function – Enable Defender CSPM (Advanced) and CWPP via Azure Policy

I would like to deploy policy at the management group level to enable Micosoft Defender for Cloud. (I have owner role for all mgmt groups).

I found some these in-built policy definition:

  • Microsoft Defender CSPM should be enabled
  • Configure Microsoft Defender CSPM to be enabled
  • Configure Microsoft Defender CSPM plan

but they dont apply to my case as I would like to have a more granular options.
I would like to tweak a custom policy with the following:

For the CSPM plan:
Enable: Kubernetes, API Access, Registry Access, Sensitive Data Discovery, Permissions Management (CIEM) but DISABLE API Security Posture Management AND Serverless Protection

For the CWPP plans i would like to ENABLE: Virtual Machines (Servers), App Services, SQL Servers, Storage Accounts, Key Vaults but DISABLE Containers, AI Services and APIs.

Now. As I have a Management group with 15 management group inside, I could certanly go inside one by one and activate those plans for each subscription but I was hoping to automate this.

I thought about only enable these manually for 1 subscription and then export the settings into a policy but i did not succedeed.

Any tips?

Read more here: Source link