Aqua CSPM

Auto Provisioning Enabled

Quick Info

Plugin TitleAuto Provisioning Enabled
CloudAZURE
CategorySecurity Center
DescriptionEnsures that automatic provisioning of the monitoring agent is enabled
More InfoThe Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
Recommended ActionEnsure that the data collection settings of the subscription have Auto Provisioning set to enabled.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Security Center.
  3. On the “Security Center” page scroll down the left navigation panel and choose “Pricing and Settings."
  4. On the “Security Center - Pricing & settings” page, select the “Subscription” by clicking on the “Name."
  5. Under the “Settings - Pricing tier”, click on the “Data Collection” options and if the “Auto Provisioning” is turned off then the “Automatic provisioning” of the monitoring agent is not enable.
  6. Repeat steps number 2 - 5 to verify other Azure accounts for “Auto Provisioning Enabled."
  7. Navigate to Security center, choose “Pricing and Settings”, select the “Subscription” by clicking on the “Name” and click on the “Data Collection” options.
  8. On the “Settings - Data Collection” page, click on the “ON” option next to the “Auto Provisioning."
  9. On the “Settings - Data Collection” page, select the “Workspace configuration” and click on the “All Events” under the “Windows security events”. Click on the “Save” button at the top to make the changes.
  10. Repeat steps number 7 - 9 to ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.