Skip to content

Latest commit

 

History

History
27 lines (22 loc) · 2.3 KB

File metadata and controls

27 lines (22 loc) · 2.3 KB

CloudSploit

AZURE / Virtual Machines / VM Agent Enabled

Quick Info

Plugin Title VM Agent Enabled
Cloud AZURE
Category Virtual Machines
Description Ensures that the VM Agent is enabled for virtual machines
More Info The VM agent must be enabled on Azure virtual machines in order to enable Azure Security Center for data collection.
AZURE Link https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-vm-agent
Recommended Action Enable the VM agent for all virtual machines.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Security Center.
  3. Click on the "Pricing & Settings" option and choose the "Subscription" and click on the "Name" option as a link to access the configurations.
  4. Click on the "Data Collection" option under Settings.
  5. Under the "Data Colelction" check whether the "Auto Provisioning" is "ON or OFF". If "Auto Provisioning" is turned "Off" then the automatic installation of the Microsoft Monitoring Agent on all the VMs in your subscription is not enabled.
  6. Repeat steps number 2 - 5 to verify "VM Agent" in the other Azure accounts.
  7. Navigate to the "Security Center", select the "Price & Settings" and click on the "Subscription Name", select the "Data Collection" options under "Settings".
  8. Turn "On" the "Auto Provisioning" feature and click on the "Save" button at the top to make the changes. Once enabled, any new or existing VM without an installed Microsoft Monitoring agent (MMA) extension, will have it provisioned.
  9. Repeat steps number 7 - 8 to enable the VM agent for all virtual machines.