How To Check Azure Defender Status on Azure Subscription With PowerShell

Nov 5, 2020 | Updated on Dec 4, 2020 Charbel Nemnom Microsoft Azure, Azure Security Center 0
3 min read

In this article, I will share with you how to check Azure Defender status (formerly known as the Standard Tier in Azure Security Center) on every Azure subscription with PowerShell.

Introduction

Azure Security Center gives you complete visibility and control over the security of hybrid cloud workloads, including compute, network, storage, identity, and application workloads. Azure Security Center (ASC) has two mains value proposition:

  1. Cloud Security Posture Management (CSPM) – Help you prevent misconfiguration to strengthen your security posture for all different types of cloud workloads and resources in Azure (IaaS, PaaS, and SaaS). CSPM in Security Center is available for free to all Azure users.
  2. Cloud Workload Protection Platform (CWPP) – Protect against threats for servers whether they are running in Azure, on-premises or different clouds such as Amazon AWS or Google GCP, in addition to cloud-native workloads such as Web Apps, Kubernetes, Key Vaults, as well as for SQL databases (PaaS/VM) and storage accounts. CWPP is part of the Azure Defender plan (formerly known as the Standard Tier).

Azure Defender is an evolution of the threat-protection technologies in Azure Security Center, protecting Azure and hybrid environments. When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment:

From the Pricing and settings area, you can also enable or disable one of the Azure Defender plans as shown in the figure below.

How To Check Azure Defender Status on Azure Subscription With PowerShell 1

What if you have many subscriptions and you want to know which Azure Defender plan is enabled on which subscription?

In this quick article, I will share with you how to query Azure Defender on every Azure subscription and get its status with PowerShell.

Prerequisites

To follow this article, you need to have the following:

  1. Azure subscription – If you don’t have an Azure subscription, you can create a free one here.
  2. Azure Security Center Free or Azure Defender enabled.
  3. Azure PowerShell installed locally on your machine or using Azure Cloud Shell.
  4. The Azure Resource Graph module for PowerShell. Please note that this module can be used with locally installed PowerShell, with Azure Cloud Shell, or with the PowerShell Docker image.

Install the module

In this example, I am using the Azure Cloud Shell. Open the Cloud Shell and run the following commands to install the Azure Resource Graph module from PowerShell Gallery.

# Install the Resource Graph module from PowerShell Gallery
Install-Module -Name Az.ResourceGraph
# Get a list of commands for the imported Az.ResourceGraph module
Get-Command -Module 'Az.ResourceGraph' -CommandType 'Cmdlet'

At the time of this writing, I am running the latest Resource Graph PowerShell version (0.7.7).

How To Check Azure Defender Status on Azure Subscription With PowerShell 2

Get Azure Defender status

Assuming you have all the prerequisites in place, open the Azure Cloud Shell (https://shell.azure.com/) and run the following command:

# Query Azure Defender Status and sort by tier
Search-AZGraph -Query "securityresources | where type == `"microsoft.security/pricings`" | extend tier = properties.pricingTier | project name, tier, subscriptionId" | Sort-object tier

In my example, the output looks like this. You can see the name of each Azure Defender plan if it’s enabled (Standard), or not (Free). The Standard tier is still referred to the old naming, I believe that Microsoft will change it to Azure Defender in the future (the subscription Id has been intentionally obscured in this example).

How To Check Azure Defender Status on Azure Subscription With PowerShell 3

That’s it there you have it!

Summary

In this article, I showed you how to query Azure Defender status on every Azure subscription with PowerShell and Azure Resource Graph.

Additional resources I highly encourage you to check:

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

About Charbel Nemnom 579 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.
Website Facebook Instagram Twitter YouTube LinkedIn

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.