cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more
SOLVED

Policy change alert on Defender for Cloud

Nakool
Copper Contributor

‎Mar 27 2022 09:43 PM

‎Mar 27 2022 09:43 PM

Policy change alert on Defender for Cloud

Does Defender for Cloud generate any alerts when a security policy is changed or disabled? What's the best way to monitor this?   

1,180 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Nakool (Copper Contributor)
Stanislav Belov

‎Mar 28 2022 12:18 PM

‎Mar 28 2022 12:18 PM

Solution

Re: Policy change alert on Defender for Cloud

Under normal circumstances it does not. If you have defender for ARM plan enabled, we can detect the following potentially malicious administrative/management activities: https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-resourcemanager Otherwise following the least privileged strategy along with proper RBAC and identity protection in place is the way to go. In addition, all management activities are stored in Azure Activity Logs and can be streamed to a SIEM or alike tools.
0 Likes
Reply