AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Endpoint protection health issues should be resolved on your machines

Azure BuiltIn Policy definition

Source Azure Portal
Display name Endpoint protection health issues should be resolved on your machines
Id 8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Resolve endpoint protection health issues on your virtual machines to protect them from latest threats and vulnerabilities. Azure Security Center supported endpoint protection solutions are documented here - https://docs.microsoft.com/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions. Endpoint protection assessment is documented here - https://docs.microsoft.com/azure/security-center/security-center-endpoint-protection.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code True False
Rule resource types IF (3)
Microsoft.ClassicCompute/virtualMachines
Microsoft.Compute/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 2 compliance controls are associated with this Policy definition 'Endpoint protection health issues should be resolved on your machines' (8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14. Software security Standard Operating Environments - Maintaining hardened SOEs n/a Whilst a SOE can be sufficiently hardened when it is deployed 17
NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 Software security 14.1.9 Maintaining hardened SOEs Customer n/a Whilst a SOE can be sufficiently hardened when it is deployed, its security will progressively degrade over time. Agencies can address the degradation of the security of a SOE by ensuring that patches are continually applied, system users are not able to disable or bypass security functionality and antivirus and other security software is appropriately maintained with the latest signatures and updates. End Point Agents monitor traffic and apply security policies on applications, storage interfaces and data in real-time. Administrators actively block or monitor and log policy breaches. The End Point Agent can also create forensic monitoring to facilitate incident investigation. End Point Agents can monitor user activity, such as the cut, copy, paste, print, print screen operations and copying data to external drives and other devices. The Agent can then apply policies to limit such activity. link 15
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-30 14:27:30 add 8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2
JSON compare n/a
JSON
api-version=2021-06-01
EPAC