- New subscriptions #100584

- Turned off Azure Defender for ignore storage accounts #100211

Custom roles/Storage Data Contributor.json

@@ -76,6 +76,8 @@
         "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6",
         "/subscriptions/e33c30f7-06c7-4765-86a9-7a8979b6d1cc",
         "/subscriptions/2021c41e-3582-40a1-85e5-59588741e6d3",
-        "/subscriptions/17a9bacf-5a67-44bf-a532-950a4b3bf25d"
+        "/subscriptions/17a9bacf-5a67-44bf-a532-950a4b3bf25d",
+        "/subscriptions/181146cf-2354-4167-a6db-94ad14329c4d",
+        "/subscriptions/38a6726a-7c4d-402c-8bc2-36677fc0c3b4"
     ]
 }

Custom roles/Storage Data Reader.json

@@ -58,6 +58,8 @@
       "/subscriptions/cea89b67-6bfd-47c6-b7fa-9b8006b664ea",
       "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6",
       "/subscriptions/2021c41e-3582-40a1-85e5-59588741e6d3",
-      "/subscriptions/17a9bacf-5a67-44bf-a532-950a4b3bf25d"
+      "/subscriptions/17a9bacf-5a67-44bf-a532-950a4b3bf25d",
+      "/subscriptions/181146cf-2354-4167-a6db-94ad14329c4d",
+      "/subscriptions/38a6726a-7c4d-402c-8bc2-36677fc0c3b4"
  ]
   }

Powershell/Tools/Storage Account Azure Defender settings.ps1

@@ -0,0 +1,134 @@
+#Connect-AzAccount
+function GetAzureDefender {
+    param (
+        [string] $resourceId
+    )
+
+    #https://learn.microsoft.com/en-us/rest/api/defenderforcloud/defender-for-storage/create?view=rest-defenderforcloud-2022-12-01-preview&tabs=HTTP
+    
+    $access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
+    $url = "https://management.azure.com/$resourceId/providers/Microsoft.Security/defenderForStorageSettings/current?api-version=2022-12-01-preview"
+
+    $head = @{ Authorization =" Bearer $access_token" }
+    $response = Invoke-RestMethod -Uri $url -Method Get -Headers $head -ContentType "application/json"  
+    return ($response.properties.overrideSubscriptionLevelSettings -and !$response.properties.isEnabled)
+}
+
+function TurnOffAzureDefender {
+    param (
+        [string] $resourceId
+    )
+
+    $patchValue = '
+    {
+        "properties": {
+            "isEnabled": false,
+            "sensitiveDataDiscovery": {
+                "isEnabled": false
+            },
+            "malwareScanning": {
+                "onUpload": {
+                    "isEnabled": false,
+                    "capGBPerMonth": -1
+                }
+            },
+            "overrideSubscriptionLevelSettings": true
+        }
+    }
+    '
+
+    #https://learn.microsoft.com/en-us/rest/api/defenderforcloud/defender-for-storage/create?view=rest-defenderforcloud-2022-12-01-preview&tabs=HTTP
+    
+    $access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
+    $url = "https://management.azure.com/$resourceId/providers/Microsoft.Security/defenderForStorageSettings/current?api-version=2022-12-01-preview"
+
+    $head = @{ Authorization =" Bearer $access_token" }
+    Invoke-RestMethod -Uri $url -Method Put -Headers $head -Body $patchValue -ContentType "application/json"  | Out-Null
+}
+
+class ResourceCheck {
+    [string] $ManagementGroupId = ""
+    [string] $ManagementGroupName = ""
+    [string] $SubscriptionId = ""
+    [string] $SubscriptionName = ""
+    [string] $ResourceId = ""
+    [string] $ResourceGroupName = ""
+    [string] $StorageAccountName = ""
+    [string] $Location = ""
+    [string] $Tag_Team = ""
+    [string] $Tag_Product = ""
+    [string] $Tag_Environment = ""
+    [string] $Tag_Data = ""
+    [string] $Tag_CreatedOnDate = ""
+    [string] $Tag_Deployment = ""
+    [string] $Tag_BackupPolicy = ""
+    [string] $PreviousOverrideSubscription = ""
+    [string] $Action = "None"
+}
+
+[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
+$fileName =  ".\$date Processed Storage Accounts.csv" 
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Updating Azure defender settings."
+Write-Host "======================================================================================================================================================================"
+
+$managementGroups = Get-AzManagementGroup
+
+foreach ($managementGroup in $managementGroups) 
+{
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+    Write-Host "Management group [$($managementGroup.Name)]"
+
+    $subscriptions = Get-AzManagementGroupSubscription -Group $managementGroup.Name | Where-Object State -eq "Active" | Where-Object DisplayName -NotLike "Visual Studio*" 
+
+    foreach ($subscription in $subscriptions) 
+    {
+        Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+        $scope = $subscription.Id.Substring($subscription.Parent.Length, $subscription.Id.Length - $subscription.Parent.Length)
+        $subscriptionId = $scope.Replace("/subscriptions/", "")
+        Write-Host "Subscription [$($subscription.DisplayName) - $subscriptionId]"
+        Set-AzContext -SubscriptionId $subscriptionId | Out-Null
+        Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+        
+        [ResourceCheck[]]$Result = @()
+
+        $allResources = Get-AzStorageAccount 
+
+        foreach ($resource in $allResources) {
+
+            [ResourceCheck] $resourceCheck = [ResourceCheck]::new()
+            $resourceCheck.ManagementGroupId = $managementGroup.Id
+            $resourceCheck.ManagementGroupName = $managementGroup.DisplayName
+            $resourceCheck.SubscriptionId = $subscription.Id
+            $resourceCheck.SubscriptionName = $subscription.DisplayName
+            $resourceCheck.ResourceId = $resource.Id
+            $resourceCheck.Location = $resource.Location
+            $resourceCheck.StorageAccountName = $resource.StorageAccountName
+            $resourceCheck.ResourceGroupName = $resource.ResourceGroupName
+            $resourceCheck.Tag_Team = $resource.Tags.team
+            $resourceCheck.Tag_Product = $resource.Tags.product
+            $resourceCheck.Tag_Environment = $resource.Tags.environment
+            $resourceCheck.Tag_Data = $resource.Tags.data
+            $resourceCheck.Tag_CreatedOnDate = $resource.Tags.CreatedOnDate
+            $resourceCheck.Tag_Deployment = $resource.Tags.drp_deployment
+            $resourceCheck.Tag_BackupPolicy = $resource.Tags.drp_backup_policy
+
+            $resourceCheck.PreviousOverrideSubscription = GetAzureDefender -resourceId $resource.Id
+           
+            # set overrideSubscriptionLevelSettings
+            if ($resourceCheck.Tag_BackupPolicy.ToLower() -eq "ignore" -and $resourceCheck.PreviousOverrideSubscription -eq "False") {
+                 $resourceCheck.Action = "Turned off"
+
+                 TurnOffAzureDefender -resourceId $resource.Id
+            }
+
+            $Result += $resourceCheck
+        }
+
+        $Result | Export-Csv -Path $fileName -Append -NoTypeInformation
+
+    }
+}
+Write-Host "======================================================================================================================================================================"
+Write-Host "Done."