Protect your applications with Microsoft Defender for App Service

Microsoft Defender for App Service uses cloud scale to identify attacks that target applications running on Azure App Service. Requests to Azure applications pass through gateways that inspect and log traffic before routing it to your environment. This data helps identify exploits and attackers, and it helps learn new patterns.

When you enable Defender for App Service, you get these capabilities:

• Secure - Defender for App Service assesses the resources covered by your App Service plan and generates security recommendations based on its findings. Use the detailed instructions in these recommendations to harden your App Service resources.

• Detect - Defender for App Service detects many threats to your App Service resources by monitoring:

  • The virtual machine (VM) instance in which your App Service is running, and its management interface
  • The requests and responses sent to and from your App Service apps.
  • The underlying sandboxes and VMs.
  • App Service internal logs - available because of the visibility that Azure has as a cloud provider.

As a cloud-native solution, Defender for App Service can identify attack methods that apply to multiple targets. From a single host, it's hard to identify a distributed attack from a small subset of Internet Protocol (IP) addresses that crawl similar endpoints across multiple hosts.

Together, the log data and infrastructure can show the full attack story, from a new attack in the wild to compromises on customer machines. Even if you deploy Microsoft Defender for App Service after a web app is exploited, it might still detect ongoing attacks.

Learn more about Defender for Cloud pricing on the Defender for Cloud pricing page. You can also estimate costs with the Defender for Cloud cost calculator.

Prerequisites

• Use an Azure subscription. If you don't have one, you can sign up for a free subscription.

• Enable Microsoft Defender for Cloud on your Azure subscription.

• Use an App Service plan on any App Service tier.

  For more information on App Service plans and tiers, see Azure App Service plans.

• For billing details, note that Defender for App Service billing applies across all App Service plan tiers. Billing is calculated according to the total compute instances across all App Service plan tiers.

• For deep alert investigation, consider enabling diagnostic settings on your App Service resources so you can review HTTP traffic, application events, and platform activity during incidents. Consider your expected log volume and destination because these diagnostics can incur additional storage costs. For investigation guidance specific to Defender for App Service, see App Service diagnostics for alert investigation. For setup steps and destination options, see Enable diagnostic logging for apps in Azure App Service.

Enable the Defender for App Service plan

When you enable Defender for Cloud, you can add the Defender for App Service plan to your subscription to get security monitoring and threat detection for your web apps and application programming interfaces (APIs).

To enable Defender for App Service on your subscription:

1. Sign in to the Azure portal.

2. Search for and select Microsoft Defender for Cloud.

3. In the Defender for Cloud menu, select Environment settings.

4. Select the relevant subscription.

5. On the Defender plans page, toggle the App Service plan to On.

   

6. Select Save.

Next steps