Ensure that a vulnerability assessment solution is automatically provisioned for your Azure virtual machines (VM) servers using Microsoft Defender for Cloud. The automatic provisioning of vulnerability assessment can be enabled on both Azure VMs and hybrid (multicloud and on-premises) virtual machines.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Microsoft Defender for Cloud uses vulnerability assessment services to continuously monitor Azure virtual machine (VM) servers for OS security misconfigurations, applications, and environment settings, to identify potential security vulnerabilities and recommends remediation strategies to mitigate them. By default, Defender for Cloud collects data from virtual machines (Azure VMs and hybrid machines) using agents and extensions. To avoid the process of manually installing and configuring this type of software, you can enable automatic provisioning of vulnerability assessment for virtual machines so that Microsoft Defender for Cloud can reduce the management overhead by automatically installing all the required agents and extensions on existing and new VMs.
Note: To use the automatic provisioning feature, Microsoft Defender for Cloud must be enabled for your virtual machine (VM) servers at the account/subscription level.
Audit
To determine if the automatic provisioning of vulnerability assessment solutions is enabled for your virtual machines, perform the following actions:
Note: Getting the vulnerability assessment auto provisioning configuration in Microsoft Defender for Cloud using Azure CLI/PowerShell is not currently supported.Remediation / Resolution
To enable the automatic provisioning of vulnerability assessment solutions for your virtual machine servers (Azure VMs and hybrid machines), perform the following actions:
Note: Enabling vulnerability assessment auto provisioning for virtual machines using Azure CLI/PowerShell is not currently supported.