Enable Microsoft Defender Standard Pricing Tier

Sign in to your TrendAI Vision One™ Cloud Risk Management account, access the Enable Microsoft Defender Standard Pricing Tier rule settings, and identify the Azure cloud resource types for which you want to enable the Standard Tier.

Sign in to the Microsoft Azure Portal.

Navigate to Microsoft Defender for Cloud blade at https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0.

In the left navigation panel, under Management, choose Environment settings.

Under Azure, click on the name (link) of the Azure subscription that you want to access.

In the left navigation panel, under Settings, choose Defender plans to access the Defender for Cloud pricing plans available for the selected Azure subscription.

On the Defender plans page, perform the following actions:

1. Under Cloud Security Posture Management (CSPM), find the Defender CSPM pricing plan, and check the plan status displayed in the Status column. If Cloud Posture is selected in the rule settings, identified at step no. 1, and the Defender CSPM pricing plan status is set to Off, Defender Cloud Security Posture Management (Defender CSPM) is disabled, therefore, the Standard Tier is not enabled for Defender CSPM in the selected Azure subscription.
2. Under Cloud Workload Protection (CWP), check the pricing plan status displayed in the Status column for each Azure resource type supported by Microsoft Defender for Cloud. If Status is set to Off for one or more Azure resource types selected in the rule settings, identified at step no. 1, the Standard Tier (Enhanced Security Plan) is not enabled for your Azure cloud resources, in the selected subscription.

Repeat steps no. 5 – 7 for each subscription created within your Microsoft Azure account.

Sign in to your TrendAI Vision One™ Cloud Risk Management account, access the Enable Microsoft Defender Standard Pricing Tier rule settings, and identify the Azure cloud resource types for which you want to enable the Standard Tier.

Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account:

az account list
  --query '[*].id'

The command output should return the requested subscription identifiers (IDs):

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output):

az account set
  --subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

Run security pricing list command (Windows/macOS/Linux) with custom output filters to describe the pricing tier for Defender Cloud Security Posture Management (Defender CSPM) and for each Azure resource type supported by Microsoft Defender for Cloud:

az security pricing list
  --query 'value[?(deprecated!=`true`)].{name:name,pricingTier:pricingTier}'

The command output should return the pricing tier for each Azure cloud resource type (including the Defender CSPM, i.e. "CloudPosture", pricing tier):

[
	{
		"name": "VirtualMachines",
		"pricingTier": "Free"
	},
	{
		"name": "SqlServers",
		"pricingTier": "Free"
	},
	{
		"name": "AppServices",
		"pricingTier": "Free"
	},
	{
		"name": "StorageAccounts",
		"pricingTier": "Free"
	},
	{
		"name": "SqlServerVirtualMachines",
		"pricingTier": "Free"
	},
	{
		"name": "KeyVaults",
		"pricingTier": "Free"
	},
	{
		"name": "Arm",
		"pricingTier": "Free"
	},
	{
		"name": "OpenSourceRelationalDatabases",
		"pricingTier": "Free"
	},
	{
		"name": "CosmosDbs",
		"pricingTier": "Free"
	},
	{
		"name": "Containers",
		"pricingTier": "Free"
	},
	{
		"name": "CloudPosture",
		"pricingTier": "Free"
	},
	{
		"name": "Api",
		"pricingTier": "Free"
	}
]

Check the "pricingTier" attribute value set for "CloudPosture" (i.e. Defender CSPM). If Cloud Posture is selected in the rule settings identified at step no. 1, and the "pricingTier" value is set to "Free", the Standard Tier is disabled for Defender CSPM in the selected Azure subscription. Check the "pricingTier" attribute value for each Azure resource type supported by Microsoft Defender for Cloud. If the "pricingTier" value is set to "Free" for one or more Azure resource types selected in the rule settings, identified at step no. 1, the Standard Tier (Enhanced Security Plan) is not enabled for your Azure cloud resources, in the selected subscription.

Repeat steps no. 4 - 6 for each subscription available in your Microsoft Azure cloud account.

Sign in to the Microsoft Azure Portal.

Navigate to Microsoft Defender for Cloud blade at https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/0.

In the left navigation panel, under Management, choose Environment settings.

Under Azure, click on the name (link) of the Azure subscription that you want to access.

