Skip to main content

lacework-global-522

Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' (Manual)

Profile Applicability

• Level 1

Description

Apply the latest OS patches for all virtual machines.

Rationale

Windows and Linux virtual machines should be kept updated to:

  • Address a specific bug or flaw
  • Improve an OS or application’s general stability
  • Fix a security vulnerability

The Azure Security Center retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows VM. The security center also checks for the latest updates in Linux systems. If a VM is missing a system update, the security center will recommend system updates be applied.

Impact

Running Microsoft Defender for Cloud incurs additional charges for each resource monitored. Please see attached reference for exact charges per hour.

Audit

From Azure Console

  1. From Azure Home select the Portal Menu
  2. Select Microsoft Defender for Cloud
  3. Then the Recommendations blade
  4. Ensure that there are no recommendations for Apply system updates

Alternatively, you can employ your own patch assessment and management tool to periodically assess, report and install the required security patches for your OS.

Please note that at this point of time, there is no API/CLI mechanism available to programmatically conduct security assessment for this recommendation.

Remediation

Follow Microsoft Azure documentation to apply security patches from the security center. Alternatively, you can employ your own patch assessment and management tool to periodically assess, report, and install the required security patches for your OS.

References

https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-posture-vulnerability-management#pv-7-rapidly-and-automatically-remediate-software-vulnerabilities
https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm