Ensure that the automatic provisioning extensions are enabled within the Microsoft Defender for Cloud settings to collect security data and events from your Azure virtual machines (VMs) and containers. By enabling Auto provisioning, you can ensure that the agents needed for processes such as vulnerability assessments, log analytics and container monitoring are automatically installed on your infrastructure.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When automatic provisioning is enabled, agents will be installed as part of infrastructure deployment. For example, if the Log Analytics extension is enabled, the Log Analytics agent will be installed on all the existing supported virtual machines (VMs), plus on any new ones created later. Once the agent is installed, Microsoft Defender for Cloud reads various security-related configurations and event logs from your virtual machines and sends the data collected (including crash dump files) to your workspace for analysis. The data sent for analysis is required to provide visibility into missing updates, misconfigured operating system (OS) security settings, endpoint protection settings, and health and threat detections. It is highly recommended to enable all extensions within your subscription, in particular the Vulnerability Assessment reports for Virtual Machines and the Microsoft Defender for Container components.
Audit
To determine if each of the the automatic provisioning extensions are enabled within the Microsoft Defender for Cloud settings for your subscription, perform the following actions:
Remediation / Resolution
To enable the automatic provisioning extensions for Microsoft Defender for Cloud, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- How does Defender for Cloud collect data?
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
- az security auto-provisioning-setting
- az security auto-provisioning-setting update