🛡️ Azure Virtual Machine Endpoint Protection is not installed🟢⚪
- Contextual name: 🛡️ Endpoint Protection is not installed🟢⚪
- ID:
/ce/ca/azure/virtual-machine/endpoint-protection - Tags:
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Similar Policies
- Cloud Conformity: Install Endpoint Protection
Description
Description
Install endpoint protection for all virtual machines.
Rationale
Installing endpoint protection systems (like anti-malware for Azure) provides for real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems.
Impact
Endpoint protection will incur an additional cost to you.
Audit
From Azure Portal
- Go to
Security Center.- Click the
Recommendationsblade.- Ensure that there are no recommendations for
Endpoint Protection not installed on Azure VMs.From Azure CLI
az vm show -g <MyResourceGroup> -n <MyVm> -d --query "resources[?type=='Microsoft.Compute/virtualMachines/extensions'].{ExtensionName:name}" -o tableIf extensions are installed, it will list the installed extensions:
EndpointSecurity || TrendMicroDSA* || Antimalware || EndpointProtection || SCWPAgent || PortalProtectExtension* || FileSecurity*
... [see more](description.md)
Remediation
Remediation
Follow Microsoft Azure documentation to install endpoint protection from the security center. Alternatively, you can employ your own endpoint protection tool for your OS.
policy.yaml
Linked Framework Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v2.1.0 → 💼 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed - Level 2 (Manual) | 1 | no data | |||
| 💼 CIS Azure v3.0.0 → 💼 8.8 Ensure that Endpoint Protection for all Virtual Machines is installed (Manual) | 1 | no data | |||
| 💼 Cloudaware Framework → 💼 Threat Protection | 31 | no data |