none
Windows VM Security Baseline Auditing RRS feed

All replies

  • Good catch. There do appear to be discrepancies in the documentation, with some pages referring to this feature as being in preview and others referring to it as retired. I have reported this discrepancy and am working with the docs team to get this resolved. 

    It does seem like you should still be able to edit the policies through the Azure Policy portal, via REST API, or using Poewershell. This article is more recently updated than the other ones. https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Tuesday, December 10, 2019 12:05 AM
    Moderator
  • Thanks for the info and looking into it. In particular I'm looking for the details of the following Built-In Security Policy:

    [Preview]: Vulnerabilities in security configuration on your machines should be remediated Azure Security Center monitors servers that don't satisfy the configured baseline as recommended.

    I'm looking for the details of what the "configured baseline" of the "security configuration" is and if they're still relevant.

    For example, I was able to extract from Log Analytics what I think to be the security baseline it is using by running the following for a 2019 server:

    SecurityBaseline
    | where ComputerEnvironment == "Azure"
    | where OSName == "Windows Server 2019 Datacenter"
    | distinct OSName, BaselineRuleType, Description, ExpectedResult

    Tuesday, December 10, 2019 1:10 AM