AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

[Deprecated]: Endpoint protection health issues should be resolved on your machines

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Endpoint protection health issues should be resolved on your machines
Id 8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2
Version 1.1.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 2
1.0.0
1.1.0 (1.1.0-deprecated)
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Resolve endpoint protection health issues on your virtual machines to protect them from latest threats and vulnerabilities. Azure Security Center supported endpoint protection solutions are documented here - https://docs.microsoft.com/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions. Endpoint protection assessment is documented here - https://docs.microsoft.com/azure/security-center/security-center-endpoint-protection.
Mode All
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code True False
Rule resource types IF (3)
Microsoft.ClassicCompute/virtualMachines
Microsoft.Compute/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 2 compliance controls are associated with this Policy definition '[Deprecated]: Endpoint protection health issues should be resolved on your machines' (8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14. Software security 14.1.9.C.01 Maintaining hardened SOEs n/a Agencies MUST ensure that for all servers and workstations: a technical specification is agreed for each platform with specified controls; a standard configuration created and updated for each operating system type and version; system users do not have the ability to install or disable software without approval; and installed software and operating system patching is up to date. 20
NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 Software security 14.1.9 Maintaining hardened SOEs Customer n/a Whilst a SOE can be sufficiently hardened when it is deployed, its security will progressively degrade over time. Agencies can address the degradation of the security of a SOE by ensuring that patches are continually applied, system users are not able to disable or bypass security functionality and antivirus and other security software is appropriately maintained with the latest signatures and updates. End Point Agents monitor traffic and apply security policies on applications, storage interfaces and data in real-time. Administrators actively block or monitor and log policy breaches. The End Point Agent can also create forensic monitoring to facilitate incident investigation. End Point Agents can monitor user activity, such as the cut, copy, paste, print, print screen operations and copying data to external drives and other devices. The Agent can then apply policies to limit such activity. link 15
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-10-31 18:50:28 change Minor, new suffix: deprecated (1.0.0 > 1.1.0-deprecated)
2021-08-30 14:27:30 add 8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC