How do I pass "Monitor missing Endpoint Protection in Azure Security Center" Azure baseline security policy test?

Question

Hi,

we are trying to make some inroads getting our environment closer to the Azure Baseline Security policy and also CIS, but we are a bit stumped by this policy assessment:

"Monitor missing Endpoint Protection in Azure Security Center"

Reading the definition this looks for the following security assessment:

    "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "NotApplicable",
              "Healthy"
            ]
          }
        }
      }

How do I enable this? (Ideally using ARM/Bicep?)

Note that we have Defender for Servers / Defender for Endpoint running and reporting, its some sort of monitoring that seems to be missing.

All I could find were 2 year old instructions on third party websites that point me to old Azure portal screens that dont exist anymore.

(More generally: How does one list / enable / disable security assessments in general? - I am aware of the Microsoft.Security/assessments resource but documentation seems pretty scarce?)

Any help is great appreciated!

Many Thanks

Jens

Answer 1

I am not familiar with this recommendation. Is it part of CIS? You do have the option to exclude the policy if the purpose or verification remains unclear.