Skip to main content

πŸ“ Microsoft Defender Agentless Scanning for Machines Component is not enabled 🟒

  • Contextual name: πŸ“ Agentless Scanning for Machines Component is not enabled 🟒
  • ID: /ce/ca/azure/microsoft-defender/agentless-scanning-for-machines
  • Located in: πŸ“ Microsoft Defender for Cloud

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Description​

Open File

Description​

Using disk snapshots, the agentless scanner scans for installed software, vulnerabilities, and plain text secrets.

Rationale​

The Microsoft Defender for Cloud agentless machine scanner provides threat detection, vulnerability detection, and discovery of sensitive information.

Impact​

Agentless scanning for machines requires licensing and is included in these plans:

  • Defender CSPM
  • Defender for Servers plan 2

Audit​

From Azure Portal​
  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Under the Component column, locate the row for Agentless scanning for machines.
  6. Ensure that On is selected.

Repeat the above for any additional subscriptions.

Default Value​

By default, Agentless scanning for machines is off.

References​

  1. https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection
  2. https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-incident-response#ir-2-preparation---setup-incident-notification

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Under the Component column, locate the row for Agentless scanning for machines.
  6. Select On.
  7. Click Continue in the top left.

Repeat the above for any additional subscriptions.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 3.1.3.5 Ensure that 'File Integrity Monitoring' component status is set to 'On' (Manual)1
πŸ’Ό CIS Azure v4.0.0 β†’ πŸ’Ό 9.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' (Manual)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Microsoft Defender Configuration26