Control: 2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On'
Description
Microsoft Defender for DNS scans all network traffic exiting from within a subscription.
DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud. - Select
Environment Settingsblade. - Click on the subscription name.
- Select the
Defender plansblade. - Select
OnunderStatusforDNS. - Select
Save.
From Azure CLI
Enable Standard pricing tier for DNS:
az security pricing create -n 'DNS' --tier 'Standard'
From Powershell
Enable Standard pricing tier for DNS:
Set-AzSecurityPricing -Name 'DNS' -PricingTier 'Standard'
Default Value
By default, Microsoft Defender for DNS is not enabled.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v200_2_1_11Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v200_2_1_11 --shareSQL
This control uses a named query:
select sub_pricing.id as resource, case when pricing_tier = 'Standard' then 'ok' else 'alarm' end as status, case when pricing_tier = 'Standard' then 'Azure Defender on for DNS.' else 'Azure Defender off for DNS.' end as reason , sub.display_name as subscriptionfrom azure_security_center_subscription_pricing sub_pricing right join azure_subscription sub on sub_pricing.subscription_id = sub.subscription_idwhere name = 'Dns';