Azure Defender should be enabled for Key Vaults


Azure Defender for Key Vault detects unusual and harmful attempts to access or exploit secrets/key data. For example, if an attacker gained unauthorized access to a secret on a production workload, they would have access to sensitive and business-critical data.

Remediation Steps

Azure Portal

  • Navigate to Security Center.

  • In the left navigation, select Pricing & Settings.

  • Select the Subscription Name.

  • In the left navigation, select Azure Defender plans.

  • Verify that Azure Defender is on.

  • In the table under Key Vaults, select On.

  • Click Save.

Azure CLI

Remediation is not possible via the CLI.