Set Microsoft Defender for DNS to the Standard tier

March 21, 2025 ยท View on GitHub

SYNOPSIS

Enable Microsoft Defender for DNS.

DESCRIPTION

Microsoft Defender for DNS provides additional protection for virtual networks and resources. It does this by monitoring Azure-provided DNS for suspicious and anomalous activity. By analyzing telemetry for DNS, Microsoft Defender for DNS can detect and alert on persistent threats such as:

  • Data exfiltration from your Azure resources using DNS tunneling.
  • Malware communicating with command and control servers.
  • DNS attacks - communication with malicious DNS resolvers.
  • Communication with domains used for malicious activities such as phishing and crypto mining.

Microsoft Defender for DNS can be enabled at the subscription level.

RECOMMENDATION

Consider using Microsoft Defender for DNS to provide additional protection to virtual network and resources.

EXAMPLES

Configure with Azure template

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "Dns",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'Dns'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

az security pricing create -n 'Dns' --tier 'standard'

Configure with Azure PowerShell

To enable Microsoft Defender for DNS:

  • Set the Standard pricing tier for Microsoft Defender for DNS.

For example:

Set-AzSecurityPricing -Name 'Dns' -PricingTier 'Standard'