Site icon TheWindowsUpdate.com

Microsoft cloud security benchmark: Azure compute benchmark

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Azure compute benchmark is now aligned with CIS

 

Security benchmarks help organizations strengthen their security posture and meet various cloud security compliance requirements. The Microsoft cloud security benchmark announced at Ignite 2022 provides clear and concrete guidance to securely configure cloud resources.

 

Today, we are excited to announce a new Azure compute benchmark for Azure virtual machines. This newly released benchmark has the CIS recommended security configurations aligned with the Azure environment. this new benchmark takes into consideration the cloud-specific security controls and removes non-applicable controls that have no significant risk impact in cloud environment.

 

CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0’ can be downloaded from CIS benchmark for Cloud computeYou will be able to seamlessly monitor the secure configuration settings of the new CIS benchmark in Microsoft Defender for Cloud as well as via the built-In Windows baseline Azure policy in the Azure policy Portal.

 

  Figure 1: Azure Security and CIS benchmark team collaboration

 

Benchmark usage scenarios

Using Microsoft Defender for Cloud:

You will be able to monitor the security baseline settings for Windows Server in the Microsoft Defender for Cloud portal by going to the ‘Remediate Security Configurations’ in ‘Recommendations’ section and selecting ‘Vulnerabilities in security configuration on your Windows machines should be remediated (powered by Guest Configuration)’

 

Figure 2: Microsoft Defender for Cloud Portal

 

You will be able see the status of each baseline rule, view baseline failures through ‘Expected’ and ‘Actual’ values, understand the risk and impact of each misconfiguration, and view additional steps to remediate them.

 

Figure 3: Windows Baseline Recommendation

 

Using as a ‘BuiltIn’ Policy in Azure Policy Portal:

Alternatively, you can also leverage the Windows Baseline available as a built-in policy to monitor the security configurations setting of your Windows servers. You can assign the “Windows machines should meet requirements of the Azure compute security baseline” and monitor the compliance results in the Azure Policy portal.

 

Figure 4: Azure Policy Portal

 

What Next?

We want to thank the CIS benchmark team, contributors from the CIS community and multiple teams within Microsoft for their help with publishing the benchmark!

 

If you would like to participate in improving the benchmark or provide feedback, please send us an email. We would love to hear your success stories and feedback on how to make it better!

 

Additional References:

 

Exit mobile version