Rule proposal
Rule ID: AZ-CMP-003
Rule name: VM without endpoint protection installed
Severity: HIGH
Category: Compute
What misconfiguration does it detect?
Virtual machines that do not have an endpoint protection extension installed. Checks VM extensions for recognised antimalware solutions including MicrosoftMonitoringAgent, MDE.Linux, MDE.Windows and IaaSAntimalware. Flags any VM with none of these present.
Why is it a security risk?
A VM without endpoint protection cannot detect or block malware, ransomware or malicious code execution. An attacker who gains initial access can execute payloads freely without triggering any detection. CIS 8.2 requires all VMs to have an approved endpoint protection solution installed and running.
Which frameworks does it map to?
- CIS: 8.2
- NIST: DE.CM-4
- ISO 27001: A.12.2.1
- SOC 2: CC6.8
Remediation (how to fix it)?
Install Microsoft Defender for Endpoint or IaaSAntimalware extension on the VM using:
az vm extension set --resource-group --vm-name --name IaaSAntimalware --publisher Microsoft.Azure.Security
Rule proposal
Rule ID: AZ-CMP-003
Rule name: VM without endpoint protection installed
Severity: HIGH
Category: Compute
What misconfiguration does it detect?
Virtual machines that do not have an endpoint protection extension installed. Checks VM extensions for recognised antimalware solutions including MicrosoftMonitoringAgent, MDE.Linux, MDE.Windows and IaaSAntimalware. Flags any VM with none of these present.
Why is it a security risk?
A VM without endpoint protection cannot detect or block malware, ransomware or malicious code execution. An attacker who gains initial access can execute payloads freely without triggering any detection. CIS 8.2 requires all VMs to have an approved endpoint protection solution installed and running.
Which frameworks does it map to?
Remediation (how to fix it)?
Install Microsoft Defender for Endpoint or IaaSAntimalware extension on the VM using:
az vm extension set --resource-group --vm-name --name IaaSAntimalware --publisher Microsoft.Azure.Security