SOLVED

Issues with Azure Policy/Security Center

%3CLINGO-SUB%20id%3D%22lingo-sub-2053276%22%20slang%3D%22en-US%22%3EIssues%20with%20Azure%20Policy%2FSecurity%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2053276%22%20slang%3D%22en-US%22%3E%3CP%3EWondering%20if%20anyone%20might%20be%20able%20to%20help%20me%20get%20this%20straightened%20out.%20I've%20used%20Azure%20Policy%20and%20Security%20Center%20without%20issue%20for%20a%20few%20years%20now%2C%20but%20only%20recently%20has%20this%20problem%20began%20to%20occur.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20Policy%20is%20not%20identifying%20that%20I%20have%20the%20Qualys%20Vulnerability%20Assessment%20Solution%20installed%20on%20my%20Virtual%20Machines.%20It%20has%20also%20failed%20to%20identify%20that%20I%20have%20my%20storage%20accounts%20restricted%20using%20virtual%20network%20rules.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20double-%20and%20triple-checked%20the%20Scope%20(I%20only%20have%20one%20subscription%20that%20I'm%20managing)%20and%20can%20see%20the%20Qualys%20agent%20is%20installed%20on%20all%20of%20the%20machines%2C%20but%20Azure%20Policy%20is%20failing%20to%20detect%20Qualys%20for%20whatever%20reason.%20It%20also%20fails%20to%20detect%20that%20my%20storage%20accounts%20are%20restricted%20using%20virtual%20network%20rules%20(both%20of%20these%20were%20previously%20showing%20in%20Security%20Center%20as%20compliant%20and%20have%20only%20recently%20failed%20to%20identify).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20I%20have%20a%20couple%20of%20vulnerabilities%20that%20have%20been%20addressed%20by%20other%20means%20that%20I%20have%20tried%20disabling%20via%20the%20Disable%20rule%20(preview)%20that%20fail%20to%20disappear%20after%20disabling.%20It%20is%20quite%20frustrating.%20I%20know%20that%20things%20in%20preview%20can%20fail%20to%20work%20correctly%20(hence%20the%20preview)%2C%20but%20it%20was%20working%20before.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20plan%20on%20filing%20a%20ticket%20with%20Azure%20Support%20today.%20Has%20anyone%20else%20noticed%20problems%20like%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2057376%22%20slang%3D%22en-US%22%3ERe%3A%20Issues%20with%20Azure%20Policy%2FSecurity%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2057376%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Mark%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20your%20situation%20the%20best%20course%20of%20action%20would%20be%20to%20open%20a%20support%20ticket%20and%20work%20with%20a%20support%20person%20on%20troubleshooting%20your%20issues.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

Wondering if anyone might be able to help me get this straightened out. I've used Azure Policy and Security Center without issue for a few years now, but only recently has this problem began to occur.

 

It seems Policy is not identifying that I have the Qualys Vulnerability Assessment Solution installed on my Virtual Machines. It has also failed to identify that I have my storage accounts restricted using virtual network rules.

 

I've double- and triple-checked the Scope (I only have one subscription that I'm managing) and can see the Qualys agent is installed on all of the machines, but Azure Policy is failing to detect Qualys for whatever reason. It also fails to detect that my storage accounts are restricted using virtual network rules (both of these were previously showing in Security Center as compliant and have only recently failed to identify).

 

Also, I have a couple of vulnerabilities that have been addressed by other means that I have tried disabling via the Disable rule (preview) that fail to disappear after disabling. It is quite frustrating. I know that things in preview can fail to work correctly (hence the preview), but it was working before. 

 

I plan on filing a ticket with Azure Support today. Has anyone else noticed problems like this?

1 Reply
best response confirmed by TechNashville (Regular Visitor)
Solution

Hi Mark,

 

In your situation the best course of action would be to open a support ticket and work with a support person on troubleshooting your issues.

 

Thank you.