Share via

Azure Security Benchmark v2 Missing Controls?

Buch, Tamara 16 Reputation points
2021-07-13T21:02:25.07+00:00

After assigning the Azure Security Benchmark initiative to a brand new subscription, it seems to be missing control "IM-4 Use strong authentication controls for all Azure Active Directory based access", when viewing from Policy > Compliance > Azure Security Benchmark > Groups. This is true on multiple subscriptions. If you view the Azure Security Benchmark from the Regulatory Compliance blade menu in Security Center instead you will see the control listed.

Am I missing something or is this a bug?

Another thing I am noticing on an older subscription is if you've exempted all the policies in a particular control (for instance the Firewall policy in NS-5) the entire control will disappear from the Policy > Compliance menu. This is not ideal, is there any way to show it as "exempt" instead of just hiding it?

Azure Policy
Azure Policy

An Azure service that is used to implement corporate governance and standards at scale for Azure resources.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. tbgangav-MSFT 10,431 Reputation points Moderator
    2021-08-02T15:22:02.227+00:00

    Hi @Buch, Tamara ,

    I don't see an IM-4 policy with that name. You can see all the IM-4 related policy defs here.

    119820-image.png

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.