Forum Discussion

Huaye's avatar
Huaye
Icon for Microsoft rankMicrosoft
Apr 10, 2025
Solved

Can I use Microsoft Defender for Endpoint for CIS benchmark assessment

Hi Team,   I have a customer who wants to do CIS benchmark assessment (CIS Microsoft Windows Server Benchmarks) for On-prem Windows 2022 servers. Can we use Microsoft defender for endpoint to do ...
  • cyb3rmik3's avatar
    cyb3rmik3
    Apr 11, 2025

    Hello Huaye,

    If your servers are already on Azure Arc with MDC P2 enabled go through the Unified Security Operations portal, Endpoints > Vulnerability management > Baseline assessments > Profiles and here click Create.

    Here, you can choose the CIS version required.

    And following you can choose specific configurations and also specific devices groups per tags.

    Let me know if this helped.

    If I have answered your question, please mark your post as Solved

    If you like my response, please consider giving it a like

cyb3rmik3's avatar
cyb3rmik3
MVP
Apr 10, 2025

Hi Huaye ,

CIS benchmark assessment is available through Microsoft Defender Vulnerability Management (MDVM).  You may check the licensing requirements here. Basically, the safest way is to onboard servers on Arc, and enable Microsoft Defender for Cloud P2. But, it can be offered as an add-on with Microsoft Defender for Endpoint P2 licensing.

The functionality you are looking for is Baseline assessments, you can find details here.

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

  • Huaye's avatar
    Huaye
    Icon for Microsoft rankMicrosoft
    Apr 11, 2025

    hi cyb3rmik3  Thank you very much for your response. However, one thing I'm not sure about is: if we onboard the servers to Azure Arc, then enable Microsoft Defender for Cloud P2, in the Defender for Cloud portal security policies, I can't see any CIS standard related to Windows2022 sever. Does this mean the only option is to purchase Defender for Endpoint P2 and then the MDVM add-on license? Thank you.

     

    • cyb3rmik3's avatar
      cyb3rmik3
      MVP
      Apr 11, 2025

      Hello Huaye,

      If your servers are already on Azure Arc with MDC P2 enabled go through the Unified Security Operations portal, Endpoints > Vulnerability management > Baseline assessments > Profiles and here click Create.

      Here, you can choose the CIS version required.

      And following you can choose specific configurations and also specific devices groups per tags.

      Let me know if this helped.

      If I have answered your question, please mark your post as Solved

      If you like my response, please consider giving it a like

      • Huaye's avatar
        Huaye
        Icon for Microsoft rankMicrosoft
        Apr 13, 2025

        Thank you cyb3rmik3 much appreciated your help 🙂

Resources