For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-939.md. A documentation index is available at /llms.txt.

Microsoft Defender for Key Vault should be enabled

azure.security

Description

Microsoft Defender for Key Vault detects unusual and potentially malicious access to Azure Key Vault keys, secrets, and certificates. Enabling this plan at the Standard tier ensures suspicious access patterns to vault contents are surfaced as alerts.

Remediation

See Protect your key vaults with the Defender for Key Vault plan for step-by-step instructions on enabling the plan.