Set Microsoft Defender for Key Vault to the Standard tier

March 21, 2025 ยท View on GitHub

SYNOPSIS

Enable Microsoft Defender for Key Vault.

DESCRIPTION

Microsoft Defender for Key Vault provides additional protection for keys and secrets stored in Key Vaults. It does this by detecting unusual and potentially harmful attempts to access or exploit Key Vault accounts. This protection is provided by analyzing telemetry from Key Vault and Microsoft Defender for Cloud.

When anomalous activities occur, Defender for Key Vault shows alerts to relevant members of your organization. These alerts include the details of the suspicious activity and recommendations on how to investigate and remediate threats.

Microsoft Defender for Key Vault can be enabled at the subscription level for all Key Vaults in the subscription. Azure Policy can be used to automatically enable Microsoft Defender for Key Vault a subscription.

RECOMMENDATION

Consider using Microsoft Defender for Key Vault to provide additional protection to Key Vaults.

EXAMPLES

Configure with Azure template

To enable Microsoft Defender for Key Vault:

  • Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

{
  "type": "Microsoft.Security/pricings",
  "apiVersion": "2024-01-01",
  "name": "KeyVaults",
  "properties": {
    "pricingTier": "Standard"
  }
}

Configure with Bicep

To enable Microsoft Defender for Key Vault:

  • Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

resource defenderForKeyVaults 'Microsoft.Security/pricings@2024-01-01' = {
  name: 'KeyVaults'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI

To enable Microsoft Defender for Key Vault:

  • Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

az security pricing create -n 'KeyVaults' --tier 'standard'

Configure with Azure PowerShell

To enable Microsoft Defender for Key Vault:

  • Set the Standard pricing tier for Microsoft Defender for Key Vault.

For example:

Set-AzSecurityPricing -Name 'KeyVaults' -PricingTier 'Standard'