Defender for Cloud based Standards

Tropo Bridge 0 Reputation points
2024-05-23T20:50:02.8933333+00:00

Recommendations under "Azure CSPM (Preview)" standard are all tagged with source as "Defender for Cloud".

  1. What's the difference between recommendation source "defender for cloud" and "policy"?
  2. How can I access standards such as "Azure CSPM (Preview)" whose recommendation source is "defender for cloud" through API? I am looking for an API that can allow me to programmatically 1) list all standards whose recommendation source is "defender for cloud", 2) check enablement status of such standards, 3) toggle enable/disable status for the standards
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,240 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,806 Reputation points Microsoft Employee
    2024-05-25T01:09:41.55+00:00

    Hi @Tropo Bridge ,

    Security standards in Defender for Cloud are based on Azure Policy initiatives or on the Defender for Cloud native platform. Currently, Azure standards are based on Azure Policy. AWS and GCP standards are based on Defender for Cloud, so likely those are what you are seeing. This difference is documented here.

    In addition, recommendation source "policy" comes from the security policies. If a recommendation's description says No related policy, usually it's because that recommendation is dependent on a different recommendation and its policy. If there's an applicable policy definition for the recommendation, you can validate this under Defender for Cloud > Recommendations.

    https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept#custom-recommendations

    https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/defender-for-cloud/recommendations-reference.md

    I am not aware of any API option available to list the recommendations whose source is Defender for Cloud. If you provide more context about your use case I am happy to surface this up with the engineering team though. There is more information about CSPM and the standards here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.

    0 comments No comments