MEDIUM
Source
CloudSploit
ID
vm-agent-enabled

VM Agent Enabled

Ensures that the VM Agent is enabled for virtual machines

The VM agent must be enabled on Azure virtual machines in order to enable Azure Security Center for data collection.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. Select the “Search resources, services, and docs” option at the top and search for Security Center. Step

  3. Click on the “Pricing & Settings” option and choose the “Subscription” and click on the “Name” option as a link to access the configurations. Step

  4. Click on the “Data Collection” option under Settings. Step

  5. Under the “Data Colelction” check whether the “Auto Provisioning” is “ON or OFF”. If “Auto Provisioning” is turned “Off” then the automatic installation of the Microsoft Monitoring Agent on all the VMs in your subscription is not enabled. Step

  6. Repeat steps number 2 - 5 to verify “VM Agent” in the other Azure accounts.

  7. Navigate to the “Security Center”, select the “Price & Settings” and click on the “Subscription Name”, select the “Data Collection” options under “Settings”.Step

  8. Turn “On” the “Auto Provisioning” feature and click on the “Save” button at the top to make the changes. Once enabled, any new or existing VM without an installed Microsoft Monitoring agent (MMA) extension, will have it provisioned. Step

  9. Repeat steps number 7 - 8 to enable the VM agent for all virtual machines.