Ensure that monitoring for operating system (OS) vulnerabilities is enabled within the Microsoft Defender for Cloud security policy in order to determine if your Azure virtual machines are vulnerable to attacks. Microsoft Defender for Cloud analyzes daily the operating system of your virtual machines for configurations that could make these VMs more vulnerable to cyberattacks. Microsoft Defender for Cloud also recommends specific configuration changes that you can apply in order to address any OS vulnerability found.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When the monitoring feature is enabled, Microsoft Defender for Cloud analyzes operating system (OS) configurations on a daily basis to identify security issues that could make your organization's systems vulnerable to attacks.
Audit
To determine if the OS vulnerabilities monitoring is enabled within the Microsoft Defender for Cloud security policy, perform the following operations:
Remediation / Resolution
To enable OS vulnerabilities monitoring and recommendations for your Microsoft Azure virtual machines (VMs), perform the following operations:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Azure Policy built-in policy definitions
- Manage security policies
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token