Control: 8.1.1.1 Ensure Microsoft Defender CSPM is set to 'On'
Description
Enable Microsoft Defender CSPM to continuously assess cloud resources for security misconfigurations, compliance risks, and exposure to threats.
Microsoft Defender CSPM provides detailed visibility into the security state of assets and workloads and offers hardening guidance to help improve security posture.
Remediation
Remediate from Azure Portal
- Go to
Microsoft Defender for Cloud. - Under
Management, clickEnvironment settings. - Click the name of a subscription.
- Select the
Defender plansblade. - Under
Cloud Security Posture Management (CSPM), in the row forDefender CSPM, set the toggle switch forStatustoOn. - Click
Save.
Remediate from Azure CLI
Run the following command to enable Defender CSPM:
az security pricing create --name CloudPosture --tier Standard --extensions name=ApiPosture isEnabled=true
Remediate from PowerShell
Run the following command to enable Defender CSPM:
Set-AzSecurityPricing -Name CloudPosture -PricingTier Standard -Extension '[{"name":"ApiPosture","isEnabled":"True"}]'
Default Value
Defender CSPM is disabled by default.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v500_8_1_1_1Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v500_8_1_1_1 --shareSQL
This control uses a named query:
select p.id as resource, case when p.pricing_tier = 'Standard' then 'ok' else 'alarm' end as status, case when p.pricing_tier = 'Standard' then 'Microsoft Defender for CloudPosture is enabled with ' || p.pricing_tier || ' tier.' when p.name = 'CloudPosture' then 'Microsoft Defender for CloudPosture is disabled, current tier: ' || p.pricing_tier || '.' else 'Microsoft Defender for CloudPosture pricing not found.' end as reason , sub.display_name as subscriptionfrom azure_security_center_subscription_pricing p right join azure_subscription sub on p.subscription_id = sub.subscription_idwhere p.name = 'CloudPosture';