Credits and sources

Microsoft Learn

https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction

Intro

In this part of the blog series, I want to show you what Microsoft Defender for DNS (MDDNS) brings. MDDNS helps to protect the Azure DNS services against suspicious activities, and it does so without any agent installation.

Microsoft Defender for DNS features

The features that MDDNS offers are protection against:

  • Data exfiltration
  • Malware
  • DNS attacks
  • Communication with domains used for malicious activities (phishing and crypto mining)

Microsoft Defender for DNS alerts

Microsoft Learn Docs provides a complete list of alerts that MDDNS provides; see the link below.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-dns

The alerts are, for example, “Communication with suspicious random domain names, which could be a sign of data exfiltration attempts. Awareness of these attempts is essential since data and identities are some of the most critical assets to protect.

Managing alerts in the Defender for Cloud uses the alerts view. Like the other Defender services, it is vital to keep your alerting up to date with the correct persons/shared mailboxes to take action on any findings.

How to enable Microsoft Defender for DNS

I will enable MDDNS on the subscription level.

First, go to the Defender for Cloud section in Azure, and click “Environment settings.”

Select the subscription that holds your DNS service.

Slide the setting to “On.”

Conclusion

We now know how to enable Defender for DNS, and as you have seen, it is straightforward to enable and use. Because there is no configuration, it doesn’t mean that MDDNS isn’t a critical service for your Azure DNS services. I did go reasonably light over the alerting and management of alerts, but I plan to post on this for itself later in the blog series.

Join me in the next part of the blog series. This post will be about Defender for Key Vault.