01 Define the configuration parameters for the account get-access-token command, where the serverVulnerabilityAssessmentEffect parameter is enabled to turn on the feature. Save the configuration document to a JSON file named enable-tde-monitoring.json and replace the highlighted details, i.e. <azure-subscription-id>
and <policy-definition-id>
, with your own Azure account subscription details:
{
"properties":{
"displayName":"ASC Default (subscription: <azure-subscription-id>
)",
"policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/<policy-definition-id>
",
"scope":"/subscriptions/<azure-subscription-id>
",
"parameters":{
"serverVulnerabilityAssessmentEffect":{
"value":"AuditIfNotExists"
}
}
},
"id":"/subscriptions/<azure-subscription-id>
/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn",
"type":"Microsoft.Authorization/policyAssignments",
"name":"SecurityCenterBuiltIn",
"location":"eastus"
}
02 Run account get-access-token command (Windows/macOS/Linux) using the configuration document defined at the previous step (i.e. enable-server-vulnerability-assessment.json file), to enable the detection of Azure virtual machine vulnerabilities by using the Microsoft Defender for Cloud vulnerability assessment feature:
az account get-access-token
--query "{subscription:subscription,accessToken:accessToken}"
--out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn?api-version=2018-05-01 -d@"enable-server-vulnerability-assessment.json"'
03 The command output should return information about the modified configuration parameter:
{
"sku": {
"name": "A0",
"tier": "Free"
},
"properties": {
"displayName": "ASC Default (subscription: abcdabcd-1234-1234-1234-abcdabcdabcd)",
"policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/1234abcd-1234-1234-1234-abcd1234abcd",
"scope": "/subscriptions/abcdabcd-1234-1234-1234-abcdabcdabcd",
"parameters": {
"serverVulnerabilityAssessmentEffect": {
"value": "AuditIfNotExists"
}
},
"metadata": {
"createdBy": "abcdabcd-1234-1234-1234-abcdabcdabcd",
"createdOn": "2019-05-17T15:38:40.3473931Z",
"updatedBy": "1234abcd-1234-1234-1234-abcd1234abcd",
"updatedOn": "2022-02-01T21:22:40.7422203Z"
}
},
"id": "/subscriptions/abcdabcd-1234-1234-1234-abcdabcdabcd/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn",
"type": "Microsoft.Authorization/policyAssignments",
"name": "SecurityCenterBuiltIn",
"location": "eastus"
}
04 Repeat steps no. 1 – 3 for each Microsoft Azure subscription available in your Azure cloud account.