Use Microsoft Defender for Storage instead of Microsoft Defender for Storage classic pricing plan

[BenjaminEngeset]

Existing rule

No response

Suggested rule

The new Defender for Storage plan was launched on March 28, 2023.

The new plan includes advanced security capabilities to help protect against malicious file uploads, sensitive data exfiltration, and data corruption. It also provides a more predictable and flexible pricing structure for better control over coverage and costs.

The recommended approach is to enable the new plan at the subsciption level.

The classic plan will be deprecated in the future, and the deprecation will be announced three years in advance. All future capabilities will only be added to the new plan.

To enable the new plan on a subscription a v2 subplan is required.
Example:

resource StorageAccounts 'Microsoft.Security/pricings@2023-01-01' = {
  name: 'StorageAccounts'
  properties: {
    pricingTier: 'Standard'
    subPlan: 'DefenderForStorageV2'
  }
}

Pillar

Security

Additional context

https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-classic-migrate
https://learn.microsoft.com/azure/storage/common/azure-defender-storage-configure
https://learn.microsoft.com/azure/templates/microsoft.security/pricings

[BenjaminEngeset]

@BernieWhite Should we refactor the current rule or create a new dedicated? I'm a bit unsure what is the best approach here as the current rule really only checks for the tier and doesn't go this deep into the specs.

[BernieWhite]

@BenjaminEngeset I think for this case using a similar model to the Microsoft Defender for Servers, we should update the existing rule.

So let's bump the existing rule into the next baseline (currently 2023_06) when the updates to check the additional property subPlan are added.

The updated rule would check both pricingTier and subPlan and fail if both are not met.

Docs should be updated to reflect this.