1. Open the Azure portal and navigate to the App Service instance for which you want to enable Microsoft Defender for Cloud.
2. Click on “Security” from the left-hand menu and then click on “Security Center” from the sub-menu.
3. In the Security Center, click on “Recommendations” from the left-hand menu.
4. Search for the recommendation “Enable Microsoft Defender for Cloud for App Service Instances” in the list of recommendations.
5. Click on the recommendation to view the details.
6. Click on the “Remediate” button to remediate the recommendation.
7. In the “Remediate” pane, select the subscription, resource group, and App Service instance for which you want to enable Microsoft Defender for Cloud.
8. Click on the “Remediate” button to enable Microsoft Defender for Cloud for the selected App Service instance.
9. Once the remediation is complete, the recommendation status will change to “Compliant”.

​

1. Open the Azure CLI command prompt.
2. Log in to your Azure account using the following command:
   Copy

   Ask AI

   az login
   

3. Select the subscription that contains the App Service Instance you want to enable Microsoft Defender for Cloud for using the following command:
   Copy

   Ask AI

   az account set --subscription <subscription_id>
   

4. Enable Microsoft Defender for Cloud for the App Service Instance using the following command:
   Copy

   Ask AI

   az webapp update --name <app_service_instance_name> --resource-group <resource_group_name> --set properties.siteAuthEnabled=true
   

   This command sets the siteAuthEnabled property of the App Service Instance to true, which enables Microsoft Defender for Cloud.
5. Verify that Microsoft Defender for Cloud is enabled for the App Service Instance using the following command:
   Copy

   Ask AI

   az webapp show --name <app_service_instance_name> --resource-group <resource_group_name> --query 'properties.siteAuthEnabled'
   

   This command returns the value true if Microsoft Defender for Cloud is enabled for the App Service Instance.

1. Import the necessary libraries:

from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
from azure.mgmt.web.models import SiteConfigResource

2. Authenticate using Azure credentials:

credential = DefaultAzureCredential()
subscription_id = 'your-subscription-id'
resource_group_name = 'your-resource-group-name'
webapp_name = 'your-webapp-name'

web_client = WebSiteManagementClient(credential, subscription_id)

3. Get the current site configuration:

site_config = web_client.web_apps.get_configuration(resource_group_name, webapp_name)

4. Enable Microsoft Defender for Cloud by setting the webSiteManagementEndpointEnabled property to True:

site_config.site_auth_enabled = True
site_config.windows_fx_version = "DOCKER|mcr.microsoft.com/azure-security/defender-appsvc:latest"
site_config.app_command_line = "java -jar /home/site/wwwroot/defender/defender.jar"
site_config.linux_fx_version = "DOCKER|mcr.microsoft.com/azure-security/defender-appsvc:latest"
site_config.webSiteManagementEndpointEnabled = True

5. Update the site configuration:

web_client.web_apps.update_configuration(resource_group_name, webapp_name, site_config)