Ensure that the latest OS patches (critical security and system updates) are being applied to all Microsoft Azure virtual machines (Windows and Linux) in order to improve the operating system (OS) general stability, address a specific bug or flaw, or fix a security vulnerability.
Microsoft Defender for Cloud retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on the service configured on your virtual machines (VMs). The Defender for Cloud service also checks for the latest updates within Linux systems. If one of your virtual machines is missing a system update, Microsoft Defender for Cloud will recommend updating the VM's operating system. Trend Cloud One™ – Conformity strongly recommends applying the latest system updates/OS patches as soon as these become available, in order to improve your VM's security, functionality, and performance.
To apply latest OS patches using Microsoft Defender for Cloud, Defender for Servers Plan 2 must be enabled.
Audit
To ensure that your Azure virtual machines (VMs) are up-to-date with the latest OS patches, perform the following operations:
Checking the latest system updates on Azure virtual machines (VMs) via Azure Command Line Interface (CLI) is not currently supported.Remediation / Resolution
To apply the latest OS patches (critical security and system updates) to your Azure virtual machines (VMs) following Microsoft Defender for Cloud recommendations, perform the following operations:
Applying the latest OS patches to your Azure virtual machines using the Azure Command Line Interface (CLI) is not currently supported.