Description
Enable vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.
Rationale
Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.
Impact
Microsoft Defender for Servers plan 2 licensing is required, and configuration of Azure Arc introduces complexity beyond this recommendation.
Audit
From Azure Portal
- From Azure Home, select the Portal Menu.
- Select
Microsoft Defender for Cloud. - Under
Management, selectEnvironment Settings. - Select a subscription.
- Click on
Settings & monitoring. - Ensure that
Vulnerability assessment for machinesis set toOn.
Repeat the above for any additional subscriptions.
From Azure Policy
If referencing a digital copy of this Benchmark, clicking a Policy ID will open a link to the associated Policy definition in Azure.
- Policy ID: 501541f7-f7e7-4cd6-868c-4190fdad3ac9 - Name:
A vulnerability assessment solution should be enabled on your virtual machines
Default Value
By default, Automatic provisioning of monitoring agent is set to Off.
References
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components
- https://learn.microsoft.com/en-us/rest/api/defenderforcloud/auto-provisioning-settings/list
- https://learn.microsoft.com/en-us/rest/api/defenderforcloud/auto-provisioning-settings/create
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-posture-vulnerability-management#pv-5-perform-vulnerability-assessments
Additional Information
While this feature is generally available as of publication, it is not yet available for Azure Government tenants.