lacework-global-612

2.2.3 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' (Manual)

note

This rule has been changed to manual, see Permanently Manual Rules (that were deemed automated) for CIS Azure 1.5.0 for details.

Profile Applicability

• Level 2

Description

Enable automatic provisioning of the Microsoft Defender for Containers components.

Rationale

As with any compute resource, Container environments require hardening and run-time protection to ensure safe operations and detection of threats and vulnerabilities.

Impact

Microsoft Defender for Containers will require additional licensing.

Audit

From Azure Portal

1. From Azure Home select the Portal Menu
2. Select Microsoft Defender for Cloud
3. Then Environment Settings
4. Select a subscription
5. Then Auto Provisioning in the left column.
6. Ensure that Microsoft Defender for Containers components is set to On

Repeat the above for any additional subscriptions.

Remediation

From Azure Portal

1. From Azure Home select the Portal Menu
2. Select Microsoft Defender for Cloud
3. Then Environment Settings
4. Select a subscription
5. Then Auto Provisioning in the left column.
6. Set Microsoft Defender for Containers components to On

References

https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-containers
https://msdn.microsoft.com/en-us/library/mt704062.aspx
https://msdn.microsoft.com/en-us/library/mt704063.aspx
https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-incident-response#ir-2-preparation--setup-incident-notification