Severity : High
Description: This control ensures that subscription default autoProvisioning field is set to On. When Automatic provisioning of monitoring agent is turned on, Azure Security Center provisions the Microsoft Monitoring Agent on all existing supported Azure virtual machines and any new ones that are created. The Microsoft Monitoring
...
agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts.
Remediation Steps
...
:
Perform following to update parameters:
Login to Azure Portal using https://portal.azure.com.
Go to Security Center.
Click on Pricing & settings under Management.
Select subscription.
Click on Auto provisioning.
Set Log Analytics agent for Azure VMs to On with workspace configuration.
Click Apply and save.
Important:
When Auto Provisioning setting is updated using UI, the default SecurityContacts default object name is set to Default1.
Reference:
CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #2.11
https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create