DEV Community

Wilfried Woivré
Wilfried Woivré

Posted on • Originally published at woivre.com on

Improve your Microsoft Defender for Cloud with your custom rules

With Microsoft Defender for Cloud, previously known as Security Center, you can easily monitor your Azure subscriptions on a large scale. For continuous improvement, or even regulatory purposes, it is possible to directly affect initiatives as I mentioned in a previous post https://woivre.com/blog/2021/12/microsoft-defender-for-cloud-your-toolbox-for-azure-governanceHowever, you can go further via the “Regulatory compliance” tab in Microsoft Defender for Cloud.

But it is also possible to integrate your own controls with your own policies to fully customize your experience with this tool.

n order to begin, we will start by creating a new Azure Policy, such as this one:

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Storage/storageAccounts"
        },
        {
          "field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
          "equals": false
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {}
}

Enter fullscreen mode Exit fullscreen mode

We will of course think of giving it a name and a comment, but you have the choice for all the parameters, such as the following:

  • Policy Definition : Tenant Root Group
  • Name : AzSecure-Storage-OnlyHTTPS
  • Description : Enforce HTTPS Traffic only for Azure Storage
  • Category : AzSecure-Storage

Now we will not assign this policy directly, but we will create a new Initiative Definition with the following parameters:

  • Initiative Definition : Tenant Root Group
  • Name : AzSecure-Compliance
  • Description : Contains all Azure policies to secure your Azure account
  • Category : AzSecure
  • Version : 1.0

Then in the list of policies, we will now integrate the policy that we created earlier. You can also create groups to organize your different policies later.

We will then define our parameters for our Initiative, and our policies if we have any. This is not the case here.

Once we have created our policy, we will then assign it to our subscription. And here, it can be very useful to edit your different Non-Compliance messages for your policies to guide your users.

Now that your initiative is assigned to your subscription, you will be able to observe the behavior of the policies in a very classical way, i.e. to create non-compliant services, and to see the different elements in the different Policies blades available.

But it is also possible to go further thanks to Microsoft Defender for Cloud, in the Microsoft Defender settings section.

You have to go to Security Policy and then add your own initiative as below:

Now you have to be patient, and wait several hours to be able to your Regulatory compliance blade enriched by your own initiative as below:

Now for the bad news, you have to activate this feature in Microsoft Defender for cloud to be able to use it, and therefore pay for this feature. But security is priceless.

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay