Azure security center - Remediate security configuration not updating RRS feed

  • Question

  • Hello,

    We are working through some of the security center remarks, within our Azure subscription, on our Windows 2016 server VMs under the Remediate security configuration section.

    Last Friday we applied two changes to address

    • Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only)
    • Ensure 'Security: specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'

    We were hoping to see the changed VMs to be removed from the failed rules for these messages. But they are still showing up. Is there a way we can trigger the alerts to refresh? What's the time frame we should see these updates? Is something else potentially blocking us from seeing the made changes?


    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path Software\Policies\Microsoft\Windows NT\Rpc
    Value Name EnableAuthEpResolution
    Value Type REG_DWORD
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path Software\Policies\Microsoft\Netlogon\Parameters
    Value Name MaximumLogFileSize
    Value Type REG_DWORD

    Tuesday, July 16, 2019 8:28 AM

All replies

  • No you can trigger the alerts to refresh.  The security center automatically updates it recommendations with 24 hours, however Operating system configuration recommendations are updated in 48 hours.  Are you not seeing these alerts going past the mentioned timelines ?
    Tuesday, July 16, 2019 9:19 PM
  • Hello Saura,

    Thanks for the response. We verified the applied changes and waited another 48 hours. The recommendations still haven't updated. 

    Thursday, July 18, 2019 7:15 AM
  • Sorry for late response.  Are you still having this issue ?

    Wednesday, July 31, 2019 11:24 PM