Azure-CosmosDB-Advanced-Threat-Protection-Enabled

Severity: High

Description: This control ensures that Advanced Threat Protection is set on Azure Cosmos DB accounts. This layer of protection allows you to address threats, even without being a security expert, and integrate them with central security monitoring systems. Security alerts are triggered when anomalies in activity occur. These security alerts are integrated with Azure Security Center, and are also sent via email to subscription administrators, with details of the suspicious activity and recommendations on how to investigate and remediate the threats.

Remediation Steps:

Perform following to update App Service configuration:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to Azure Cosmos DB.

3. Click the Azure Cosmos DB instance to be remediated.

4. In the left menu, under the Security section, click Advanced security.

5. Set Advanced Threat Protection to ON.

6. Click Save.

Important:

Reference:

• Advanced Threat Protection for Azure Cosmos DB