Enable Microsoft Defender for Azure Cosmos DB

  • Article

Microsoft Defender for Azure Cosmos DB protection is available at both the Subscription level, and resource level. You can enable Microsoft Defender for Cloud on your subscription to protect all database types on your subscription including Microsoft Defender for Azure Cosmos DB (recommended). You can also choose to enable Microsoft Defender for Azure Cosmos DB at the Resource level to protect a specific Azure Cosmos DB account.

Prerequisites

Enable database protection at the subscription level

The subscription level enablement enables Microsoft Defender for Cloud protection for all database types in your subscription (recommended).

You can enable Microsoft Defender for Cloud protection on your subscription in order to protect all database types, for example, Azure Cosmos DB, Azure SQL Database, Azure SQL servers on machines, and OSS RDBs. You can also select specific resource types to protect when you configure your plan.

When you enable Microsoft Defender for Cloud's enhanced security features on your subscription, Microsoft Defender for Azure Cosmos DB is automatically enabled for all of your Azure Cosmos DB accounts.

To enable database protection at the subscription level:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Environment settings.

  3. Select the relevant subscription.

  4. Locate Databases and toggle the switch to On.

    Screenshot showing the available protections you can enable.

  5. Select Save.

To select specific resource types to protect when you configure your plan:

  1. Follow steps 1 - 4 above.

  2. Select Select types

    Screenshot showing where the option to select the type is located.

  3. Toggle the desired resource type switches to On.

    Screenshot showing the available resources you can enable.

  4. Select Confirm.

Enable Microsoft Defender for Azure Cosmos DB at the resource level

You can enable Microsoft Defender for Cloud on a specific Azure Cosmos DB account through the Azure portal, PowerShell, Azure CLI, ARM template, or Azure Policy.

To enable Microsoft Defender for Cloud for a specific Azure Cosmos DB account:

  1. Sign in to the Azure portal.

  2. Navigate to your Azure Cosmos DB account > Settings.

  3. Select Microsoft Defender for Cloud.

  4. Select Enable Microsoft Defender for Azure Cosmos DB.

    Screenshot of the option to enable Microsoft Defender for Azure Cosmos DB on your specified Azure Cosmos DB account.

Simulate security alerts from Microsoft Defender for Azure Cosmos DB

A full list of supported alerts is available in the reference table of all Defender for Cloud security alerts.

You can use sample Microsoft Defender for Azure Cosmos DB alerts to evaluate their value, and capabilities. Sample alerts will also validate any configurations you've made for your security alerts (such as SIEM integrations, workflow automation, and email notifications).

To create sample alerts from Microsoft Defender for Azure Cosmos DB:

  1. Sign in to the Azure portal as a Subscription Contributor user.

  2. Navigate to the security alerts page.

  3. Select Sample alerts.

  4. Select the subscription.

  5. Select the relevant Microsoft Defender plan(s).

  6. Select Create sample alerts.

    Screenshot showing the order needed to create an alert.

After a few minutes, the alerts will appear in the security alerts page. Alerts will also appear anywhere that you've configured to receive your Microsoft Defender for Cloud security alerts. For example, connected SIEMs, and email notifications.

Next steps

In this article, you learned how to enable Microsoft Defender for Azure Cosmos DB, and how to simulate security alerts.

Automate responses to Microsoft Defender for Cloud triggers.