Microsoft Defender for Resource Manager should be enabled
HIGH
Ensures Microsoft Defender for Resource Manager is enabled to detect suspicious management operations.
What does this mean?
Microsoft Defender for Resource Manager monitors all Azure resource management operations. It detects suspicious activities such as operations from malicious IP addresses, privilege escalation, and resource manipulation by compromised accounts.
Benefits of implementation
- Detects anomalous resource management operations
- Identifies compromised administrator accounts
- Provides threat intelligence-based alerts for Azure management plane
Drawbacks and considerations
- Per-subscription cost for Defender for Resource Manager
- Alert investigation requires understanding of Azure management operations
- May generate false positives in large, dynamic environments
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Defender Plans
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12