How do I pass "Monitor missing Endpoint Protection in Azure Security Center" Azure baseline security policy test?

Anonymous
2023-05-07T14:07:16.62+00:00

Hi,

we are trying to make some inroads getting our environment closer to the Azure Baseline Security policy and also CIS, but we are a bit stumped by this policy assessment:

"Monitor missing Endpoint Protection in Azure Security Center"

Reading the definition this looks for the following security assessment:

    "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "NotApplicable",
              "Healthy"
            ]
          }
        }
      }

How do I enable this? (Ideally using ARM/Bicep?)

Note that we have Defender for Servers / Defender for Endpoint running and reporting, its some sort of monitoring that seems to be missing.

All I could find were 2 year old instructions on third party websites that point me to old Azure portal screens that dont exist anymore.

(More generally: How does one list / enable / disable security assessments in general? - I am aware of the Microsoft.Security/assessments resource but documentation seems pretty scarce?)

Any help is great appreciated!

Many Thanks

Jens

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
816 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,233 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,676 Reputation points Microsoft Employee
    2023-05-08T13:08:22.18+00:00

    I am not familiar with this recommendation. Is it part of CIS? You do have the option to exclude the policy if the purpose or verification remains unclear.