lacework-global-612
2.2.3 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' (Manual)
note
This rule has been changed to manual, see Permanently Manual Rules (that were deemed automated) for CIS Azure 1.5.0 for details.
Profile Applicability
• Level 2
Description
Enable automatic provisioning of the Microsoft Defender for Containers components.
Rationale
As with any compute resource, Container environments require hardening and run-time protection to ensure safe operations and detection of threats and vulnerabilities.
Impact
Microsoft Defender for Containers will require additional licensing.
Audit
From Azure Portal
- From Azure Home select the Portal Menu
- Select
Microsoft Defender for Cloud
- Then
Environment Settings
- Select a subscription
- Then
Auto Provisioning
in the left column. - Ensure that
Microsoft Defender for Containers components
is set toOn
Repeat the above for any additional subscriptions.
Remediation
From Azure Portal
- From Azure Home select the Portal Menu
- Select
Microsoft Defender for Cloud
- Then
Environment Settings
- Select a subscription
- Then
Auto Provisioning
in the left column. - Set
Microsoft Defender for Containers components
toOn
References
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-containers
https://msdn.microsoft.com/en-us/library/mt704062.aspx
https://msdn.microsoft.com/en-us/library/mt704063.aspx
https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-incident-response#ir-2-preparation--setup-incident-notification