π‘οΈ Microsoft Cloud Security Benchmark policies are disabledπ’βͺ
- Contextual name: π‘οΈ Microsoft Cloud Security Benchmark policies are disabledπ’βͺ
- ID:
/ce/ca/azure/microsoft-defender/microsoft-cloud-security-benchmark-policies - Tags:
- βͺ Impossible policy
- π’ Policy with categories
- π’ Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Descriptionβ
Descriptionβ
The Microsoft Cloud Security Benchmark (or "MCSB") is an Azure Policy Initiative containing many security policies to evaluate resource configuration against best practice recommendations. If a non-deprecated policy in the MCSB is set with effect type
Disabled, it is not evaluated and may prevent administrators from being informed of valuable security recommendations.Rationaleβ
A security policy defines the desired configuration of resources in your environment and helps ensure compliance with company or regulatory security requirements. The MCSB Policy Initiative is a set of security recommendations based on best practices and is associated with every subscription by default. When a policy "Effect" is set to
Audit, policies in the MCSB ensure that Defender for Cloud evaluates relevant resources for supported recommendations. To ensure that supported policies within the MCSB are not being missed when the Policy Initiative is evaluated, non-deprecated policies should not have an Effect ofDisabled.... see more
Remediationβ
Remediationβ
From Azure Portalβ
- In the Azure portal, open the portal menu.
- Select
Microsoft Defender for Cloud.- Under
Management, selectEnvironment Settings.- Click on the appropriate Management Group or Subscription.
- Click on
Security policiesin the left column.- Select
Microsoft cloud security benchmark.- Click
Add Filterand selectEffect.- Check the
Disabledbox to search for all disabled policies.- Click
Apply.- Click the blue ellipsis
...to the right of a policy name.- Click
Manage effect and parameters.- Under
Policy effect, select the radio button next toAudit.- Click
Save.- Click
Refresh.- Repeat steps 10-14 until all non-deprecated disabled policies are updated.
- Repeat steps 1-15 for each Management Group or Subscription requiring remediation.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ CIS Azure v5.0.0 β πΌ 8.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' (Manual) | 1 | no data | |||
| πΌ CIS Azure v6.0.0 β πΌ 8.1.11 Ensure that non-deprecated Microsoft Cloud Security Benchmark policies are not set to 'Disabled' (Manual) | 1 | no data | |||
| πΌ Cloudaware Framework β πΌ Microsoft Defender Configuration | 29 | no data |