Azure Defender – How to Secure Storage Account

Security should be a very first concern for any organization, and when it comes to the cloud, it becomes foremost to get protected with the best industry’s practices.

Here, we would see an Azure Defender definition, how to enable it for blob storage, and an Azure subscription.

What is Azure Defender

Azure Defender adds a security protection layer and provides uniform security management for various Azure resources. It is capable of protecting non-Azure servers including virtual machines in AWS and GCP. it provides threat protection alerts.

When Azure Defender becomes aware of a threat in any area of your environment, it triggers a security alert. These alerts have details of the affected resources and some remediation steps.

Azure Defender is available App Service, Azure SQL, Container Registries, Key Vault, Kubernetes, Storage, Resource Manager, and Virtual Machines.

Enable Azure Defender

Azure Defender for a storage account identifies strange and possibly destructive attempts to access or exploit storage accounts. This layer of protection allows to addressing risk without being a security specialist.

Security alerts are triggered when any harmful risk is identified and an email will be triggered to subscription administrators, with more details about incidents and solution approaches to resolve these threats.

Azure Defender for storage is available for Blob Storage (general availability), Azure Files (general availability), and Azure Data Lake Storage Gen2 (general availability).

So, you can to create a general-purpose V2 storage account <ttsrorageaz> (or of your choice) and add a container <container1>. (Steps to create these resources are not covered).

Azure Defender can be enabled by, going to the storage account, (Left Blade) Settings > Security > Enable Azure Defender for Storage.

1. Enable Azure Defender

Azure also provides an option to enable or disable Azure Defender at the subscription level. Below steps to enable or disable Azure Defender at the subscription level.

  1. Search security center from the Azure global search box.
  2. Left blade, Pricing & settings under the Management Section.
  3. Select subscription to enable or disable Azure Defender plan for the subscription.
  4. Click on Enable All or some ON or some OFF and Save the settings.
2. Search Security Center
3. Azure Defender Plan

The below screenshot provides flexibility to turn ON or OFF Azure Defender for individual services mentioned in the screenshot.

4. Azure Defender Enable All

Output

To verify the outcome, search Security Center > Overview and Azure Defender section.

5. Azure Defender Coverage

Click on “Enhance your threat protection capabilities” to get the complete list of threats (The filter option on the top bar provides more choice to filter). These are sample alerts detected by Azure.

6. High Severity Alerts
7. Medium Severity Alerts

Based on the severity of the alerts, you can either create a suppression rule or dismiss it. If you want to reactivate the dismissed one, then you can also do that.

To summarize, Azure Defender is an integrated service in Security Center. Enabling Azure Defender is up to you which service you want to protect (screenshot 4). However, it involves some cost to avail extra protection.

So, we have seen how to enable Azure Defender for a storage account and an Azure subscription, and how alerts are categories in different severity.

If you have any suggestions/feedback, please put them in the comment box.

Happy Learning 🙂

Leave a Reply

Up ↑

%d bloggers like this: