This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 96%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
We have the following code that enables Microsoft Defender for Cloud for an Azure subscription using the Azure.ResourceManager C# SDK. However, when we view the settings for Defender in the Azure portal, a couple of items aren't turned on that we would like to be.
Under the Defender plan for "Servers", only "Endpoint protection" is turned on. We'd like to also turn on "Vulnerability assessment for machines" and "Agentless scanning for machines". And under the plan for "Databases", we want to turn on "Azure Monitoring Agent for SQL server on machines".
using Azure;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
public async Task<FrameworkData.Response<CloudResourceStatus?>> VerifySubscription(Request<Subscription> request)
{
return await patterns.Try<CloudResourceStatus?>(request, async response =>
{
try
{
var subscriptionId = request.Value.Id.GetValueOrDefault();
var subscriptionResource = await FetchSubscriptionResource(subscriptionId);
// Ensure Microsoft Defender for Cloud is enabled for the services we use
var standardTier = new SecurityCenterPricingTier("Standard");
var services = new List<String>
{
"AppServices",
"KeyVaults",
"SqlServers",
"SqlServerVirtualMachines",
"StorageAccounts",
"VirtualMachines",
};
foreach (var service in services)
{
var securityPricing = await subscriptionResource.GetSecurityCenterPricingAsync(service);
var data = securityPricing.Value.Data;
if (data.PricingTier is null || !data.PricingTier.Equals(standardTier))
{
data.PricingTier = standardTier;
await securityPricing.Value.UpdateAsync(WaitUntil.Completed, data);
}
}
return new() { State = CloudResourceStatus.States.Verified };
}
catch (Exception ex)
{
return new()
{
State = CloudResourceStatus.States.Error,
Message = $"Unexpected exception. {ex.Message}",
};
}
});
}
Thank you for posting your query on Microsoft Q&A, I am currently researching on this and will get back to you with further inputs.
Thanks,
Akshay Kaushik
I am not familiar with using the SDK, but the recommended method is to use Azure policy. If you prefer to use the SDK, maybe look at the related policies as a reference. That may help to reveal additional options.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-policy-enablement