Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected a policy assignment creation event within your Microsoft Azure cloud account.
Microsoft Azure allows you to create and assign policies that enforce requirements for Azure cloud services. An assignment is a policy definition that has been assigned to take place within a specific scope such as an Azure subscription or a resource group. A policy definition defines under what condition a policy is enforced and what effect to take. The policy definition validates that all the resources within the specified scope are compliant and identifies which ones are not compliant. Policy definitions for common use cases, i.e. implementing governance for resource consistency, regulatory compliance, security, cost, and management, are already provided as built-in policies by Azure Policy – a service that can help you to enforce organizational standards and to assess compliance at-scale in Azure cloud. For example, a policy assignment can be created to enforce a condition for Azure resources that you create in the future, to assign an initiative definition to track compliance for multiple resources or to implement a new policy across an organization.
This rule resolution is part of the Conformity Real-Time Threat Monitoring.
Security The communication channels that are necessary for sending RTMA notifications upon detecting Azure "Create Policy Assignment" events can be configured within your Trend Micro Cloud One™ – Conformity account. The list of supported communication channels that you can use to receive notification alerts are SMS, Email, Slack, PagerDuty, ServiceNow, and Zendesk.
Rationale
Monitoring Microsoft Azure policy assignments is necessary for keeping your Azure cloud secure. As your organization grows and more people get involved in the operational aspect of the Azure cloud administration, the tendency is to create more and more restrictions, often using unfit policy assignments, and this poses a serious operational and security risk.
When an employee within your organization creates a policy assignment in your Azure cloud account, a "Create Policy Assignment" event is triggered and the event is recorded in the Azure Activity log. Even though the employee is assigning a policy to validate that his/her new Azure cloud resources are compliant, as an administrator you should be aware of any changes performed within your cloud environment.
Monitoring your Microsoft Azure cloud account for "Create Policy Assignment" events can help reduce the time it takes to detect unsolicited changes. Because each policy assignment creation event is being detected by the Real-Time Threat Monitoring and Analysis (RTMA) feature, you have the chance to prevent any potential security and operational issues that could be introduced by new policy assignments within your Azure cloud account.
References
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Policy Assignment Created
Risk Level: High