Homepage
About Snyk

Security Center default policy setting 'Monitor Endpoint Protection' is not enabled Affecting Security Center service in Azure

0.0
medium
0
10
    Severity Framework Snyk CCSS
    Rule category Monitoring / Endpoint

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Azure CSA-CCM HIPAA ISO-27001 PCI-DSS SOC-2
  • Snyk ID SNYK-CC-00666
  • credit Snyk Research Team
Report a new misconfiguration Found a mistake?

Description

When this setting is enabled, it recommends endpoint protection be provisioned for all Windows virtual machines to help identify and remove viruses, spyware, and other malicious software.

How to fix?

Set policyDefinitionId to /providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8, and set enforcementMode to Default or remove the attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Authorization/policyAssignments",
            "apiVersion": "2019-09-01",
            "name": "endpoint_666_allow",
            "properties": {
                "displayName": "Endpoint protection should be installed on your machines",
                "description": "To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution.",
                "enforcementMode": "Default",
                "scope": "/subscriptions/5f479449-6df7-4c39-af0f-d8837aa02eec/resourcegroups/snyk_3",
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8"
            }
        }
    ]
}