If you are looking for a way to onboard Microsoft Defender for Cloud (MDC) with Terraform, you are in luck! In this blog post, we will introduce you to a new Terraform module that simplifies and enhances the onboarding experience for MDC in Azure. This module allows you to configure MDC plans for your Azure subscriptions or management groups with just a few lines of code. You will also learn how to use this module in different scenarios, such as onboarding a single subscription, multiple subscriptions, or all subscriptions where you have owner permissions. By the end of this blog post, you will be able to onboard MDC with Terraform in a fast and easy way. Let's get started!
In the past, onboarding Microsoft Defender for Cloud via code required interacting with multiple Defender for Cloud ARM APIs. Although many security teams leverage the APIs to onboard Defender for Cloud, Terraform is a preferred tool many use as their infrastructure-as-code (IaC) engine.
We are excited to introduce a new Terraform module that is now available on the HashiCorp Terraform Registry. The module is specifically designed to streamline the onboarding process in Azure, providing a new and improved onboarding experience with Terraform. This module is easy to use and supports configuration at both the subscription and tenant levels. It enables customers to verify that their security posture is running the correct Defender for Cloud plans, simplifying the process and providing additional oversight over securing their entire environment.
The new Terraform module is now available on the HashiCorp Terraform Registry.
The module supports the following onboarding types:
terraform apply
Remember, you can easily reverse the onboarding using the terraform destroy command or turn off specific plans by modifying the mdc_plans_list variable accordingly.
We highly encourage community contributions. Before contributing, please ensure you've agreed to our Contributor License Agreement (CLA). We're using Docker image, mcr.microsoft.com/azterraform:latest, to run pre-commit, pr-check, and tests for your convenience. It's super handy to ensure your code meets our pipeline requirements and aligns with our coding standards.
We're confident this will streamline the onboarding experience. Try it out, share your feedback, and let's continue to make cloud security simpler and stronger together
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.