Detections
Analytics
2.4.1 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.Rationale:
Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license.
Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.
Impact:
Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From Azure ConsoleFrom Azure Home select the Portal Menu
Select Microsoft Defender for Cloud
Select Security policy blade
Click On Edit Settings to alter the the security policy for a subscription
Select the Integrations blade
Check/Enable option Allow Microsoft Defender for Cloud Apps to access my data
Select Save
From Azure CLI
Use the below command to enable Standard pricing tier for Storage Accounts
az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/<subscription_ID>/providers/Microsoft.Security/settings/MCAS?api-version=2021-06-01 -d@'input.json''
Where input.json contains the Request body json data as mentioned below.
{
'id': '/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/settings/MCAS',
'kind': 'DataExportSetting',
'type': 'Microsoft.Security/settings',
'properties': {
'enabled': true
}
}
Default Value:
With Cloud App Security license, these alerts are enabled by default.
See Also
Item Details
Audit Name: CIS Microsoft Azure Foundations v1.5.0 L2
References: CSCv7|3.1
Plugin: microsoft_azure
Control ID: 5217cbcbb91087814ddcf49bb4d750cbc30069d17fd01cff1e9da233111ba42a