Ensure that the Azure Defender security feature is enabled for the virtual machine (VM) servers provisioned in your Azure cloud account. The threat detection and protection capabilities provided by Azure Defender for virtual machine servers include vulnerability assessment scanning, file integrity monitoring (also known as change monitoring), Just-in-time (JIT) virtual machine access monitoring, adaptive network hardening (ANH), fileless attack detection, and Docker host hardening.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By default, the security feature is not enabled for your virtual machine servers. Enabling Azure Defender for Microsoft Azure virtual machines (VMs) allows for better defense-in-depth with threat detection capabilities provided by the Microsoft Security Response Center (MSRC).
Audit
To determine if the Azure Defender feature is enabled for your virtual machine (VM) servers, perform the following actions:
Remediation / Resolution
To enable Azure Defender for your Microsoft Azure virtual machine (VM) servers, perform the following actions:
Note: Turning on Azure Defender in Azure Security Center (ASC) incurs an additional cost per resource.References
- Azure Official Documentation
- Security alerts and incidents in Azure Security Center
- Pricings - List
- Pricings - Update
- Get-AzSecurityPricing
- ES-1: Use Endpoint Detection and Response (EDR)
- Introduction to Azure Defender for servers
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Azure Defender for Virtual Machine Servers
Risk level: High