π‘οΈ Microsoft Defender File Integrity Monitoring Component is not enabledπ’βͺ
- Contextual name: π‘οΈ File Integrity Monitoring Component is not enabledπ’βͺ
- ID:
/ce/ca/azure/microsoft-defender/file-integrity-monitoring - Tags:
- βͺ Impossible policy
- π’ Policy with categories
- π’ Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Descriptionβ
Descriptionβ
File Integrity Monitoring (FIM) is a feature that monitors critical system files in Windows or Linux for potential signs of attack or compromise.
Rationaleβ
FIM provides a detection mechanism for compromised files. When FIM is enabled, critical system files are monitored for changes that might indicate a threat actor is attempting to modify system files for lateral compromise within a host operating system.
Impactβ
File Integrity Monitoring requires licensing and is included in these plans:
- Defender for Servers plan 2
Auditβ
From Azure Portalβ
- From the Azure Portal
Homepage, selectMicrosoft Defender for Cloud.- Under
ManagementselectEnvironment Settings.- Select a subscription.
- Under
Settings>Defender Plans, clickSettings & monitoring.- Under the Component column, locate the row for
File Integrity Monitoring.- Ensure that
Onis selected.Repeat the above for any additional subscriptions.
Default Valueβ
By default, Agentless scanning for machines is
off.Referencesβ
... see more
Remediationβ
Remediationβ
From Azure Portalβ
- From the Azure Portal
Homepage, selectMicrosoft Defender for Cloud.- Under
ManagementselectEnvironment Settings.- Select a subscription.
- Under
Settings>Defender Plans, clickSettings & monitoring.- Under the Component column, locate the row for
File Integrity Monitoring.- Select
On.- Click
Continuein the top left.Repeat the above for any additional subscriptions.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ CIS Azure v3.0.0 β πΌ 3.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' (Manual) | 1 | no data | |||
| πΌ CIS Azure v4.0.0 β πΌ 9.1.3.5 Ensure that 'File Integrity Monitoring' component status is set to 'On' (Manual) | 1 | no data | |||
| πΌ Cloudaware Framework β πΌ Microsoft Defender Configuration | 26 | no data |