Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v3.0 > 03 - Security > 03.01 - Microsoft Defender for Cloud

This subsection provides guidance on the use of Microsoft Defender for Cloud and associated product plans. This guidance is intended to ensure that - at a minimum - the protective measures offered by these plans are being considered. Organizations may find that they have existing products or services that provide the same utility as some Microsoft Defender for Cloud products. Security and Administrative personnel need to make the determination on their organization's behalf regarding which - if any - of these recommendations are relevant to their organization's needs. In consideration of the above, and because of the potential for increased cost and complexity, please be aware that all Microsoft Defender for Cloud and associated plan recommendations are profiled as "Level 2" recommendations.

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v3.0 > 03 - Security

Related Policies

  • 03.01.10 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • 03.01.11 - Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled'
  • 03.01.12 - Ensure That 'All users with the following roles' is set to 'Owner'
  • 03.01.13 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • 03.01.14 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • 03.01.15 - Ensure that Microsoft Defender External Attack Surface Monitoring (EASM) is enabled
  • 03.01.16 - [LEGACY] Ensure That Microsoft Defender for DNS Is Set To 'On'
  • 03.01.01 - Microsoft Cloud Security Posture Management (CSPM)
  • 03.01.02 - Defender Plan APIs
  • 03.01.03 - Defender Plan Servers
  • 03.01.04 - Defender Plan Containers
  • 03.01.05 - Defender Plan - Storage
  • 03.01.06 - Defender Plan App - Service
  • 03.01.07 - Defender Plan - Databases
  • 03.01.08 - Defender Plan - Key Vault
  • 03.01.09 - Defender Plan - Resource Manager

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/azure-cisv3-0#/policy/types/s0301
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv3-0#/policy/types/s0301") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/s0301'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/s0301'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/s0301"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/s0301"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM