Ensure that automatic provisioning of the monitoring agent is enabled in your Microsoft Azure account to collect security data and events from your cloud compute resources in order to help you prevent, detect, and respond efficiently to security vulnerabilities and threats.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When the automatic provisioning of the monitoring agent is turned on, the Azure Security Center installs the Microsoft Monitoring Agent (MMA) on all the existing supported Azure virtual machines (VMs), plus on any new ones created later. Once the MMA is installed, Azure Security Center reads various security-related configurations and event logs from your virtual machines and sends the data collected (including crash dump files) to your workspace for analysis. The data sent for analysis is required to provide visibility into missing updates, misconfigured operating system (OS) security settings, endpoint protection settings, and health and threat detections.
Audit
To determine if the automatic provisioning of the monitoring agent is enabled in your Azure account, perform the following actions:
Remediation / Resolution
Once active, the "Automatic provisioning of monitoring agent" feature enables the automatic installation of the Microsoft Monitoring Agent (MMA) on all the virtual machines within your Azure subscription. If enabled, any new or existing virtual machines without an installed Microsoft Monitoring agent extension, will have it provisioned. To enable the feature, perform the following actions:
References
- Azure Official Documentation
- Data collection in Azure Security Center
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Automatic Provisioning of the Monitoring Agent
Risk level: Medium