Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article lists all the Keyvault security recommendations you might see in Microsoft Defender for Cloud.
The recommendations that appear in your environment are based on the resources that you're protecting and on your customized configuration. You can see the recommendations in the portal that apply to your resources.
To learn about actions that you can take in response to these recommendations, see Remediate recommendations in Defender for Cloud.
Tip
If a recommendation description says No related policy, usually it's because that recommendation is dependent on a different recommendation.
For example, the recommendation Endpoint protection health failures should be remediated relies on the recommendation that checks whether an endpoint protection solution is installed (Endpoint protection solution should be installed). The underlying recommendation does have a policy. Limiting policies to only foundational recommendations simplifies policy management.
Read this blog to learn how to protect Your Azure Key Vault and why Azure role based access control is critical for security.
Azure Keyvault recommendations
Role-Based Access Control should be used on Keyvault Services
Description: To provide granular filtering on the actions that users can perform, use Role-Based Access Control (RBAC) to manage permissions in Keyvault Service and configure relevant authorization policies. (Related policy: Azure Key Vault should use RBAC permission model - Microsoft Azure).
Severity: High
Type: Control plane