Merge pull request #247740 from dcurwin/wi-45810-enable-cosmosdb-aug9-2023

Add tabs to Cosmos DB article

Author: v-regandowner

articles/defender-for-cloud/defender-for-databases-enable-cosmos-protections.md

@@ -5,7 +5,7 @@ author: dcurwin
 ms.author: dacurwin
 ms.topic: how-to
 ms.custom: ignite-2022
-ms.date: 11/28/2022
+ms.date: 08/09/2023
 ---
 
 # Enable Microsoft Defender for Azure Cosmos DB
@@ -18,27 +18,27 @@ ms.date: 11/28/2022
 
 ## Enable database protection at the subscription level
 
-The subscription level enablement, enables Microsoft Defender for Cloud protection for all database types in your subscription (recommended). 
+The subscription level enablement enables Microsoft Defender for Cloud protection for all database types in your subscription (recommended).
+
+You can enable Microsoft Defender for Cloud protection on your subscription in order to protect all database types, for example, Azure Cosmos DB, Azure SQL Database, Azure SQL servers on machines, and OSS RDBs. You can also select specific resource types to protect when you configure your plan.
 
-You can enable Microsoft Defender for Cloud protection on your subscription in order to protect all database types, for example, Azure Cosmos DB, Azure SQL Database, Azure SQL servers on machines, and OSS RDBs. You can also select specific resource types to protect when you configure your plan. 
- 
 When you enable Microsoft Defender for Cloud's enhanced security features on your subscription, Microsoft Defender for Azure Cosmos DB is automatically enabled for all of your Azure Cosmos DB accounts.  
 
 **To enable database protection at the subscription level**:
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 
-1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**. 
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
 
-1. Select the relevant subscription. 
+1. Select the relevant subscription.
 
 1. Locate Databases and toggle the switch to **On**.
 
     :::image type="content" source="media/quickstart-enable-defender-for-cosmos/protection-type.png" alt-text="Screenshot showing the available protections you can enable." lightbox="media/quickstart-enable-defender-for-cosmos/protection-type-expanded.png":::
 
 1. Select **Save**.
 
-**To select specific resource types to protect when you configure your plan**: 
+**To select specific resource types to protect when you configure your plan**:
 
 1. Follow steps 1 - 4 above.
 
@@ -54,7 +54,7 @@ When you enable Microsoft Defender for Cloud's enhanced security features on you
 
 ## Enable Microsoft Defender for Azure Cosmos DB at the resource level
 
-You can enable Microsoft Defender for Cloud on a specific Azure Cosmos DB account through the Azure portal, PowerShell, or the Azure CLI.
+You can enable Microsoft Defender for Cloud on a specific Azure Cosmos DB account through the Azure portal, PowerShell, Azure CLI, ARM template, or Azure Policy.
 
 **To enable Microsoft Defender for Cloud for a specific Azure Cosmos DB account**:
 
@@ -80,7 +80,7 @@ You can enable Microsoft Defender for Cloud on a specific Azure Cosmos DB accoun
     Enable-AzSecurityAdvancedThreatProtection -ResourceId "/subscriptions/<Your subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.DocumentDb/databaseAccounts/myCosmosDBAccount/" 
     ```
 
-1.  Verify the Microsoft Defender for Azure Cosmos DB setting for your storage account through the PowerShell call [Get-AzSecurityAdvancedThreatProtection](/powershell/module/az.security/get-azsecurityadvancedthreatprotection) command.
+1. Verify the Microsoft Defender for Azure Cosmos DB setting for your storage account through the PowerShell call [Get-AzSecurityAdvancedThreatProtection](/powershell/module/az.security/get-azsecurityadvancedthreatprotection) command.
 
     ```powershell
     Get-AzSecurityAdvancedThreatProtection -ResourceId "/subscriptions/<Your subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.DocumentDb/databaseAccounts/myCosmosDBAccount/" 
@@ -90,33 +90,71 @@ You can enable Microsoft Defender for Cloud on a specific Azure Cosmos DB accoun
 
 Use an Azure Resource Manager template to deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. For more information, see [Create an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled](https://github.com/azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account).
 
