Overview of Microsoft Defender for Resource Manager
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
The cloud management layer is a crucial service connected to all your cloud resources. Because of this, it is also a potential target for attackers. Consequently, we recommend security operations teams monitor the resource management layer closely.
Microsoft Defender for Resource Manager automatically monitors the resource management operations in your organization, whether they're performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. Defender for Cloud runs advanced security analytics to detect threats and alerts you about suspicious activity.
Availability
Aspect | Details |
---|---|
Release state: | General availability (GA) |
Pricing: | Microsoft Defender for Resource Manager is billed as shown on the pricing page |
Clouds: | Microsoft Azure operated by 21Vianet |
What are the benefits of Microsoft Defender for Resource Manager?
Microsoft Defender for Resource Manager protects against issues including:
- Suspicious resource management operations, such as operations from malicious IP addresses, disabling antimalware, and suspicious scripts running in VM extensions
- Use of exploitation toolkits like Microburst or PowerZure
- Lateral movement from the Azure management layer to the Azure resources data plane
A full list of the alerts provided by Microsoft Defender for Resource Manager is on the alerts reference page.
Next steps
In this article, you learned about Microsoft Defender for Resource Manager.
For related material, see the following article:
- Security alerts might be generated or received by Defender for Cloud from different security products. To export all of these alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in Exporting alerts to a SIEM solution.