Ensure that system updates monitoring is enabled within your Azure cloud account in order to be notified about the security and critical updates released from Microsoft Windows Update or Microsoft Windows Server Update service.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When this setting is enabled, it retrieves a daily list of available security and critical updates from Microsoft Windows Update/Microsoft Windows Server Update. The security updates on this list depend on the service configured for that specific Azure virtual machine (VM) and recommends via notifications that the missing updates be applied as soon as possible. This is to ensure that the virtual machine's operating system is running the most recent security updates provided by the software vendor. For Unix/Linux systems, the feature uses the distro-provided package management system to determine packages that have available updates.
Audit
To determine if "Monitor System Updates" feature is enabled, perform the following actions:
Remediation / Resolution
To enable system updates recommendations for your Microsoft Azure virtual machines (VMs), perform the following actions:
References
- Azure Official Documentation
- Working with security policies
- Apply system updates in Azure Security Center
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable System Updates Monitoring
Risk level: Medium