last sync: 2024-Feb-21 20:03:25 UTC

[Deprecated]: Azure Defender for DNS should be enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Azure Defender for DNS should be enabled
Id bdc59948-5574-49b3-bb91-76b7c986428d
Version 1.1.0-deprecated
Details on versioning
Category Security Center
Microsoft Learn
Description This policy definition is no longer the recommended way to achieve its intent, because DNS bundle is being deprecated. Instead of continuing to use this policy, we recommend you assign this replacement policy with policy ID 4da35fc9-c9e7-4960-aec9-797fe7d9051d. Learn more about policy definition deprecation at
Mode All
Type BuiltIn
Preview False
Deprecated True
Reference Reference to 1 related Policy definition (taken from description)
Azure Defender for servers should be enabled (4da35fc9-c9e7-4960-aec9-797fe7d9051d)
Effect Default
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Security/pricings/pricingTier Microsoft.Security pricings properties.pricingTier false
Rule resource types IF (1)
The following 6 compliance controls are associated with this Policy definition '[Deprecated]: Azure Defender for DNS should be enabled' (bdc59948-5574-49b3-bb91-76b7c986428d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
C.04.3 - Timelines C.04.3 - Timelines 404 not found n/a n/a 29
C.04.6 - Timelines C.04.6 - Timelines 404 not found n/a n/a 29
C.04.7 - Evaluated C.04.7 - Evaluated 404 not found n/a n/a 48
CIS_Azure_2.0.0 2.1.11 CIS_Azure_2.0.0_2.1.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.11 2.1 Ensure That Microsoft Defender for DNS Is Set To 'On' Shared Enabling Microsoft Defender for DNS requires enabling Microsoft Defender for your subscription. Both will incur additional charges, with Defender for DNS being a small amount per million queries. Microsoft Defender for DNS scans all network traffic exiting from within a subscription. DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced. link 1
U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found n/a n/a 32
U.15.1 - Events logged U.15.1 - Events logged 404 not found n/a n/a 42
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-12 18:35:06 change Minor, new suffix: deprecated (1.0.0 > 1.1.0-deprecated)
2021-09-27 15:52:17 change Version remains equal, old suffix: preview (1.0.0-preview > 1.0.0)
2021-03-09 14:37:41 add bdc59948-5574-49b3-bb91-76b7c986428d
JSON compare
compare mode: version left: version right: