Share via

how do I use Azure Policy to enable 'Agentless scanning for machines (preview)' setting for Defender for CSPM

Nadia Hansen 0 Reputation points
2023-03-15T20:25:57.67+00:00

I cant seem to find a policy that enables the 'Agentless scanning for machines (preview)' setting in Defender for Cloud. How do i do it then?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
817 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,240 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Syed Shiraz Shahid 280 Reputation points
    2023-03-15T20:51:02.58+00:00

    To enable 'Agentless scanning for machines (preview)' setting for Defender for Cloud Security Posture Management (CSPM) using Azure Policy, you can follow these steps:

    1. Open the Azure Portal and go to the Azure Policy service.
    2. Click on the "Definitions" tab and click on the "Create definition" button.
    3. Fill in the required fields for the new policy definition, such as the name, description, and category.
    4. In the "Policy rule" section, click on the "Add condition" button and select "Microsoft Defender for Cloud Security Posture Management".
    5. Select the "Agentless machine scan (Preview)" setting and set it to "Enabled".
    6. Click on the "Review + create" button to review the policy definition and then click on "Create" to create the policy.
    7. Assign the policy to the desired scope, such as a resource group or subscription.

    After the policy is created and assigned, it will enforce the 'Agentless scanning for machines (preview)' setting for Defender for CSPM across the assigned scope. Note that it may take some time for the policy to take effect and for the setting to be enabled for all relevant resources.

  2. SteveJ22LK90 0 Reputation points
    2024-06-05T20:40:09.77+00:00

    Agentless scanning is available through both the Defender Cloud Security Posture Management (CSPM) plan and Defender for Servers P2 plan, and accordingly there are built-in Azure Policies to deploy and configure these plans for new and existing Subscriptions.

    To enable Agentless scanning with Azure Policy:

    (1) Create a new Initiative scoped to the tenant root group. Add one of these policies:

    When creating the Initiative, it is important to review the Policy parameters section by unchecking the checkbox which says "Only show parameters that need input or review"! This is where you can configure the individual Defender features that you want. If you only want Agentless scanning, disable the others.

    (2) Next, assign the Initiative to the tenant root group. It will create a Managed Identity with the role assignments required (Security Admin, User Access Administrator).

    (3) Finally, you can create a Remediation Task that will apply the setting to existing Subscriptions. New Subscriptions will be enrolled automatically.

    Before you use either of these, make sure you understand the cost of enabling Defender for Cloud plans and features on your Subscriptions!

    I'm glad to see Copilot doesn't know everything about Azure Policy yet, so my job is safe!

    0 comments