Azure Defender should be enabled for Key Vaults

Description

Azure Defender for Key Vault detects unusual and harmful attempts to access or exploit secrets/key data. For example, if an attacker gained unauthorized access to a secret on a production workload, they would have access to sensitive and business-critical data.

Remediation Steps

Azure Portal

• Navigate to Security Center.

• In the left navigation, select Pricing & Settings.

• Select the Subscription Name.

• In the left navigation, select Azure Defender plans.

• Verify that Azure Defender is on.

• In the table under Key Vaults, select On.

• Click Save.

Azure CLI

Remediation is not possible via the CLI.

Documentation Links

Azure Portal and CLI

• Introduction to Azure Defender for Key Vault

• Ensure that Azure Defender is set to On for Key Vault