Set Microsoft Defender for DNS to the Standard tier
March 21, 2025 ยท View on GitHub
SYNOPSIS
Enable Microsoft Defender for DNS.
DESCRIPTION
Microsoft Defender for DNS provides additional protection for virtual networks and resources. It does this by monitoring Azure-provided DNS for suspicious and anomalous activity. By analyzing telemetry for DNS, Microsoft Defender for DNS can detect and alert on persistent threats such as:
- Data exfiltration from your Azure resources using DNS tunneling.
- Malware communicating with command and control servers.
- DNS attacks - communication with malicious DNS resolvers.
- Communication with domains used for malicious activities such as phishing and crypto mining.
Microsoft Defender for DNS can be enabled at the subscription level.
RECOMMENDATION
Consider using Microsoft Defender for DNS to provide additional protection to virtual network and resources.
EXAMPLES
Configure with Azure template
To enable Microsoft Defender for DNS:
- Set the
Standardpricing tier for Microsoft Defender for DNS.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2022-03-01",
"name": "Dns",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep
To enable Microsoft Defender for DNS:
- Set the
Standardpricing tier for Microsoft Defender for DNS.
For example:
resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Dns'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure CLI
To enable Microsoft Defender for DNS:
- Set the
Standardpricing tier for Microsoft Defender for DNS.
For example:
az security pricing create -n 'Dns' --tier 'standard'
Configure with Azure PowerShell
To enable Microsoft Defender for DNS:
- Set the
Standardpricing tier for Microsoft Defender for DNS.
For example:
Set-AzSecurityPricing -Name 'Dns' -PricingTier 'Standard'
LINKS
- SE:10 Monitoring and threat detection
- What is Microsoft Defender for Cloud?
- Overview of Microsoft Defender for DNS
- Quickstart: Enable enhanced security features
- Azure security baseline for Azure DNS
- LT-1: Enable threat detection capabilities
- Azure Policy built-in policy definitions
- Azure deployment reference