Forum Discussion

Chandrasekhar_Arya's avatar
Chandrasekhar_Arya
Steel Contributor
Nov 12, 2021

Disable few policies that are applied by default

As we know Azure Security benchmark gets applied by default by Azure defender/Security center and as an organization I am fine with it but at the same time I want to disable few policies that are part of Azure Security benchmark from the list of 205 policies that gets applied by default can any one please guide me how to do it ?

  • It is possible. Here is the recommended practice:
    go to MDfC portal -> Environment settings -> select your subscription -> Security policy.
    Select the default initiative assignment, it will open the policy initiative assignment page.
    Select the Parameters tab, uncheck "Only show parameters that need input or review". After a moment all policies of the initiative get listed. Most are marked as AuditIfNotExists or simply Audit.
    Find the one you wish to change and Disable it. When done save and exit.
    Wait 12h for all recommendations to refresh and those you have disabled should be disappear.
  • giladkeidar's avatar
    giladkeidar
    Brass Contributor
    ASC benchmark is actually many azure policies under one "Initiative Definition" named "Azure Security Benchmark" and one assignment on the subscription level.
    I think it isn't possible to edit the existing one but you might be able to duplicate it, remove the policies you want and assign it instead of the build in one (if you have many subs, you can assign in to the root management group level).

    To do it search for "policy" in azure portal, go to "definitions", filter "security center" and duplicate "Azure Security Benchmark"

    Thanks

    Gilad.
    • Eli's avatar
      Eli
      Icon for Microsoft rankMicrosoft

      Hi Gilad,
      Duplicating the ASB initiative and customize it may work, but it is little overkill. Defender for Cloud allow you to disable specific policies as I describe in previous reply.

       

Resources