Description:
Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.
Rationale:
Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.
Impact:
Additional licensing is required and configuration of Azure Arc introduces complexity beyond this recommendation.
Audit:
From Azure Portal
1. From Azure Home select the Portal Menu
2. Select Microsoft Defender for Cloud
3. Then Environment Settings
4. Select a subscription
5. Click on Settings & Monitoring
6. Ensure that Vulnerability assessment for machines is set to On
Repeat the above for any additional subscriptions.
Remediation:
From Azure Portal
1. From Azure Home select the Portal Menu
2. Select Microsoft Defender for Cloud
3. Then Environment Settings
4. Select a subscription
5. Click on Settings & Monitoring
6. Ensure that Vulnerability assessment for machines is set to On
Repeat the above for any additional subscriptions.
Default Value:
By default, Automatic provisioning of monitoring agent is set to Off.
References:
2. https://msdn.microsoft.com/en-us/library/mt704062.aspx
3. https://msdn.microsoft.com/en-us/library/mt704063.aspx
4. https://docs.microsoft.com/enus/rest/api/securitycenter/autoprovisioningsettings/list
5. https://docs.microsoft.com/enus/rest/api/securitycenter/autoprovisioningsettings/create