Description:
The Microsoft Cloud Security Benchmark (MCSB) is a set of security best practices and guidelines specifically designed to help organizations secure their cloud environments. It provides security policies and controls that can be applied to Azure resources to help meet industry standards and regulatory compliance requirements.
The Microsoft Cloud Security Benchmark policies should not be set to 'Disabled' because doing so could leave your cloud environment vulnerable to security threats. These policies are essential for ensuring your environment is protected against various types of security risks, including misconfigurations, access management issues, and vulnerabilities.
Rationale:
Disabling security benchmark policies removes the protections and controls recommended by Microsoft, potentially exposing the environment to greater risks. Enabling these policies ensures that your environment adheres to security best practices and compliance standards, such as SOC 2, HIPAA, NIST, and GDPR.
Impact:
Disabling MCSB policies could lead to potential security gaps or non-compliance with regulatory requirements. Enabling these policies ensures that your Azure resources are continuously assessed and protected according to the security guidelines provided by Microsoft, mitigating the risk of vulnerabilities in your environment.
Default Value:
By default, many Microsoft Cloud Security Benchmark policies are enabled, but they can be manually disabled. This setting should be reviewed and managed carefully to ensure the security of the cloud environment.
Pre-requisites:
Azure Subscription: Ensure you have access to an Azure subscription that is protected by the Microsoft Cloud Security Benchmark policies.
Permissions: Ensure you have Owner or Contributor role permissions in the Azure subscription or resource group to view and modify policy settings.
Remediation:
Manual Steps to Ensure Microsoft Cloud Security Benchmark Policies Are Not Set to 'Disabled':
Sign in to the Azure portal using an account with appropriate permissions.
Navigate to Microsoft Defender for Cloud:
In the Azure portal, search for Microsoft Defender for Cloud and open it.
Go to Security Policy:
In the Microsoft Defender for Cloud dashboard, click on Security policy under the Management section.
Review Microsoft Cloud Security Benchmark Policies:
Under Security policy settings, find the Microsoft Cloud Security Benchmark policies.
Check that none of the policies are set to 'Disabled'. Ensure that all relevant policies are enabled to provide comprehensive security for your environment.
Enable Policies If Disabled:
If any policies are set to 'Disabled', manually enable them by selecting the policy and changing its status to 'Enabled'.
Save Settings:
After ensuring that all Microsoft Cloud Security Benchmark policies are enabled, save the settings to enforce them.
Verification:
Verify that the policies are enabled by reviewing the Microsoft Cloud Security Benchmark dashboard and checking the status of each policy. Ensure that none are listed as 'Disabled'.
Backout Plan:
To disable Microsoft Cloud Security Benchmark policies (not recommended for security reasons):
Sign in to the Azure portal with appropriate permissions.
Navigate to Microsoft Defender for Cloud:
Go to Microsoft Defender for Cloud in the Azure portal.
Go to Security Policy:
In the Microsoft Defender for Cloud dashboard, click on Security policy under the Management section.
Disable Policies:
In the Microsoft Cloud Security Benchmark section, select the policies you want to disable.
Change the status of the policy from 'Enabled' to 'Disabled'.
Save Settings:
Save the changes to disable the policies.