Azure-SecurityCenter-Monitor-System-Updates

Severity: High

Description: This control ensures that System updates should be installed on your machines' is enabled for at least one policy assignment with policy definition Enable Monitoring in Azure Security Center. When this setting is not disabled, it retrieves a daily list of available security and critical updates from Windows Update or Windows Server Update Services.The retrieved list depends on the service that's configured for that virtual machine and recommends that the missing updates be applied. For Linux systems, the policy uses the distro-provided package management system to determine packages that have available updates. It also checks for security and critical updates from Azure Cloud Services virtual machines.

Remediation Steps:

Perform following to update parameters:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to Policy service.

3. On Policy overview, Click onDefault/Custom Policy.

4. Click on Edit Assignments.

5. In Basics menu, check there are no exclusions added for resource Group.

6. Set Policy Enforcement to Enabled.

7. Goto Parameters and set System updates should be installed on your machines in Azure Security Center to AuditIfNotExist.

8. Click Review + save.

Important:

• Along with ASC Default assignment, there could be custom policy assignments with the policy definition "Enable Monitoring in Azure Security Center". 'Monitor missing Endpoint Protection in Azure Security Center' should be enabled for at least one of such assignments

Reference:

• http//docs.microsoft.com/en-us/azure/security-center/security-center-policies

• http//docs.microsoft.com/en-us/azure/security-center/security-center-apply-system-updates

• http//msdn.microsoft.com/en-us/library/mt704062.aspx

• http//msdn.microsoft.com/en-us/library/mt704063.aspx

• http//docs.microsoft.com/en-us/rest/api/resources/policyassignments/get

• http//docs.microsoft.com/en-us/rest/api/resources/policyassignments/create