Monitor External Accounts with Write Permissions
Ensures that External Accounts with Write Permissions are being Monitored in Microsoft Defender.
External Accounts with Write Permissions should be monitored to meet you organization's security compliance requirements.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for “Policy” and select the “Policy”.
-
Scroll down the left navigation panel and select “Compliance”.
-
On the “Policy | Compliance” page, under “Name” column select compliance for the “Scope” of necessary Subscription.
-
On the “Policy| Compliance” page select the “View Assignment” Tab on the top.
-
On the “Policy| Compliance | Subscription” page, Select the “Edit Assignment” Tab at the top.
-
On the Assign Initiative page, select the “Parameters” tab and uncheck “Only show parameters that need input or review”. It will show you a list of parameters.
-
In the list search for the setting “External accounts with write permissions should be removed from your subscription”. If it’s set to “Disabled” then “External accounts Monitoring” is not enabled on the selected “Subscription”.
-
To enable “External accounts Monitoring” click to open the dropdown of “External accounts with write permissions should be removed from your subscription” and select the “AuditIfNotExists” option.
-
Click on the “Review + save” button to make the necessary changes.
-
Repeat steps number 3 - 10 to ensure ““External accounts Monitoring” is configured from the Azure Defender.