Ensure that none of the supported parameters (recommendations) provided by Microsoft Defender for Cloud default policy are disabled in order to meet security and compliance requirements.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A security policy defines the desired configuration of your workloads and helps ensure compliance with the organization or regulatory security requirements. Microsoft Defender for Cloud default policy is associated with every Azure subscription by default. The default policy assignment represents a set of security recommendations based on the industry best practices. Having an active default policy (i.e. with all the parameters enabled) ensures that Microsoft Defender for Cloud monitors all of the supported recommendations and allows automated action (optionally, for few of the recommendations). An example of the default policy parameter that can help to maintain the security of your Azure cloud infrastructure is Distributed Denial-of-Service (DDoS) protection monitoring (i.e. vnetEnableDDoSProtectionMonitoringEffect parameter). With DDoS protection monitoring enabled, Microsoft Defender for Cloud can determine if the monitoring of DDoS protection is enabled for your Azure public virtual networks and make the proper recommendations to protect against DDoS attacks.
Audit
To determine if there are any of disabled Microsoft Defender for Cloud default policy parameters within your Azure subscription, perform the following actions:
Remediation / Resolution
To enable all the parameters (recommendations) supported by the Microsoft Defender for Cloud default policy, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Azure Policy built-in policy definitions
- Manage security policies
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token