Skip to main content

πŸ“ Microsoft Defender File Integrity Monitoring Component is not enabled 🟒

  • Contextual name: πŸ“ File Integrity Monitoring Component is not enabled 🟒
  • ID: /ce/ca/azure/microsoft-defender/file-integrity-monitoring
  • Located in: πŸ“ Microsoft Defender for Cloud

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Description​

Open File

Description​

File Integrity Monitoring (FIM) is a feature that monitors critical system files in Windows or Linux for potential signs of attack or compromise.

Rationale​

FIM provides a detection mechanism for compromised files. When FIM is enabled, critical system files are monitored for changes that might indicate a threat actor is attempting to modify system files for lateral compromise within a host operating system.

Impact​

File Integrity Monitoring requires licensing and is included in these plans:

  • Defender for Servers plan 2

Audit​

From Azure Portal​
  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Under the Component column, locate the row for File Integrity Monitoring.
  6. Ensure that On is selected.

Repeat the above for any additional subscriptions.

Default Value​

By default, Agentless scanning for machines is off.

References​

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

  1. From the Azure Portal Home page, select Microsoft Defender for Cloud.
  2. Under Management select Environment Settings.
  3. Select a subscription.
  4. Under Settings > Defender Plans, click Settings & monitoring.
  5. Under the Component column, locate the row for File Integrity Monitoring.
  6. Select On.
  7. Click Continue in the top left.

Repeat the above for any additional subscriptions.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 3.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' (Manual)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Microsoft Defender Configuration26