Ensure that Endpoint Protection for all Virtual Machines is installed

Install endpoint protection for all virtual machines.

Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.LOG.17
Covered by Spectral: No
Category: Compute

GSL LOGIC

VirtualMachine should have extensions contain [ virtualMachineExtensionType='IaaSAntimalware' and provisioningState='Succeeded' ]

REMEDIATION

From Portal

  1. Go to 'Microsoft Defender for Cloud'.
  2. Click the 'Recommendations' blade.
  3. On 'Secure Score Recommendation Dashboard',click on 'Install endpoint protection solution on virtual machines' recommendation.
  4. Now select all the virtual machines available.Then, click Install on VMs button to start the endpoint protection installation process.
  5. Choose 'Microsoft Antimalware extension' as endpoint protection software, then click Create to initiate the extension setup process.
  6. On the Microsoft Antimalware dashboard, use the configuration settings available on the extension blade to configure the VMs anti-malware protection based on your requirements.
  7. Click Ok to apply the changes and run the endpoint protection installation.

From TF
Set the azurerm_virtual_machine_extension as below:

resource "azurerm_virtual_machine_extension" "example" {
	...
	name                 = "NAME"
	virtual_machine_id   = azurerm_virtual_machine.example.id
	publisher            = "Microsoft.Azure.Security"
	type                 = "IaaSAntimalware"
	type_handler_version = " VERSION"
	...
}

Note: There are some settings required as per extensions, please check the reference link for more information.

From Command Line
Run the below command for all the Microsoft Azure virtual machines that are missing anti-malware protection, provisioned within the current subscription

az vm extension set --publisher Microsoft.Azure.Security --name IaaSAntimalware --version VERSION --vm-name VM-NAME --resource-group RESOURCEGROUP --no-wait

References

  1. https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware
  2. https://learn.microsoft.com/en-us/cli/azure/vm/extension?view=azure-cli-latest#az-vm-extension-set
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension

Virtual Machine

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.

Compliance Frameworks

  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset