Monitor VM Vulnerability
Ensures that Monitor Vulnerability Assessment is enabled in Security Center.
When this setting is enabled, Security Center will monitor virtual machines for detected vulnerabilities.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for “Microsoft Defender for Cloud”.
-
Scroll down the left navigation panel and select the “Environment Settings” under “Management”.
-
On the “Microsoft Defender for Cloud | Environment settings” page, under “Name” column select the “Subscription Name” that needs to be verified by clicking on its Name.
-
On the “Settings” page scroll down the “Policy settings” section and select “Security Policy”.
-
On the “Settings | Security policy” page, Select the “Subscription” link under the “Security policy” at the top to get into the configuration settings.
-
On the Settings page, select the “Parameters” tab and uncheck “Only show parameters that need input or review”. It will show you a list of parameters.
-
In the list search for the setting “Vulnerabilities in security configuration on your virtual machine scale sets should be remediated”. If it’s set to “Disabled” then “Vulnerability Assessment” is not enabled on the selected “Subscription”.
-
To enable “Vulnerability Assessment” click to open the dropdown of “Vulnerabilities in security configuration on your virtual machine scale sets should be remediated” and select the “AuditIfNotExists” option. Click on the “Review + save” button at the bottom.
-
On the “Review + save” page, click on “Save” button to make the necessary changes.
-
Repeat step number 3 - 10 to ensure Vulnerability Assessment is configured from the Azure Security Center.