Thank you for your post!
I understand that you're going to be creating a Landing Zone for your IT team by deploying this through Terraform and have some questions regarding the Compute Security Baseline(s). To hopefully point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
- From my understanding, when it comes to the Compute Security Baselines this should be included in the Microsoft cloud security benchmark (MCSB) which is part of the Foundational CSPM (Free) Plan. Because of this, enabling the Azure Compute Security Baseline compliance auditing policy shouldn't make you liable for additional costs. However, when it comes to specific cost/billing related questions, I'd recommend reaching out to the Sales team directly via the Microsoft Defender for Cloud pricing page.
Microsoft cloud security benchmark in Defender for Cloud:
Additional Links:
Introduction to the Microsoft cloud security benchmark
- Linux security baseline
- Windows security baseline
- Mapping of Azure Security Benchmark v2 and CIS Microsoft Azure Foundations Benchmark
- Azure Policy pricing
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.