function – Enable Defender CSPM (Advanced) and CWPP via Azure Policy
I would like to deploy policy at the management group level to enable Micosoft Defender for Cloud. (I have owner role for all mgmt groups).
I found some these in-built policy definition:
- Microsoft Defender CSPM should be enabled
- Configure Microsoft Defender CSPM to be enabled
- Configure Microsoft Defender CSPM plan
but they dont apply to my case as I would like to have a more granular options.
I would like to tweak a custom policy with the following:
For the CSPM plan:
Enable: Kubernetes, API Access, Registry Access, Sensitive Data Discovery, Permissions Management (CIEM) but DISABLE API Security Posture Management AND Serverless Protection
For the CWPP plans i would like to ENABLE: Virtual Machines (Servers), App Services, SQL Servers, Storage Accounts, Key Vaults but DISABLE Containers, AI Services and APIs.
Now. As I have a Management group with 15 management group inside, I could certanly go inside one by one and activate those plans for each subscription but I was hoping to automate this.
I thought about only enable these manually for 1 subscription and then export the settings into a policy but i did not succedeed.
Any tips?
Read more here: Source link
