For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-j9z.md. A documentation index is available at /llms.txt.

Microsoft Defender for Azure Cosmos DB should be enabled

azure.security

Description

Microsoft Defender for Azure Cosmos DB detects anomalous database access, SQL injection patterns, and credential misuse against Cosmos DB accounts. Enabling this plan at the Standard tier ensures suspicious activity targeting Cosmos DB workloads is surfaced.

Remediation

See Enable Microsoft Defender for Azure Cosmos DB for step-by-step instructions on enabling the plan.