Control: Azure > CIS v4.0 > 09 - Security Services > 09.01 - Microsoft Defender for Cloud > 09.01.08 - Defender Plan: Key Vault > 09.01.08.01 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'

Configures auditing against a CIS Benchmark item.

Level: 2

Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.

Enabling Microsoft Defender for Key Vault allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).

By default, Microsoft Defender plan is off.

Resource Types

This control targets the following resource types:

Azure > Security Center > Security Center

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-cisv4-0#/control/types/r09010801

Category URI

tmod:@turbot/cis#/control/categories/v070301

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv4-0#/control/types/r09010801") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv4-0#/control/types/r09010801'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r09010801"