User Profile
Tom_Janetscheck
MicrosoftJoined 5 years ago
User Widgets
Recent Discussions
Re: Exporting list of all vulnerabilities per machine
Hi guiqueiroz in Azure Security Center, with the Qualys VA integration you get when enabling Azure Defender for Servers, you can export VA findings as nested recommendations using our Continuous Export capability. However, you are mentioning Microsoft Defender for Endpoints (formerly known as MDATP) which is a different product with a different scope. For Microsoft Defender for Endpoints related questions, please refer to this forum. Best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: Missing "Disk encryption should be applied on virtual machines" recommendations
Hi davemills, the recommendation you're mentioning has not been removed from ASC, as you can see in a current screenshot below. If you do not see it in your environment, someone might have disabled the corresponding policy in Azure Security Center. Best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: How do I get 50 Azure Defender to protect windows servers on premise?
HPUbooker I think we need to clarify the wording: Azure Defender is the Cloud Workload Protection Platform (CWPP) built into Azure Security Center, whereas you seem to be referring to our antimalware solution (SCEP/Microsoft Antimalware/Microsoft Defender Antivirus). Antimalware for Azure VMs is part of Azure Security Center without additional cost. For on-prem servers, you will need to onboard them to Azure Defender. Best, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: How do I get 50 Azure Defender to protect windows servers on premise?
HPUbooker Hi Eulogio, Azure Defender for Servers is paid on a per node/per hour basis (currently $0.02 or €0.017 per server and per hour). There is no flat fee for onprem servers, and charges apply when a server is running, only. More details can be found in the pricing calculator. Features that are covered with Azure Defender on Windows servers are listed here. Best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: ASC Security Policies & Compliance Wording
Erik_Snijder Hello Erik, thanks for asking. I'm glad you like this thread and the Secure Score feature. Regarding your questions: That's correct. As mentioned above, Regulatory Compliance standards are another view on existing (and additional) recommendations. The default set of recommendations and the compliance standards technically consist of Azure Policy Initiatives, that share a common set of policies. If you already see a recommendation that is also part of the Compliance Standard you activate additionally, the same policy is used and, therefore, no second recommendation is added. Yes, the Regulatory Compliance Standards API contains the number of passed, failed, and not applicable controls: I have published an automation artifact in our GitHub community, which will send a weekly compliance report per subscription by email. The email will contain the information gathered from the above mentioned API. Maybe you can use parts of this Playbook for your scenario? As long as you are using the builtin Policy Initiatives, they are automatically maintained. Have a great weekend and best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: Deploying partner vulnerability scanners to virtual machines
Hello Sahitya95 we're currently working on providing a script that will enable you to attach the BYOL VA solution to existing VMs. Once it's finished, it will be published in our Azure Security Center GitHub. As a short cut, the REST API call to attach the VA solution to existing VMs is PUT https://management.azure.com/subscriptions/{SubscriptionId}/resourceGroups/{RG}/providers/Microsoft.Security/locations/{subscriptionLocation}/securitySolutions/{SolutionName}/protectedResources?{apiVersion } Best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: Verify that Endpoint Protection on VM's are reporting.
Hi PatrikHansson , Azure Security Center will scan your VMs for an existing Endpoint Protection Solution and will also inform you in case there are health issues with the solution. We have explained the respective Security Control with all recommendations in one of our latest articles. The link you've mentioned refers to the Microsoft Defender Security Center. If you have enabled ASC/MDATP integration, all VMs that are monitored in ASC are automatically onboarded to MDATP (only for supported operating systems as defined in our documentation). Best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security CenterRe: ASC Security Policies & Compliance Wording
Hey GlavniArhivator, sorry for confusing you - let me try to explain it differently: The regulatory compliance part of ASC is another view to security risks. If you, for example, take a look at the CIS 1.1.0 control 7.1 Ensure that OS disks are encrypted, and you then go to the underlying recommendation "Disk encryption should be applied on virtual machines"; once you remediate this recommendation, you will gain credit towards your Secure Score if, besides this recommendation, you have made sure that all other recommendations in the same Security Control (Enable encryption at rest) have also been remediated. So, in order to increase your Secure Score, it's not enough to remediate the recommendation only, but from the perspective of the respective compliance standard, it is. If you then, for example, take a look at the SOC TSP set of controls, you will find CCE-numbers underneath C1.2. These refer to vulnerabilities that have been found on machines within the scope of the policy. There is no single recommendation or Security Control for these in the Resource Security Hygiene part of ASC, but you will find them underneath the Vulnerabilities in security configuration on your machines should be remediated recommendation, which is part of the Remediate security configurations security control. We have customers that need their resources to comply to different regulatory compliance standards. With the Regulatory Compliance dashboard, it is easy for them to find all settings that need to be configured so their resources will be compliant. We are mapping security recommendations to the topics that need to be taken care of when applying the compliance standard to an environment. So, with the compliance dashboard, it is easier to plan for which recommendations to focus on first in order to get the environment compliant, and then focus on remediating all the other recommendations and security controls. Once you remediate the recommendations from the Regulatory Compliance dashboard, they will also be remediated and count towards your Secure Score (but again: for receiving credits towards your Secure Score, all recommendations within a Security Control need to be remediated for a particular resource). So, to make sure your environment is as secure as possible, you should try to get the Secure Score to 100%. If you achieve this, your compliance assessments will also reflect this achievement. If you focus on increasing your Secure Score, the recommendations that pop up in the different regulatory compliance assessments will automatically show less non-compliant resources. At the end, Secure Score is the main KPI for how secure an environment is. The compliance dashboard gives you another view on your environment. Best regards, TomAzure Security Center GitHub Community
Dear Azure Security enthusiasts, we are currently working on improvements to our Azure Security Center GitHub Community. As Valon_Kolica pointed out in his post, we are looking for your feedback about how we're doing and what we can improve until 8/17/2020. In the meantime, we have already adjusted a few things to make our community more inclusive and engaging: As a first step, we have created a GitHub Wiki, which will help you to learn how to contribute, how to propose automation artifacts, how to connect, and where to find even more information. As of now, we will start to publish backlog items as GitHub issues, so you, the community, will always see, what is proposed and who is working on which automation artifact. Furthermore, if you want to contribute, you can pick items from the issue list, build an automation artifact around the feature, and submit it as a GitHub Pull Request, so we can merge your automation to our repository. You may, and are encouraged to, propose new automation artifacts or changes to existing ones using our Feature Request Template. If you find bugs in one of the artifacts, you can submit a new GitHub Issue using our Bug Report Template. Once you submit a new artifact, you will get public credit as the author by mentioning you at the beginning of the readme file. Now, it's your turn: respond to our survey, propose and submit your best automation artifacts, and let the community learn from your experience. Because #CommunityRocks and #SecurityRocks! Best regards, Tom Janetscheck Senior Program Manager CxE | Azure Security Center
Recent Blog Articles
Re: Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation
Vytas_Boyev, today, Log Analytics agent, or Azure Monitor agent are required to get coverage of some features in Defender for Servers Plan 2. This dependency will be resolved going forward, so as of ...
