2.1.9 Ensure That Microsoft Defender for Cosmos DB Is Set To 'On'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Microsoft Defender for Cosmos DB scans all incoming network requests for changes to your virtual machine.

Rationale:

In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.

Impact:

Enabling Microsoft Defender for Cosmos requires enabling Microsoft Defender for your subscription. Both will incur additional charges.

Solution

From Azure Portal

Go to Microsoft Defender for Cloud

Select Environment Settings blade

Click on the subscription name

Select the Defender plans blade

On the Database row click on Select types >

In the list of databases determine set the Cosmos DB radio button is to On.

From Azure CLI
Run the following command:

az security pricing create -n 'CosmosDbs' --tier 'standard'

From Azure Powershell
Use the below command to enable Standard pricing tier for Cosmos DB

Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard

Default Value:

By default, Microsoft Defender for Cosmos DB is not enabled.

See Also

https://workbench.cisecurity.org/files/4052