Microsoft Defender for Cloud (previously Security Center) best practices

Best practice rules for Defender

Trend Micro Cloud One™ – Conformity monitors Defender with the following rules:

• Configure Additional Email Addresses for Azure Security Center Notifications

  Ensure that additional email addresses are provided to receive security notifications.

• Detect Create, Update or Delete Security Solution Events

  Security solution changes have been detected within your Microsoft Azure cloud account.

• Detect Update Security Policy Event

  Azure security policy changes have been detected within your Microsoft Azure cloud account.

• Email Notification for Alerts

  Ensure that Email Notification for Alerts is set to On.

• Email To Subscription Owners

  Ensure that Send email also to subscription owners is set to On.

• Enable All Parameters for Microsoft Defender for Cloud Default Policy

  Ensure that all the parameters supported by Microsoft Defender for Cloud default policy are enabled.

• Enable Automatic Provisioning of Microsoft Defender for Containers Components

  Ensure that automatic provisioning of security components is enabled for Azure containers.

• Enable Automatic Provisioning of Vulnerability Assessment for Virtual Machines

  Ensure that automatic provisioning of vulnerability assessment solutions is enabled for virtual machines.

• Enable Automatic Provisioning of the Monitoring Agent

  Ensure that "Automatic provisioning of monitoring agent" feature is enabled to enhance security at the virtual machine (VM) level.

• Enable DDoS Protection Standard Monitoring for Public Virtual Networks

  Ensure that monitoring of DDoS protection at the Azure virtual network level is enabled.

• Enable Defender for Endpoint Integration with Microsoft Defender for Cloud

  Ensure that Defender for Endpoint – Defender for Cloud integration is enabled.

• Enable High Severity Email Notifications

  Ensure that Email Notification for Alerts is set to On.

• Enable Microsoft Defender Standard Pricing Tier

  Ensure that Microsoft Defender for Cloud standard pricing tier is enabled in your Azure account.

• Enable Microsoft Defender for Cloud Apps Integration

  Ensure that Microsoft Defender for Cloud Apps integration is enabled.

• Enable Microsoft Defender for Cloud for App Service Instances

  Ensure that Microsoft Defender for Cloud is enabled for Azure App Service instances.

• Enable Microsoft Defender for Cloud for Azure Containers

  Ensure that Microsoft Defender for Cloud is enabled for Azure containers.

• Enable Microsoft Defender for Cloud for Azure SQL Database Servers

  Ensure that Microsoft Defender for Cloud is enabled for SQL database servers.

• Enable Microsoft Defender for Cloud for Key Vaults

  Ensure that Microsoft Defender for Cloud is enabled for Azure key vault resources.

• Enable Microsoft Defender for Cloud for SQL Server Virtual Machines

  Ensure that Microsoft Defender for Cloud is enabled for SQL Server virtual machines.

• Enable Microsoft Defender for Cloud for Storage Accounts

  Ensure that Microsoft Defender for Cloud is enabled for Azure storage accounts.

• Enable Microsoft Defender for Cloud for Virtual Machines

  Ensure that Microsoft Defender for Cloud is enabled for virtual machine (VM) servers.

• Enable Monitoring of Deprecated Accounts

  Ensure that the monitoring of deprecated accounts is enabled.

• Enable Virtual Machine IP Forwarding Monitoring

  Ensure that IP forwarding enabled on your Azure virtual machines (VMs) is being monitored.

• Microsoft Defender for Cloud Recommendations

  Ensure that Microsoft Defender for Cloud recommendations are examined and resolved.

• Microsoft Defender for Cloud Security Alerts

  Ensure that Microsoft Defender for Cloud security alerts are examined and resolved.

• Monitor Adaptive Application Safelisting

  Ensure that Adaptive Application controls isn't set to Disabled.

• Monitor Disk Encryption

  Ensure that Disk Encryption isn't set to Disabled.

• Monitor Endpoint Protection

  Ensure that Endpoint protection isn't set to Disabled.

• Monitor External Accounts with Write Permissions

  Ensure that the external accounts with write permissions are monitored using Azure Security Center.

• Monitor JIT Network Access

  Ensure that JIT Network Access isn't set to Disabled.

• Monitor Network Security Groups

  Ensure that Network Security Groups isn't set to Disabled.

• Monitor OS Vulnerabilities

  Ensure that Security Configurations isn't set to Disabled

• Monitor SQL Auditing

  Ensure that SQL Auditing isn't set to Disabled

• Monitor SQL Encryption

  Ensure that SQL Encryption isn't set to Disabled.

• Monitor Storage Blob Encryption

  Ensure that Storage Encryption isn't set to Disabled.

• Monitor System Updates

  Ensure that System updates isn't set to Disabled.

• Monitor Vulnerability Assessment

  Ensure that Vulnerability Assessment isn't set to Disabled.

• Monitor Web Application Firewall

  Ensure that Web Application Firewall isn't set to Disabled.

• Monitor the Total Number of Subscription Owners

  Ensure that the total number of subscription owners within your Azure account is monitored.

• Next Generation Firewall(NGFW) Monitoring

  Ensure that Next generation firewall isn't set to Disabled.

• Security Contact Emails

  Ensure that a valid security contact email address is set.

• Security Contact Phone Number

  Ensure that a valid security contact phone number is set.