In the left navigation panel, under Settings, choose Defender plans to access the Defender for Cloud pricing plans available for the selected Azure subscription.

On the Defender plans page, perform the following actions:

1. To enable the Standard Tier for Defender CSPM in the selected Azure subscription, identify the Defender CSPM pricing plan listed under Cloud Security Posture Management (CSPM), and choose On from the Status column.
2. To enable the Standard Tier for the Azure resource types supported by Microsoft Defender for Cloud, choose On from the Status column for each resource type selected in the rule settings. For APIs, select the appropriate entitlement limit, and choose Save to save the selection.
3. Choose Save from the page top menu to apply the changes.

Repeat steps no. 4 – 6 for each subscription available within your Microsoft Azure cloud account.

Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account:

az account list
  --query '[*].id'

The command output should return the requested subscription identifiers (IDs):

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to access as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output):

az account set
  --subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

To enable the Standard Tier for Defender CSPM in the selected Azure subscription, run security pricing create command (Windows/macOS/Linux) with the --name command parameter set to CloudPosture:

az security pricing create
  --name CloudPosture
  --tier standard

The command output should return the configuration information available for the Defender CSPM plan:

{
	"deprecated": null,
	"enablementTime": "2024-07-29T09:48:54.390561+00:00",
	"extensions": [
		{
			"additionalExtensionProperties": null,
			"isEnabled": "True",
			"name": "SensitiveDataDiscovery",
			"operationStatus": {
			"code": "Succeeded",
			"message": "Successfully enabled extension"
			}
		},
		{
			"additionalExtensionProperties": null,
			"isEnabled": "True",
			"name": "ContainerRegistriesVulnerabilityAssessments",
			"operationStatus": null
		},
		{
			"additionalExtensionProperties": null,
			"isEnabled": "True",
			"name": "AgentlessDiscoveryForKubernetes",
			"operationStatus": {
			"code": "Succeeded",
			"message": "Successfully enabled extension"
			}
		},
		{
			"additionalExtensionProperties": {
			"ExclusionTags": "[]"
			},
			"isEnabled": "True",
			"name": "AgentlessVmScanning",
			"operationStatus": {
			"code": "Succeeded",
			"message": "Successfully enabled extension"
			}
		},
		{
			"additionalExtensionProperties": null,
			"isEnabled": "False",
			"name": "EntraPermissionsManagement",
			"operationStatus": null
		}
	],
	"freeTrialRemainingTime": "25 days, 1:49:00",
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/providers/Microsoft.Security/pricings/CloudPosture",
	"name": "CloudPosture",
	"pricingTier": "Standard",
	"replacedBy": null,
	"subPlan": null,
	"type": "Microsoft.Security/pricings"
}

Run security pricing create command (Windows/macOS/Linux) to enable the Standard Tier for the Azure resource types supported by Microsoft Defender for Cloud, selected in the rule settings. Use the security pricing list command to describe the name of each resource type supported by Microsoft Defender for Cloud. The following command example enables Standard Tier for virtual machine (VM)servers in the selected subscription:

az security pricing create
  --name VirtualMachines
  --tier standard

The command output should return the configuration information available for modified plan:

{
	"deprecated": null,
	"enablementTime": "2024-07-29T10:01:46.708481+00:00",
	"extensions": [
		{
			"additionalExtensionProperties": null,
			"isEnabled": "False",
			"name": "MdeDesignatedSubscription",
			"operationStatus": null
		},
		{
			"additionalExtensionProperties": {
			"ExclusionTags": "[]"
			},
			"isEnabled": "True",
			"name": "AgentlessVmScanning",
			"operationStatus": {
			"code": "Succeeded",
			"message": "Successfully enabled extension"
			}
		},
		{
			"additionalExtensionProperties": null,
			"isEnabled": "False",
			"name": "FileIntegrityMonitoring",
			"operationStatus": null
		}
	],
	"freeTrialRemainingTime": "0:00:00",
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/providers/Microsoft.Security/pricings/VirtualMachines",
	"name": "VirtualMachines",
	"pricingTier": "Standard",
	"replacedBy": null,
	"subPlan": "P2",
	"type": "Microsoft.Security/pricings"
}

Repeat steps no. 3 - 7 for each subscription available in your Microsoft Azure cloud account.