Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in Trend Vision One™ Cloud Risk Management. For details, please refer to Upgrade to Trend Vision One
Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Microsoft Defender for Azure AI Foundry

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that Microsoft Defender for Cloud is enabled for your Azure AI Foundry resources in order to provide enhanced security by detecting threats, monitoring unusual activity, and offering recommendations to protect your data from vulnerabilities and breaches.

Security

Microsoft Defender for Cloud provides action-oriented recommendations and security alerts with details of the suspicious activity and guidance on how to mitigate the security threats. With Microsoft Defender for AI Foundry, you obtain an extra layer of security intelligence that detects unusual and potentially harmful activity in your AI Foundry resources. This makes it easier to address threats, even without deep security expertise, and connects directly with your existing security monitoring systems.

Audit

To determine if Microsoft Defender for Cloud is enabled for your Azure AI Foundry resources, perform the following operations:

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Microsoft Defender for Cloud blade available at https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0.

03 In the left navigation panel, under Management, choose Environment settings.

04 Under Azure and Tenant Root Group, click on the name (link) of the Azure subscription that you want to examine.

05 In the left navigation panel, under Settings, choose Defender plans to access the Defender for Cloud pricing plans available for the selected Azure subscription.

06 In the Cloud Workload Protection (CWPP) section, check the pricing plan status listed in the Status column for the AI Services plan. If the pricing plan status for AI Services is set to Off, Microsoft Defender for Cloud is not enabled for the Azure AI Foundry resources available in the selected subscription.

07 Repeat steps no. 4 – 6 for each Azure subscription created within your Microsoft Azure account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run security pricing list command (Windows/macOS/Linux) with custom output filters to describe the name of the Microsoft Defender for Cloud pricing plan configured for AI Foundry resources, in the selected Azure subscription: 

az security pricing list
	--query 'value[?(name==`AI`)].pricingTier'

05 The command output should return the pricing plan (tier) configured for the AI Foundry resources: 

[
	"Free"
]

If the security pricing list command output returns "Free", as shown in the output example above, Microsoft Defender for Cloud is not enabled for the Azure AI Foundry resources available in the selected subscription.

06 Repeat steps no. 3 - 5 for each Azure subscription available in your Microsoft Azure cloud account.

Remediation / Resolution

To enable Microsoft Defender for Cloud for your Azure AI Foundry resources, perform the following operations:

Turning on Microsoft Defender for Cloud for Azure AI Foundry resources incurs an additional cost.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Microsoft Defender for Cloud blade available at https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0.

03 In the left navigation panel, under Management, choose Environment settings.

04 Under Azure and Tenant Root Group, click on the name (link) of the Azure subscription that you want to configure.

05 In the left navigation panel, under Settings, choose Defender plans to access the Defender for Cloud pricing plans available for the selected Azure subscription.

06 In the Cloud Workload Protection (CWPP) section, perform the following actions:

  1. Choose On for the AI Services pricing plan, in the Status column, to enable Microsoft Defender for Cloud for the Azure AI Foundry resources.
  2. Choose Settings > for the AI Services pricing plan, in the Monitoring coverage column, and make sure that all the plan components (extensions) are turned on. Choose Continue to return to the Defender plans page.
  3. Choose Save from the top menu to apply the changes.

07 Repeat step no. 4 – 6 for each Azure subscription available in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run security pricing create command (Windows/macOS/Linux) to enable the Standard tier (i.e., Standard pricing plan) for the AI plan. This will enable Microsoft Defender for Cloud for your Azure AI Foundry resources: 

az security pricing create
	--name AI
	--tier standard

05 The command output should return the configuration information available for modified pricing plan: 

{
	"deprecated": null,
	"enablementTime": "2025-09-04T16:55:30.334574+00:00",
	"extensions": [
		{
			"additionalExtensionProperties": null,
			"isEnabled": "True",
			"name": "AIPromptEvidence",
			"operationStatus": null
		},
		{
			"additionalExtensionProperties": null,
			"isEnabled": "True",
			"name": "AIPromptSharingWithPurview",
			"operationStatus": null
		}
	],
	"freeTrialRemainingTime": "0:00:00",
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/providers/Microsoft.Security/pricings/AI",
	"name": "AI",
	"pricingTier": "Standard",
	"replacedBy": null,
	"subPlan": null,
	"type": "Microsoft.Security/pricings"
}

06 Repeat steps no. 3 - 5 for each Azure subscription available in your Microsoft Azure cloud account.

References

Publication date Sep 10, 2025

Related AIFoundry rules