Introduction to Azure Defender for DNS

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Azure Defender for DNS provides an additional layer of protection for your cloud resources by:

  • continuously monitoring all DNS queries from your Azure resources
  • running advanced security analytics to alert you about suspicious activity

Availability

Aspect Details
Release state: Preview
The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Pricing: Azure Defender for DNS is billed as shown on the pricing page
Clouds: Yes Commercial clouds
No National/Sovereign (US Gov, China Gov, Other Gov)

What are the benefits of Azure Defender for DNS?

Azure Defender for DNS protects against issues including:

  • Data exfiltration from your Azure resources using DNS tunneling
  • Malware communicating with C&C server
  • Communication with malicious domains as phishing and crypto mining
  • DNS attacks - communication with malicious DNS resolvers

A full list of the alerts provided by Azure Defender for DNS is on the alerts reference page.

Dependencies

Azure Defender for DNS doesn't use any agents.

To protect your DNS layer, enable Azure Defender for DNS for each of your subscriptions as described in Enable Azure Defender.

Next steps

In this article, you learned about Azure Defender for DNS. For related material, see the following article:

  • Security alerts might be generated by Security Center or received by Security Center from different security products. To export all of these alerts to Azure Sentinel, any third-party SIEM, or any other external tool, follow the instructions in Exporting alerts to a SIEM.