+### [Azure CLI](#tab/azure-cli)
+
+To enable Microsoft Defender for Azure Cosmos DB on a single account via Azure CLI, call the [az security atp cosmosdb update](/cli/azure/security/atp/cosmosdb) command. Remember to replace values in angle brackets with your own values:
+
+```azurecli
+az security atp cosmosdb update \
+    --resource-group <resource-group> \
+    --cosmosdb-account <cosmosdb-account> \
+    --is-enabled true
+```
+
+To check the Microsoft Defender for Azure Cosmos DB setting for a single account via Azure CLI, call the [az security atp cosmosdb show](/cli/azure/security/atp/cosmosdb) command. Remember to replace values in angle brackets with your own values:
+
+```azurecli
+az security atp cosmosdb show \
+    --resource-group <resource-group> \
+    --cosmosdb-account <cosmosdb-account>
+```
+
+### [Azure Policy](#tab/azure-policy)
+
+Use an Azure Policy to enable Microsoft Defender for Cloud across storage accounts under a specific subscription or resource group.
+
+1. Launch the Azure Policy > Definitions page.
+1. Search for the **Configure Microsoft Defender for Azure Cosmos DB to be enabled** policy, then select the policy to view the policy definition page.
+
+    :::image type="content" source="media/defender-for-databases-enable-cosmos-protections/select-policy.png" alt-text="Screenshot of selecting the policy.":::
+
+1. Select the **Assign button** for the built-in policy.
+
+    :::image type="content" source="media/defender-for-databases-enable-cosmos-protections/select-assign-button.png" alt-text="Screenshot of selecting the assign button.":::
+
+1. Specify an Azure subscription.
+
+    :::image type="content" source="media/defender-for-databases-enable-cosmos-protections/choose-subscription.png" alt-text="Screenshot of choosing Azure subscription.":::
+
+1. Select **Review + create** to review the policy assignment and complete it.
+
 ---
 
 ## Simulate security alerts from Microsoft Defender for Azure Cosmos DB
 
-A full list of [supported alerts](alerts-reference.md) is available in the reference table of all Defender for Cloud security alerts. 
+A full list of [supported alerts](alerts-reference.md#alerts-azurecosmos) is available in the reference table of all Defender for Cloud security alerts.
 
-You can use sample Microsoft Defender for Azure Cosmos DB alerts to evaluate their value, and capabilities. Sample alerts will also validate any configurations you've made for your security alerts (such as SIEM integrations, workflow automation, and email notifications). 
+You can use sample Microsoft Defender for Azure Cosmos DB alerts to evaluate their value, and capabilities. Sample alerts will also validate any configurations you've made for your security alerts (such as SIEM integrations, workflow automation, and email notifications).
 
-**To create sample alerts from Microsoft Defender for Azure Cosmos DB**: 
+**To create sample alerts from Microsoft Defender for Azure Cosmos DB**:
 
 1. Sign in to the  [Azure portal](https://portal.azure.com/) as a Subscription Contributor user.
 
-1. Navigate to the security alerts page. 
+1. Navigate to the security alerts page.
 
-1. Select **Sample alerts**. 
+1. Select **Sample alerts**.
 
-1. Select the subscription. 
+1. Select the subscription.
 
-1. Select the relevant Microsoft Defender plan(s). 
+1. Select the relevant Microsoft Defender plan(s).
 
 1. Select **Create sample alerts**.
 
     :::image type="content" source="media/quickstart-enable-defender-for-cosmos/sample-alerts.png" alt-text="Screenshot showing the order needed to create an alert.":::
 
-After a few minutes, the alerts will appear in the security alerts page. Alerts will also appear anywhere that you've configured to receive your Microsoft Defender for Cloud security alerts. For example, connected SIEMs, and email notifications. 
+After a few minutes, the alerts will appear in the security alerts page. Alerts will also appear anywhere that you've configured to receive your Microsoft Defender for Cloud security alerts. For example, connected SIEMs, and email notifications.
 
-## Next Steps
+## Next steps
 
 In this article, you learned how to enable Microsoft Defender for Azure Cosmos DB, and how to simulate security alerts.