Control: Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'

Configures auditing against a CIS Benchmark item.

Level: 2

Microsoft Defender for DNS scans all network traffic exiting from within a subscription.

DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.

Resource Types

This control targets the following resource types:

Azure > Security Center > Security Center

Primary Policies

The following policies can be used to configure this control:

2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-cisv2-0#/control/types/r020111

Category URI

tmod:@turbot/cis#/control/categories/v070301

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv2-0#/control/types/r020111") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv2-0#/control/types/r020111'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/r020111"