for Cloud #20
Description
Summary
Enable Microsoft Defender for Cloud for App Services and SQL Servers to detect vulnerabilities, provide security recommendations, and enable advanced threat protection.
Threats Addressed
- T-005: Data Exfiltration (High Risk)
- T-007: Unpatched Vulnerabilities (High Risk)
Current State
- No Defender for Cloud enabled for workload protection
- Relying on manual vulnerability assessments
Acceptance Criteria
- Defender for Cloud enabled for App Services (Standard tier)
- Defender for Cloud enabled for SQL Servers (Standard tier)
- SQL Advanced Threat Protection enabled
- Security alerts configured to notify admins
- Vulnerability assessment reports reviewed
Implementation Reference
See security-plan-sample-web-app.md for Bicep code samples.
\\�icep
resource defenderForAppService 'Microsoft.Security/pricings@2024-01-01' = {
name: 'AppServices'
properties: {
pricingTier: 'Standard'
}
}
resource defenderForSql 'Microsoft.Security/pricings@2024-01-01' = {
name: 'SqlServers'
properties: {
pricingTier: 'Standard'
}
}
resource sqlServerSecurityAlertPolicy 'Microsoft.Sql/servers/securityAlertPolicies@2023-08-01-preview' = {
parent: sqlServer
name: 'Default'
properties: {
state: 'Enabled'
emailAccountAdmins: true
}
}
\\
Priority
P2 - High - Implement within 30 days