Jan0920239 January 20239 January 20231Commentby Gregor Suttie

Enabling Defender for Cloud using Bicep

Posted in Uncategorized

In this blog post I show you how to enable Defender for Cloud using Bicep

Microsoft Azure Defender is a cloud-based security solution that helps protect Azure resources and workloads running in Azure, on-premises, or in other clouds.

As always I try to make use of the following GitHub repository https://github.com/Azure/ResourceModules/ this is where I go to make use of the hundreds of already written Bicep scripts which I can make use of very quickly.

I start by cloning the repository then lifting the files I need to make what ever I need to deploy work, in this case I want the following folder(s) https://github.com/Azure/ResourceModules/tree/84fe9dfd578a22079b03bbdee3554b9ac51c2dc2/modules/Microsoft.Security/azureSecurityCenter

I store the files in a modules folder.

// Defender for Cloud Details


// Defender for Cloud parameters

param defenderAutoProvision string = 'On'
param defenderAppServicesPricingTier string = 'Standard'
param defenderVirtualMachinesPricingTier string = 'Standard'
param defenderSqlServersPricingTier string = 'Standard'
param defenderStorageAccountsPricingTier string = 'Standard'
param defenderDnsPricingTier string ='Standard'
param defenderArmPricingTier string = 'Standard'

module enableDefenderForCloudOnSubscription 'modules/defenderForCloud.bicep' = {
  name: 'defenderForCloud'
  params: {
    scope: subscription().id
    workspaceId: createLogWorkspace.outputs.resourceID
    autoProvision: defenderAutoProvision
    virtualMachinesPricingTier: defenderVirtualMachinesPricingTier
    sqlServersPricingTier: defenderSqlServersPricingTier
    storageAccountsPricingTier: defenderStorageAccountsPricingTier
    appServicesPricingTier: defenderAppServicesPricingTier
    dnsPricingTier: defenderDnsPricingTier
    armPricingTier: defenderArmPricingTier
   }
  }

To run this I run a very small PowerShell script, that contains the following:-

$deploymentID = (New-Guid).Guid
$location = 'westeurope'

az deployment sub create --name $deploymentID
--location $location --template-file ./main-deployment-1.bicep
--parameters location=$location --confirm-with-what-if
--output none

And this will enable Defender for Cloud and you can change the parameters as you like.

If you have questions reach out to me here in the comments below or on twitter.

Don’t forget to subscribe to myYouTube Channel.