Ensure that Azure Defender is set to On for App Services.

azure_defender_on_app_services

Severity

low

Vendor

Azure

Resource

Azure Defender

Description

Azure Security Center Defender should be enabled on App Services.

Microsoft Defender is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources.

While some Basic security features are enabled for free on all your Azure subscriptions, some other enhanced security features require a subscription.

See Microsoft Defender for Cloud’s basic and enhanced security features to know more about paid security features.

This detector checks that Microsoft.Security/pricings related with App Services are not set to the Free tier.

Examples

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2018-06-01",
    "name": "AppServices",
    "properties": {
      "pricingTier": "Free"
    }
  }]
}

Terraform

resource "azurerm_security_center_subscription_pricing" "free_appservices" {
  tier          = "Free" (1)
  resource_type = "AppServices"
}

1	Free tier for Defender on AppServices

Mitigation / Fix

Buildtime

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2018-06-01",
    "name": "AppServices",
    "properties": {
      "pricingTier": "Standard"
    }
  }]
}

Terraform

resource "azurerm_security_center_subscription_pricing" "standard_appservices" {
  tier          = "Standard" (1)
  resource_type = "AppServices"
}

1	Fixed, paid extra features are required