Azure Compute Security Baseline compliance and the Landing Zone Deployment

Perry Chandler 145 Reputation points
2023-07-05T11:49:37.6166667+00:00

Good afternoon all,

We are creating a Landing Zone for our IT Team. We are going to deploy through Terraform, but we have had a run through the options in the GUI accelerator.

IT would like to say Yes to "Enable Azure Compute Security Baseline compliance auditing"

I am uncertain as to whether Using "Compute Security Baselines" is covered by the CSPM Foundational option "Microsoft Cloud Security Benchmark" and Whether enabling Auditing of this feature will make us liable for additional costs.

Thanks for your time, Perry.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,460 questions
0 comments No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,766 Reputation points Microsoft Employee
    2023-07-06T20:53:15.63+00:00

    @Perry Chandler

    Thank you for your post!

    I understand that you're going to be creating a Landing Zone for your IT team by deploying this through Terraform and have some questions regarding the Compute Security Baseline(s). To hopefully point you in the right direction or resolve your issue, I'll share my findings below.


    Findings:

    Microsoft cloud security benchmark in Defender for Cloud:

    User's image

    Additional Links:

    Introduction to the Microsoft cloud security benchmark

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.