Unable to resolve - A vulnerability assessment solution should be enabled on your virtual machines
We currently have a mix of approximately 45 Windows / Linux Servers and AVD machines which are not successfully being marked as compliant with the Defender recommendation "A vulnerability assessment solution should be enabled on your virtual machines". On the subscription level we have Defender for Servers Plan 2 enabled and Agentless Scanning CSPM enabled. Within a subscription some of the of these VMs are compliant and others are not. Their compliance state doesn't appear to have any relevance to if the Qualys or MDE extensions are installed. We have servers that are healthy that have Qualys, MDE, or none installed and are healthy. Our VMs are not using the full feature set of Defender Plan 2 as we use CrowdStrike so the Defender for Endpoint functionality of the Defender for Servers Plan 2 has been disabled, but to my knowledge this shouldn't impact Vulnerability assessments. In Security Portal it does seem that generally all the VMs that healthy for this recommendation are visible in the devices section. Whereas these 45 that are not, are either not searchable or have sensor health state "inactive". We have an Azure Policy generated to onboard devices to Vulnerability assessment using MDE.Tvm and it seems to be generally working but not for these 45 devices. The Microsoft Documentation is really unclear, what do we need to make these systems compliant?Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?What about PAAS Services
There are many PaaS services in Azure that don't seem to be covered by Defender for Cloud. AI & ML, media, mobile, mixed reality and web are big categories with lots of services that don't seem to be considered by the Security Posture score. Am I missing something? How can we ensure that all of those services are properly secured?
Centralize remediation for defender reccomendations
Hi, I have a question. Can I apply the remediation of Microsoft defender reccomendation one time for all subscription that I have? For example I want to resolve MFA reccomendation for all subscription (15) but apply the remediation one time. (I‘’m referring to all the reccomendation that not provide quick fix button). DeployIfNotExist can help me? Or blueprint? Thanks
Vulnerabilities in security configuration on your Windows machines should be remediated
Is there any way to exempt just one of the items under this recommendation? I want to exempt "Replace a process level token". It keeps coming back as not remediated because I have the AppPool in the rule which it says is acceptable. I want this to be green in my secure score. Thanks
New Blog Post | Azure Security Center
Azure Defender and Security Center – Ignite 2021 Announcements - Microsoft Tech Community Author: Gilad Elyashar We are happy to announce new protections for Windows Server 2019, Windows 10 Virtual Desktop and networking as well as improved experiences for alerts and reporting. Security Control: Enable encryption at rest - Microsoft Tech Community Author: Safeena Begum Lepakshi This Security Control contains up to 3 recommendations, depending on the resources you have deployed in your environment, and it is worth maximum whopping points of 4 (6%) that counts towards your overall Secure Score. These recommendations are meant to keep your resources safe and improve your security hygiene where continuous teamwork must be placed.Azure Security Center Webinar: Secure Score
Want to learn about Secure Score in Azure Security Center? Join our webinar. Details and registration at https://aka.ms/ASCSSWebinar. Azure Secure Score is a simple but elegant tool that will help you improve your infrastructure security by identifying and ranking the highest impact configuration changes you can make. We have recently introduced tools such as "virtual analyst" which enable you to increase your Secure Score in an automated fashion. More details can be found at https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score. We are hosting two identical sessions at the following times: Tuesday, September 10, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT, and Wednesday, September 11, 2019 at 09:00 GMT / 11:00 CEST / 17:00 HKT Afterward, recordings will be posted to https://aka.ms/ASCRecordings. We hope you’ll join us!
