Skip to main content

More Info:

Enable Microsoft Defender for Cloud for Storage Accounts

Risk Level

High

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

  • Remediation

Remediation

Using Console

To enable Microsoft Defender for Cloud for Storage Accounts in AZURE, follow these steps:
  1. Log in to the AZURE portal (https://portal.azure.com/).
  2. In the left-hand menu, select “Security Center”.
  3. In the Security Center blade, select “Recommendations”.
  4. In the Recommendations blade, locate the recommendation for “Enable Microsoft Defender for Storage Accounts”.
  5. Click on the recommendation to open the details page.
  6. In the details page, click on the “Remediate” button.
  7. In the Remediate blade, review the recommended remediation steps.
  8. Click on the “Remediate” button to apply the recommended remediation steps.
  9. Wait for the remediation process to complete.
  10. Verify that the recommendation status has changed to “Compliant”.
Note: Enabling Microsoft Defender for Cloud for Storage Accounts may incur additional costs. Please review the pricing details before enabling this feature.

To remediate the misconfiguration “Enable Microsoft Defender for Cloud for Storage Accounts” for AZURE using AZURE CLI, please follow the below steps:Step 1: Open the Azure CLI command prompt or terminal.Step 2: Login to your Azure account using the below command:
az login
Step 3: After login, set the subscription where the storage account is located using the below command:
az account set --subscription <subscription_id>
Step 4: To enable Microsoft Defender for Cloud for Storage Accounts, use the below command:
az security atp storage enable --storage-account <storage_account_name> --resource-group <resource_group_name>
Note: Replace <storage_account_name> and <resource_group_name> with the actual names of your storage account and resource group respectively.Step 5: Verify the configuration by using the below command:
az security atp storage show --storage-account <storage_account_name> --resource-group <resource_group_name>
Note: Replace <storage_account_name> and <resource_group_name> with the actual names of your storage account and resource group respectively.Step 6: Once the configuration is verified, you have successfully remediated the misconfiguration “Enable Microsoft Defender for Cloud for Storage Accounts” for AZURE using AZURE CLI.I hope this helps!
To enable Microsoft Defender for Cloud for Storage Accounts in Azure using Python, you can follow these steps:
  1. Install the Azure SDK for Python using the following command:
pip install azure-mgmt-storage
  1. Import the necessary modules:
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
  1. Set up the credentials for authentication:
credential = DefaultAzureCredential()
subscription_id = '<your-subscription-id>'
  1. Create a StorageManagementClient object:
storage_client = StorageManagementClient(credential, subscription_id)
  1. Get the resource group and storage account names:
resource_group_name = '<your-resource-group-name>'
storage_account_name = '<your-storage-account-name>'
  1. Enable Microsoft Defender for Cloud for the storage account:
storage_client.operations.enable_microsoft_defender_for_storage_accounts(resource_group_name, storage_account_name)
  1. Verify that Microsoft Defender for Cloud has been enabled by checking the storage account properties:
storage_account = storage_client.storage_accounts.get_properties(resource_group_name, storage_account_name)
print(storage_account.identity.type)
Note: This code assumes that you have already set up the necessary Azure credentials and have the required permissions to enable Microsoft Defender for Cloud for the storage account.