Description:
This control checks the Microsoft Defender for Cloud recommendation called “Apply system updates.” If this recommendation is not shown, it means all systems have the required updates installed. The goal is to ensure systems are fully patched and secure.
Rationale:
Applying system updates protects devices from known vulnerabilities. When this Microsoft Defender recommendation is completed, it means your systems are up to date and less likely to be attacked.
Impact:
Keeping system updates applied reduces security risks. There is no negative impact, except that systems must stay updated on time.
Default Value:
By default, Microsoft Defender shows “Apply system updates” only when updates are missing. If all updates are installed, the recommendation disappears.
Pre-requisites:
You need access to Microsoft Defender for Cloud
The account must have Security Reader or higher permissions
Test Plan:
Go to the Azure portal at https://portal.azure.com.
In the portal, search for Microsoft Defender for Cloud.
Under the General section, click Recommendations.
Search for the Apply system updates.
If no recommendation appears, the status is Completed.
Implementation Steps:
Go to the Azure portal at https://portal.azure.com.
In the portal, search for Microsoft Defender for Cloud.
Under the General section, click Recommendations.
Search for Apply system updates.
If the recommendation lists machines, install the required updates on those machines using your standard update method.
Wait for Defender for Cloud to rescan the environment.
Return to Recommendations and search again.
If the recommendation no longer appears, the status is Completed.
Backout Plan:
There is no backout plan. Once updates are applied, they cannot be undone. If needed, reinstall a previous OS version or snapshot (rarely required).
Reference: