Enable Azure Defender for all resource types using Azure Policies
For security reasons I do have to enable Azure Defender in the ASC for all resource types. Since we do have a lot of different subscriptions within Azure and the number is increasing we do have to configure an Azure Policy to enforce that.
There already is an option to enable the Azure Defender for all resources, but I have not found anything useful in the documentation to enable this via an Azure Policy. 
I have two solutions in my mind which would match my requirements. The first would be, that we enable the Azure Defender for all resource types and the other would be that we enable only specific resource types (for me just the resource type for the open source relational databases is currently relevant).
I only found that initiative that deploys the Azure Defender to the database server, but it will not activate that option within my Azure Security Center. Are there any other documentations from Microsoft how to accomplishing that?
We have the same requirement. I created a custom policy with `deployIfNotExists' to activate ASC Standard tier as a prerequisite to activate needed Azure Defender components.
"if" : {
"allOf" : [
{
"field" : "type",
"equals" : "Microsoft.Resources/subscriptions"
}
]
},
"then" : {
"effect" : "deployIfNotExists",
"details" : {
"type" : "Microsoft.Security/pricings",
"deploymentScope" : "Subscription",
"existenceScope" : "Subscription",
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
],
"existenceCondition" : {
"field" : "Microsoft.Security/pricings/pricingTier",
"equals" : "Standard"
},
"deployment" : {
"location" : "westeurope",
"properties" : {
"mode" : "incremental",
"parameters" : {},
"template" : {
"$schema" : "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion" : "1.0.0.0",
"parameters" : {},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2017-08-01-preview",
"name" : "default",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "AppServices",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "ContainerRegistry",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "KeyVaults",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "KubernetesService",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "SqlServers",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "SqlServerVirtualMachines",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "StorageAccounts",
"properties" : {
"pricingTier" : "Standard"
}
},
{
"type" : "Microsoft.Security/pricings",
"apiVersion" : "2018-06-01",
"name" : "VirtualMachines",
"properties" : {
"pricingTier" : "Standard"
}
}
],
"outputs" : {}
}
}
}
}
}
But this doesn't work.
Reason for non-compliance Current value must be equal to the target value.
Field Microsoft.Security/pricings/pricingTier
Path properties.pricingTier
Current value "Free"
Target value "Standard"
We have opened a corresponding ticket with Micrsoft but still haven't received any effective help from their end. While opening the ticket, I received this article as a possible solution, hadn't found this before. Maybe it will help you.
- Assign Azure Policy's depending on the subscription tag
- Create Remediation Task is Greyed Out on Managed Identity ACA built-in policy
- Azure Container Apps Service to use Managed built-in policy definition
- Azure policy Inherith tags from resource groups
- Custom Policy for Synapse Analytics Private Endpoint Non-Compliant
- Determine Azure Resource Policy result / effect by querying Azure Graph for state of other resources
- Azure Policy to deploy Metrics centrally - how to recognise compliance?
- Programmatically triggering azure policy remediation
- Azure - prevent Subscription Owner from modifying specific Resource Group?
- Azure policy force routes to routetable
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- Azure Policy for Tag Tampering prevention
- Azure Policy does not restrict SQL capacity changes correctly
- How to audit for a minimum version of Python used in Azure app services?
- Azure Policy Not Reflecting Namespace Exclusions in Azure Kubernetes Cluster
- Unable to remove backslash from json response in azure APIM policy
- Azure Policy not working (check for lowercase APIM Url)
- Modifying Azure policy definition allOf and anyOff?
- Require multiple Tag names for Azure Resource Group
- Deploy Azure Initiative (set definition) with Azure PowerSHell
- I'm trying to get this Azure Policy to work but keep getting an error saying the properties does not exist
- Is it possible to create an Azure Policy Exemption at the same as as the resource being exempted?
- How to define and assign an Azure Policy on a Management Group Scope using Terraform?
- Azure Policy says, that resources managed by Microsoft are non-compliant
- Prevent rename of Azure Subscriptions without custom RBAC roles (possibly using Azure Policy)
- Azure Policy DeployIfNotExists - deploy a resource into a different subscription and resource group
- How do I get details for operation policies in Azure APIM
- Adding query parameter by checking Subscription key in APIM policy
- How to create custom Azure Policy for k8s deployments?
- Block launching Azure VMS & VMSS from Azure marketplace