We are excited to share that Microsoft Defender for Key Vault has been generally available since Microsoft Ignite on September 22nd, 2020! We have prepared this blog to go over the following topics:
Microsoft Key Vault is a cloud service for securely storing and accessing secure data like secrets, keys, certificates, and passwords. By compromising this data, attackers may be able to gain unauthorized access or perform lateral movement to breach other resources in the customers' environment.
Microsoft Defender for Key Vault is an Azure-native threat protection service, which detects unusual and potentially harmful access to Key Vault accounts. It provides an additional layer of security intelligence for the keys, secrets and certificates stored in the Microsoft Key Vault by alerting you to suspicious or malicious access. This layer of security allows you to address threats without being a security expert, and without the need to manage third-party security monitoring systems.
When anomalous activities occur, Microsoft Defender for Key Vault shows alerts and optionally sends them via email to relevant members of your organization. These alerts include the details of suspicious activity and recommendations on how to investigate and remediate the threats.
More information about Microsoft Defender for Key Vault is available here.
Microsoft Defender for Key Vault can be enabled from Microsoft Defender for Cloud, or from Key Vault. The pricing information is available here.
The Azure Defender for Key Vault alerts show up on Key Vault and Security Center.
Here is the list of alerts that you might get from the Azure Defender for Key Vault.
Azure Defender for Key Vault is designed to help identify suspicious activity caused by stolen credentials. Do not dismiss the alert simply because you recognize the user or application. Contact the owner of the application or the user and verify the activity was legitimate.
When you get an alert from Azure Defender for Key Vault, we recommend following this document.
Please provide your feedback for each alert on the alert page, which provides valuable input for the algorithm developers in the team to improve the quality of the alerts in the future. This feedback will not directly affect the results of the algorithm and will only be used to make long-term improvements.
You can create alert suppression rules to suppress unwanted security alerts from Azure Defender. Learn more in Suppress alerts from Azure Defender.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.