Review hardening recommendations
As the Log Analytics agent (also known as MMA) is set to retire in August 2024, all Defender for Servers features that currently depend on it, including those described on this page, will be available through either Microsoft Defender for Endpoint integration or agentless scanning, before the retirement date. For more information about the roadmap for each of the features that are currently rely on Log Analytics Agent, see this announcement.
To reduce a machine's attack surface and avoid known risks, it's important to configure the operating system (OS) as securely as possible.
Use the security recommendations described in this article to assess the machines in your environment and:
- Identify gaps in the security configurations
- Learn how to remediate those gaps
The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
|Prerequisites:||Machines must (1) be members of a workgroup, (2) have the Guest Configuration extension, (3) have a system-assigned managed-identity, and (4) be running a supported OS:
• Windows Server 2012, 2012r2, 2016 or 2019
• Ubuntu 14.04, 16.04, 17.04, 18.04 or 20.04
• Debian 7, 8, 9, or 10
• CentOS 7 or 8
• Red Hat Enterprise Linux (RHEL) 7 or 8
• Oracle Linux 7 or 8
• SUSE Linux Enterprise Server 12
|Required roles and permissions:||To install the Guest Configuration extension and its prerequisites, write permission is required on the relevant machines.
To view the recommendations and explore the OS baseline data, read permission is required at the subscription level.
National (Azure Government, Microsoft Azure operated by 21Vianet)
What are the hardening recommendations?
Microsoft Defender for Cloud includes two recommendations that check whether the configuration of Windows and Linux machines in your environment meet the Azure security baseline configurations:
- For Windows machines, Vulnerabilities in security configuration on your Windows machines should be remediated (powered by Guest Configuration) compares the configuration with the Windows security baseline.
- For Linux machines, Vulnerabilities in security configuration on your Linux machines should be remediated (powered by Guest Configuration) compares the configuration with the Linux security baseline.
These recommendations use the guest configuration feature of Azure Policy to compare the OS configuration of a machine with the baseline defined in the Microsoft cloud security benchmark.
Compare machines in your subscriptions with the OS security baselines
To compare machines with the OS security baselines:
From Defender for Cloud's portal pages, open the Recommendations page.
Select the relevant recommendation:
- For Windows machines, Vulnerabilities in security configuration on your Windows machines should be remediated (powered by Guest Configuration)
- For Linux machines, Vulnerabilities in security configuration on your Linux machines should be remediated (powered by Guest Configuration)
On the recommendation details page you can see:
- The affected resources.
- The specific security checks that failed.
To learn more about a specific finding, select it.
Other investigation possibilities:
- To view the list of machines that have been assessed, open Affected resources.
- To view the list of findings for one machine, select a machine from the Unhealthy resources tab. A page will open listing only the findings for that machine.
In this document, you learned how to use Defender for Cloud's guest configuration recommendations to compare the hardening of your OS with the Azure security baseline.
To learn more about these configuration settings, see: