To enable 'Agentless scanning for machines (preview)' setting for Defender for Cloud Security Posture Management (CSPM) using Azure Policy, you can follow these steps:
- Open the Azure Portal and go to the Azure Policy service.
- Click on the "Definitions" tab and click on the "Create definition" button.
- Fill in the required fields for the new policy definition, such as the name, description, and category.
- In the "Policy rule" section, click on the "Add condition" button and select "Microsoft Defender for Cloud Security Posture Management".
- Select the "Agentless machine scan (Preview)" setting and set it to "Enabled".
- Click on the "Review + create" button to review the policy definition and then click on "Create" to create the policy.
- Assign the policy to the desired scope, such as a resource group or subscription.
After the policy is created and assigned, it will enforce the 'Agentless scanning for machines (preview)' setting for Defender for CSPM across the assigned scope. Note that it may take some time for the policy to take effect and for the setting to be enabled for all relevant resources.