Azure Introduction
Azure Pricing
Azure Threats
Enable Microsoft Defender for Cloud for App Service Instances
More Info:
Ensure that Microsoft Defender for Cloud is enabled for Azure App Service instances.
Risk Level
High
Address
Security, Operational Maturity
Compliance Standards
CISAZURE, CBP, HITRUST
Triage and Remediation
Remediation
To remediate the misconfiguration “Enable Microsoft Defender for Cloud for App Service Instances” in Azure using the Azure console, please follow these steps:
-
Open the Azure portal and navigate to the App Service instance for which you want to enable Microsoft Defender for Cloud.
-
Click on “Security” from the left-hand menu and then click on “Security Center” from the sub-menu.
-
In the Security Center, click on “Recommendations” from the left-hand menu.
-
Search for the recommendation “Enable Microsoft Defender for Cloud for App Service Instances” in the list of recommendations.
-
Click on the recommendation to view the details.
-
Click on the “Remediate” button to remediate the recommendation.
-
In the “Remediate” pane, select the subscription, resource group, and App Service instance for which you want to enable Microsoft Defender for Cloud.
-
Click on the “Remediate” button to enable Microsoft Defender for Cloud for the selected App Service instance.
-
Once the remediation is complete, the recommendation status will change to “Compliant”.
By following these steps, you can successfully remediate the misconfiguration “Enable Microsoft Defender for Cloud for App Service Instances” in Azure using the Azure console.
To enable Microsoft Defender for Cloud for App Service Instances in Azure using Azure CLI, you can follow these steps:
-
Open the Azure CLI command prompt.
-
Log in to your Azure account using the following command:
az login
-
Select the subscription that contains the App Service Instance you want to enable Microsoft Defender for Cloud for using the following command:
az account set --subscription <subscription_id>
-
Enable Microsoft Defender for Cloud for the App Service Instance using the following command:
az webapp update --name <app_service_instance_name> --resource-group <resource_group_name> --set properties.siteAuthEnabled=true
This command sets the
siteAuthEnabled
property of the App Service Instance totrue
, which enables Microsoft Defender for Cloud. -
Verify that Microsoft Defender for Cloud is enabled for the App Service Instance using the following command:
az webapp show --name <app_service_instance_name> --resource-group <resource_group_name> --query 'properties.siteAuthEnabled'
This command returns the value
true
if Microsoft Defender for Cloud is enabled for the App Service Instance.
That’s it! You have successfully enabled Microsoft Defender for Cloud for the App Service Instance in Azure using Azure CLI.
To enable Microsoft Defender for Cloud for App Service Instances in Azure using Python, follow these steps:
- Import the necessary libraries:
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
from azure.mgmt.web.models import SiteConfigResource
- Authenticate using Azure credentials:
credential = DefaultAzureCredential()
subscription_id = 'your-subscription-id'
resource_group_name = 'your-resource-group-name'
webapp_name = 'your-webapp-name'
web_client = WebSiteManagementClient(credential, subscription_id)
- Get the current site configuration:
site_config = web_client.web_apps.get_configuration(resource_group_name, webapp_name)
- Enable Microsoft Defender for Cloud by setting the
webSiteManagementEndpointEnabled
property toTrue
:
site_config.site_auth_enabled = True
site_config.windows_fx_version = "DOCKER|mcr.microsoft.com/azure-security/defender-appsvc:latest"
site_config.app_command_line = "java -jar /home/site/wwwroot/defender/defender.jar"
site_config.linux_fx_version = "DOCKER|mcr.microsoft.com/azure-security/defender-appsvc:latest"
site_config.webSiteManagementEndpointEnabled = True
- Update the site configuration:
web_client.web_apps.update_configuration(resource_group_name, webapp_name, site_config)
After executing these steps, Microsoft Defender for Cloud will be enabled for the App Service Instance in Azure.