Best practice rules for Defender
- Configure Additional Email Addresses for Azure Security Center Notifications
Ensure that additional email addresses are provided to receive security notifications.
- Detect Create, Update or Delete Security Solution Events
Security solution changes have been detected within your Microsoft Azure cloud account.
- Detect Update Security Policy Event
Azure security policy changes have been detected within your Microsoft Azure cloud account.
- Email Notification for Alerts
Ensure that Email Notification for Alerts is set to On.
- Email To Subscription Owners
Ensure that Send email also to subscription owners is set to On.
- Enable All Parameters for Microsoft Defender for Cloud Default Policy
Ensure that all the parameters supported by Microsoft Defender for Cloud default policy are enabled.
- Enable Automatic Provisioning of Microsoft Defender for Containers Components
Ensure that automatic provisioning of security components is enabled for Azure containers.
- Enable Automatic Provisioning of Vulnerability Assessment for Virtual Machines
Ensure that automatic provisioning of vulnerability assessment solutions is enabled for virtual machines.
- Enable Automatic Provisioning of the Monitoring Agent
Ensure that "Automatic provisioning of monitoring agent" feature is enabled to enhance security at the virtual machine (VM) level.
- Enable DDoS Protection Standard Monitoring for Public Virtual Networks
Ensure that monitoring of DDoS protection at the Azure virtual network level is enabled.
- Enable Defender Auto Provisioning Extensions
Enable the automatic provisioning of extensions for Microsoft Defender for Cloud in your Azure subscriptions.
- Enable Defender for APIs
Ensure that Defender for APIs is enabled for Azure API Management services.
- Enable Defender for Endpoint Integration with Microsoft Defender for Cloud
Ensure that Defender for Endpoint – Defender for Cloud integration is enabled.
- Enable High Severity Email Notifications
Ensure that Email Notification for Alerts is set to On.
- Enable Microsoft Defender Standard Pricing Tier
Ensure that Microsoft Defender for Cloud standard pricing tier is enabled in your Azure account.
- Enable Microsoft Defender for Cloud Apps Integration
Ensure that Microsoft Defender for Cloud Apps integration is enabled.
- Enable Microsoft Defender for Cloud for App Service Instances
Ensure that Microsoft Defender for Cloud is enabled for Azure App Service instances.
- Enable Microsoft Defender for Cloud for Azure Containers
Ensure that Microsoft Defender for Cloud is enabled for Azure containers.
- Enable Microsoft Defender for Cloud for Azure SQL Database Servers
Ensure that Microsoft Defender for Cloud is enabled for SQL database servers.
- Enable Microsoft Defender for Cloud for Key Vaults
Ensure that Microsoft Defender for Cloud is enabled for Azure key vault resources.
- Enable Microsoft Defender for Cloud for SQL Server Virtual Machines
Ensure that Microsoft Defender for Cloud is enabled for SQL Server virtual machines.
- Enable Microsoft Defender for Cloud for Storage Accounts
Ensure that Microsoft Defender for Cloud is enabled for Azure storage accounts.
- Enable Microsoft Defender for Cloud for Virtual Machines
Ensure that Microsoft Defender for Cloud is enabled for virtual machine (VM) servers.
- Enable Monitoring of Deprecated Accounts
Ensure that the monitoring of deprecated accounts is enabled.
- Enable Virtual Machine IP Forwarding Monitoring
Ensure that IP forwarding enabled on your Azure virtual machines (VMs) is being monitored.
- Enable Vulnerability Assessment Periodic Recurring Scans
Ensure that Vulnerability Assessment Periodic Recurring Scans are enabled for SQL database servers.
- Enable Vulnerability Assessment for Microsoft SQL Servers
Ensure that Vulnerability Assessment is enabled for Microsoft SQL database servers.
- Microsoft Defender for Cloud Recommendations
Ensure that Microsoft Defender for Cloud recommendations are examined and resolved.
- Microsoft Defender for Cloud Security Alerts
Ensure that Microsoft Defender for Cloud security alerts are examined and resolved.
- Monitor Adaptive Application Safelisting
Ensure that Adaptive Application controls isn't set to Disabled.
- Monitor Disk Encryption
Ensure that Disk Encryption isn't set to Disabled.
- Monitor Endpoint Protection
Ensure that Endpoint protection isn't set to Disabled.
- Monitor External Accounts with Write Permissions
Ensure that the external accounts with write permissions are monitored using Azure Security Center.
- Monitor JIT Network Access
Ensure that JIT Network Access isn't set to Disabled.
- Monitor Network Security Groups
Ensure that Network Security Groups isn't set to Disabled.
- Monitor OS Vulnerabilities
Ensure that Security Configurations isn't set to Disabled
- Monitor SQL Auditing
Ensure that SQL Auditing isn't set to Disabled
- Monitor SQL Encryption
Ensure that SQL Encryption isn't set to Disabled.
- Monitor Storage Blob Encryption
Ensure that Storage Encryption isn't set to Disabled.
- Monitor System Updates
Ensure that System updates isn't set to Disabled.
- Monitor Vulnerability Assessment
Ensure that Vulnerability Assessment isn't set to Disabled.
- Monitor Web Application Firewall
Ensure that Web Application Firewall isn't set to Disabled.
- Monitor the Total Number of Subscription Owners
Ensure that the total number of subscription owners within your Azure account is monitored.
- Next Generation Firewall(NGFW) Monitoring
Ensure that Next generation firewall isn't set to Disabled.
- Security Contact Emails
Ensure that a valid security contact email address is set.
- Security Contact Phone Number
Ensure that a valid security contact phone number is set.