Introduction to Azure Defender for DNS

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Azure Defender for DNS provides an additional layer of protection for your resources that are connected to Azure DNS by:

  • continuously monitoring all DNS queries from your Azure resources
  • running advanced security analytics to alert you about suspicious activity

Availability

Aspect Details
Release state: General availability (GA)
Pricing: Azure Defender for DNS is billed as shown on Security Center pricing
Clouds: Commercial clouds
Azure China 21Vianet
Azure Government

What are the benefits of Azure Defender for DNS?

Azure Defender for DNS protects resources that are connected to Azure DNS against issues including:

  • Data exfiltration from your Azure resources using DNS tunneling
  • Malware communicating with C&C server
  • Communication with malicious domains as phishing and crypto mining
  • DNS attacks - communication with malicious DNS resolvers

A full list of the alerts provided by Azure Defender for DNS is on the alerts reference page.

Dependencies

Azure Defender for DNS doesn't use any agents.

To protect your DNS layer, enable Azure Defender for DNS for each of your subscriptions as described in Enable Azure Defender.

Next steps

In this article, you learned about Azure Defender for DNS.

For related material, see the following article:

  • Security alerts might be generated by Security Center or received by Security Center from different security products. To export all of these alerts to Azure Sentinel, any third-party SIEM, or any other external tool, follow the instructions in Exporting alerts to a SIEM.