This document is provided “as is.” MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
As announced at Ignite 2021, Azure Defender for DNS is available in Public Preview. This new Azure Defender plan provides threat detection for azure resources connected to the Azure DNS, the intent is to detect malicious communication from an Azure resource and malicious DNS servers trying to compromise with an Azure resource. To learn more about Azure Defender for DNS, read our official documentation. During the public preview time you can enable Azure Defender for DNS without any additional charge, just go to Price & settings, select the subscription, change the plan to ON (as shown below) and click Save to commit the change.
Now that you have this plan set to ON, you can use the steps below to validate this threat detection:
Provision a new VM and keep the default TCP/IP configuration (by default all VMs will connect to Azure DNS).
Connect to this machine using RDP.
Create a file on this machine called DNSAlertSim.ps1 and paste the content below in this file: