Blog Post

Microsoft Mechanics Blog
8 MIN READ

Fixes & Reporting | Multicloud Vulnerability Detection with Microsoft Purview

Zachary-Cavanell's avatar
Zachary-Cavanell
Bronze Contributor
Jun 14, 2023

Automate multicloud regulatory assessments with Microsoft Purview to keep data sitting in multiple clouds from becoming a liability. Compliance Manager in Microsoft Purview provides a single view of your compliance status across your multicloud data estate, whether IaaS including virtual machines, PaaS with cloud storage accounts, or various SaaS apps in use by your organization. The solution deep links directly to where settings are configured, so you can pinpoint what needs to be fixed.

 

 

Daniel Hidalgo, Product Manager for Microsoft Purview, shares how to automate daily monitoring of your multicloud environment and remediate risks. 

 

Assess compliance progress across your entire multicloud estate.

Take action to stay compliant with non-Microsoft services such as AWS, Google Cloud, and other SaaS applications. Check out Microsoft Purview Compliance Manager portal.

 

How “audit ready” are you?

View a summary of incomplete controls and remediate them. Get an inside look at a PCI-DSS assessment in Microsoft Purview Compliance Manager to prevent credit card transaction fraud. See it here.

 

Fix a failed status in order to pass assessments. 

Compliance Manager deep links you directly to where settings are configured. Try it out in Microsoft Purview.

 

Watch our video here.

 


QUICK LINKS: 

00:00 — Introduction 

00:39 — Microsoft Purview Compliance Manager portal 

01:45 — Demo- deep dive into PCI DSS details 

03:55 — Steps to set it up 

05:46 — Enable Salesforce 

06:38 — Deep link to configuration screen 

08:14 — Wrap up

 

Link References: 

Try it out today at https://purview.microsoft.com 

Check out https://aka.ms/ComplianceManagerdocs

 

Unfamiliar with Microsoft Mechanics? 

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. 

 

Keep getting this insider knowledge, join us on social: 


Video Transcript:

-Do you have data sitting in multiple clouds that you need to keep from becoming a liability? One of the major benefits of Compliance Manager in Microsoft Purview is that it provides a single view of your compliance status across your multicloud data estate, whether that’s IaaS including virtual machines, PaaS with cloud storage accounts, or the various SaaS apps in use by your organization. And not only can you see what you need to fix, but the solution takes you directly to the settings to make those fixes. It’s a single unified solution to automate the management of your compliance risk. 

 

-Here, we’re in the Microsoft Purview Compliance Manager portal. The standard Data Protection Baseline provides an assessment of how well you’re doing across the most common compliance controls required by most regulations, and this appears next to any specific regulatory assessments you’ve chosen to do. In this case, payment card industry standard, PCI DSS, and GDPR, where again, I see my all up status. And for each, you can see at a glance the number of controls required to satisfy a regulation, along with any pending software-based or manual actions that you need to take. Think of actions as compliance activities with recommended implementation instructions to help towards the completion of a control. I’ll show you that experience in a second. And of course, your progress is assessed across your entire multicloud estate, incorporating non-Microsoft services, such as AWS, Google Cloud, or even other SaaS services like Salesforce.

 

-In a single view, you can see what it takes to get compliant and stay compliant, and you can revisit it as regulations in your environment change. Importantly, I can dive deeper into the details. In this case, I’ll choose the PCI DSS assessment for helping my organization prevent credit card fraud, and you can immediately see an assessment of how audit-ready your organization is if you were to be audited today. In aggregate, only 65% of controls are completed, and I can see the percentage of completion for each of my cloud services and SaaS applications. As I scroll down, the good news is that 78% of those actions are not manual. They are automated, which means that Microsoft Purview will scan your environment daily and tell you what’s changed, and alert you to the specific controls that you need to remediate. Will even deep link you directly to the configuration screen. More on that in a second. 

 

-Back at the top, you’ll see a summary of the top incomplete controls, which helps you focus your efforts on where you can make the most progress. Let’s click into the first one for implementing audit trails, which makes sure that we have visibility into user-specific activity that may impact compliance. For example, someone could inadvertently share customer credit card data, so this will let us track those incidents. The list of actions provides a checklist of things you need to do to meet the requirements for each control assessed at the individual service level. Here, you have a view of which have passed and which have failed. 

 

-I’ll dig into the first one for Google, regarding a firewall rule for logging. On this screen, you get an overview of why this is important to implement. This setting will allow you to monitor firewall rule changes that could be an early warning of a potential breach. Compliance Manager also provides details for implementing each requirement. Next, we can click into the failed GCP instance to see the status of each firewall rule. We’ll address those in a second, but for now, I’m going to go back to the audit trail control and look at the recommendations for a SaaS app, in this case, Salesforce, where it looks like we need to reduce admin-level privilege across accounts. And again, you’re presented more details on why this is important, as well as the recommended remediation. 

 

-So, what does it take to achieve this level of multicloud visibility and remediation? It’s a lot easier than you may think. Let me rewind and show you how we got there. If you’re just getting started, first, you need to have Microsoft 365 admin rights to access Compliance Manager in Microsoft Purview. For the interest of time, we’ve already started with PCI DSS and configured our first regulatory compliance assessment. If you’re doing this for the first time, this top actions getting started wizard will guide you through the steps. The initial scan only covers Microsoft 365 controls to begin with, and to activate multicloud compliance, you’ll need to onboard additional cloud services. I’ll start by selecting the cloud services I want. In my case, Azure, Google Cloud Platform, and Salesforce. You can see other services are available, but I’ll just add these three for now. Based on the options I choose, Compliance Manager guides me through the steps to connect each service. 

 

-I’ll show you how this works for GCP and Salesforce. For GCP, as an IaaS and storage provider, you’ll see that we’ll be configuring a connector between GCP and Azure using the Defender for Cloud service. I’ll go there, and you can see that I already have our GCP account set up in Defender for Cloud, so I just need to configure my Azure subscription settings for Cloud Security Posture Management. This is what Defender and Compliance Manager use to scan and assess configurations in infrastructure clouds. I have the foundational posture management setting enabled, but I need to enable Defender CSPM to ensure the most comprehensive set of data flows into Microsoft Purview Compliance Manager. And that’s it, so that takes care of the Google Cloud setup. Now, you’ll get broad visibility into all compliance-related settings coming from that service. 

 

-Next, I’ll move onto enabling Salesforce. As a SaaS service, Salesforce can be configured directly from Microsoft Purview using the required data connector. I’ll go there, click into My Connectors, then, Add a Connector, and I’ll select Salesforce for my connector. Note that for each app, you’ll need to authenticate directly into those services with the right level of admin permissions. To save time, I’ve completed those steps, and I’ll just hit finish, and everything is connected. Our multicloud setup steps are complete, and within 24 hours, you’ll be able to see results from the first scan of your connected services. In fact, now, if I click into our PCI DSS assessment again, you’ll see that the assessed controls include both Google Cloud and Salesforce in addition to Azure and Microsoft 365. 

 

-So, let’s go back to the audit trails control we saw earlier, and then, drill into our firewall rule logging action and fix up the failed status we saw before. If I click into it, you’ll remember these are the items I need to fix in order to pass the assessment for this action. The nice thing here is that Compliance Manager deep links you directly to where those settings are configured. I’ll head over to GCP and authenticate into the service. I’m landed directly into the VPC firewall rules page via the deep link. I’m going to select all of these rules, then, configure logs, and by default, GCP preselects the on control, so I just need to keep that and save configuration. And from there, the system will take another scan to register these changes, which can take up to 24 hours. 

 

-Once that’s complete, back in my firewall rule logging action, you’ll see it’s passed and everything is green. The tenant will continue to monitor these actions every day. But we will still need to take care of our Salesforce action, so let me head back up a level. And you’ll see that we only have three more failed actions on our list to fix, so I’ll circle back on our over-privileged admin action, and this page shows the most recent test status, along with detailed step-by-step implementation instructions for navigating to and changing the policy setting here. You can do this by using the go to Salesforce button. And I’ll stop there, because it’s a similar process to what I showed earlier when we implemented our GCP action. 

 

-So now, you’ve seen how Compliance Manager in Microsoft Purview gives you detailed visibility into the data sitting across your multicloud estate, and a single unified solution to automate the management of your compliance risk. It is very powerful to not only flag the problem, but to help you fix it. Try it out today at purview.microsoft.com, and to learn more, check out aka.ms/ComplianceManagerDocs. Keep watching Microsoft Mechanics, and thank you for watching.

Updated Jun 13, 2023
Version 1.0
No CommentsBe the first to comment