2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected

Information

This setting enables Microsoft Cloud App Security (MCAS) integration with Security Center.

Rationale:

Security Center offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Security Center detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Cloud App Security. To benefit from these analytics, subscription must have a Cloud App Security license.

MCAS works only with Standard Tier subscriptions.

Impact:

MCAS works with Standard pricing tier Subscription.Choosing the Standard pricing tier of Azure Security Center incurs an additional cost per resource.

Solution

From Azure Console

Go to Azure Security Center

Select Security policy blade

Click On Edit Settings to alter the the security policy for a subscription

Select the Threat Detection blade

Check/Enable option Allow Microsoft Cloud App Security to access my data

Select Save

Using Azure Command Line Interface 2.0
Use the below command to enable Standard pricing tier for Storage Accounts

az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/settings/MCAS?api-version=2019-01-01 [email protected]'input.json''

Where input.json contains the Request body json data as mentioned below.

{
'id': '/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/settings/MCAS',
'kind': 'DataExportSetting',
'type': 'Microsoft.Security/settings',
'properties': {
'enabled': true
}
}

Default Value:

With Cloud App Security license, these alerts are enabled by default.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8

Plugin: microsoft_azure

Control ID: c722c58f76c75f11e2a27a4f6742a4c8b97848c553de8821e53bdea1d9ae134f