AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

[Deprecated]: Azure Defender for DNS should be enabled

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Deprecated]: Azure Defender for DNS should be enabled

bdc59948-5574-49b3-bb91-76b7c986428d

Version

1.1.0-deprecated
Details on versioning

Category

Security Center
Microsoft Learn

Description

This policy definition is no longer the recommended way to achieve its intent, because DNS bundle is being deprecated. Instead of continuing to use this policy, we recommend you assign this replacement policy with policy ID 4da35fc9-c9e7-4960-aec9-797fe7d9051d. Learn more about policy definition deprecation at aka.ms/policydefdeprecation

Mode

All

Type

BuiltIn

Preview

False

Deprecated

True

Reference

Reference to 1 related Policy definition (taken from description)
Azure Defender for servers should be enabled (4da35fc9-c9e7-4960-aec9-797fe7d9051d)

Effect

Default
Disabled
Allowed
AuditIfNotExists, Disabled

RBAC role(s)

none

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Security/pricings/pricingTier	Microsoft.Security	pricings	properties.pricingTier	True		False

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 1 compliance controls are associated with this Policy definition '[Deprecated]: Azure Defender for DNS should be enabled' (bdc59948-5574-49b3-bb91-76b7c986428d)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
CIS_Azure_2.0.0	2.1.11	CIS_Azure_2.0.0_2.1.11	CIS Microsoft Azure Foundations Benchmark recommendation 2.1.11	2.1	Ensure That Microsoft Defender for DNS Is Set To 'On'	Shared	Enabling Microsoft Defender for DNS requires enabling Microsoft Defender for your subscription. Both will incur additional charges, with Defender for DNS being a small amount per million queries.	Microsoft Defender for DNS scans all network traffic exiting from within a subscription. DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.	link	1

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
CIS Microsoft Azure Foundations Benchmark v2.0.0	06f19060-9e68-4070-92ca-f15cc126059e	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-01-12 18:35:06	change	Minor, new suffix: deprecated (1.0.0 > 1.1.0-deprecated)
2021-09-27 15:52:17	change	Version remains equal, old suffix: preview (1.0.0-preview > 1.0.0)
2021-03-09 14:37:41	add	bdc59948-5574-49b3-bb91-76b7c986428d

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC