How to select Azure Defender plan by resource type in Azure Security Center
Hi everyone, and happy new year. In the first post of the year, I want to show you how to change the Azure Defender plans for your subscription in Azure Security Center using PowerShell and Azure CLI. Prerequisites
- This tutorial assumes that you already have a Microsoft Azure account configured.
- The Az. Security module must be installed.
Azure PowerShell Workaround #
If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.
Connect-AzAccount
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:
Get-AzSubscription
Set-AzContext -Subscription "<subscription ID>"
Once you set your default subscription, you’re ready to start.
Register the resource provider #
To register a resources provider in your Azure subscription, you should use the Register-AzResourceProvider cmdlet with the following syntax.
Register-AzResourceProvider -ProviderNamespace 'Microsoft.Security'
Get the Azure Defender plans by resource type #
First, using the Get-AzSecurityPricing cmdlet with the following syntax, you get the list of resource types and Azure defense plan for each of them.
Get-AzSecurityPricing `
| Select-Object Name, PricingTier
Update the Azure defender plan #
To upgrade from the “Free” tier plan to “Standard” for a specific resource type, use the Set-AzSecurityPricing cmdlet with the following syntax.
Set-AzSecurityPricing `
-Name "KeyVaults" `
-PricingTier "Standard"
If you want to upgrade to the “Standard” tier, all the resource types in your subscription can use the following commands.
$Resources = Get-AzSecurityPricing | Select-Object Name
foreach ($resource in $Resources)
{
Set-AzSecurityPricing -Name $resource.name -PricingTier "Standard"
}
To reset a resource type to the “Free” plan, you should use the Set-AzSecurityPricing cmdlet with the following syntax.
Set-AzSecurityPricing `
-Name "KeyVaults" `
-PricingTier "Free"
Azure CLI Workaround #
In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link. Important: First, you need to set a subscription to use in the current session.
az account list
az account set --subscription "Subscription Name"
Register the resource provider #
To register a resources provider in your Azure subscription, you should use the following command.
az provider register --namespace 'Microsoft.Security'
Get the Azure Defender plans by resource type #
First, you get the list of resource types and Azure defense plan for each of them using the following command.
az security pricing list \
--query "value[].{Name:name, Plan:pricingTier}" \
-o table
Update the Azure defender plan #
Once you know the list of the types of resources and their associated plan, you can upgrade the plan from “Free” to “Standard” Tier for each of them, using the following command.
az security pricing create \
--name keyvaults \
--tier "Standard"
To reset a resource type to the “Free” plan, you should use the following command.
az security pricing create \
--name keyvaults \
--tier "Free"
Thanks for reading my post. I hope you find it useful. If you want to know more about Security Center, check out this link: https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction