Description:

Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.


Rationale:

Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.


Impact:

Additional licensing is required and configuration of Azure Arc introduces complexity beyond this recommendation.


Audit:

From Azure Portal

1. From Azure Home select the Portal Menu

2. Select Microsoft Defender for Cloud

3. Then Environment Settings

4. Select a subscription

5. Click on Settings & Monitoring

6. Ensure that Vulnerability assessment for machines is set to On

Repeat the above for any additional subscriptions.


Remediation:

From Azure Portal

1. From Azure Home select the Portal Menu

2. Select Microsoft Defender for Cloud

3. Then Environment Settings

4. Select a subscription

5. Click on Settings & Monitoring

6. Ensure that Vulnerability assessment for machines is set to On

Repeat the above for any additional subscriptions.


Default Value:

By default, Automatic provisioning of monitoring agent is set to Off.


References:

1. https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-datacollection?tabs=autoprovision-va

2. https://msdn.microsoft.com/en-us/library/mt704062.aspx

3. https://msdn.microsoft.com/en-us/library/mt704063.aspx

4. https://docs.microsoft.com/enus/rest/api/securitycenter/autoprovisioningsettings/list

5. https://docs.microsoft.com/enus/rest/api/securitycenter/autoprovisioningsettings/create

6.https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-posture-vulnerability-management#pv-5-perform-vulnerability-assessments