Ensure that all Microsoft Defender for Cloud recommendations generated for your Azure cloud account are examined and implemented in order to follow security best practices and meet regulatory compliance and standards. Microsoft Defender for Cloud is a security management service that helps you prevent, detect, and respond to threats with increased visibility and control over the security of your Azure cloud resources. The service periodically analyzes the security state of your cloud resources and when it identifies potential security vulnerabilities, it creates recommendations. These recommendations (also known as security tasks) are guided actions that you can take in order to secure the impacted resources.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When Microsoft Defender for Cloud identifies potential security issues and vulnerabilities, it creates recommendations that guide you through the process of configuring the needed controls to harden and protect your Azure cloud resources.
Audit
To check for Microsoft Defender for Cloud recommendations within your Azure cloud account, perform the following operations:
Remediation / Resolution
To put the specified Microsoft Defender for Cloud recommendation into action (i.e. enable Microsoft Defender for Cloud for Azure storage accounts), perform the following operations:
Note: As an example, this conformity rule demonstrates how to analyze and implement a Microsoft Defender for Cloud recommendation that proposes enabling Microsoft Defender for Cloud for Azure storage accounts. Turning on Defender for Cloud for the specified resource type (i.e. storage accounts) incurs an additional cost per resource.References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Find recommendations that can improve your security posture
- Implement security recommendations in Microsoft Defender for Cloud
- Security recommendations - a reference guide
- Microsoft Defender for Cloud pricing
- Overview of Microsoft Defender for Storage
- Azure Command Line Interface (CLI) Documentation
- az security assessment
- az security assessment list
- az security assessment show
- az account get-access-token