Skip to main content

Description

Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.

Rationale​

Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.

Impact​

Additional licensing is required and configuration of Azure Arc introduces complexity beyond this recommendation.

Audit​

From Azure Portal​

  1. From Azure Home select the Portal Menu.
  2. Select Microsoft Defender for Cloud.
  3. Under Management, select Environment Settings.
  4. Select a subscription.
  5. Click on Settings & monitoring.
  6. Ensure that Vulnerability assessment for machines is set to On.

Repeat the above for any additional subscriptions.

Default Value​

By default, Automatic provisioning of monitoring agent is set to Off.

References​

  1. https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-va
  2. https://msdn.microsoft.com/en-us/library/mt704062.aspx
  3. https://msdn.microsoft.com/en-us/library/mt704063.aspx
  4. https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list
  5. https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create
  6. https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-posture-vulnerability-management#pv-5-perform-vulnerability-assessments

Additional Information​

While this feature is generally available as of publication, it is not yet available for Azure Government tenants.