question

CharlesMURE-6667 avatar image
0 Votes"
CharlesMURE-6667 asked vipulsparsh-MSFT commented

Issue - Azure Security Center always shows 0 affected resources for custom initiatives

Description of the issue.
Custom policies definition inside custom initiative seem to not work as excepted.
We have seen this problem since the 03/22/2021 release of Azure Security Center including the Recommendations page enhancements feature.
Since this date, custom recommendations have disappeared from ASC and they do not trigger workflow automation anymore. Also, ASC always shows zero affected resources for custom policies in the regulatory compliance dashboard.
I haven't found any documentation that mentions this change in behavior. Is it normal ?

To Reproduce
Steps to reproduce the behavior (mostly from the documentation):
1. Enable Azure Defender plan to enable custom initiative in ASC Regulatory Compliance
2. Duplicate one built-in policy in order to create a custom policy from a "validated" rule logic.
3. Create a policy initiative that includes the created policy.
4. Assign the policy initiative in ASC or add the metadata property with the value {"ASC": "true"} in the initiative assignement.
5. Create a non-compliant resource affected by your policy.

After more than 24h, in the ASC Regulatory compliance dashboard, ASC still found 0 affected resources for the policy.
82727-asc-custom.png
82687-asc-built-in.png

On the over side, the Azure Policy compliance dashboard indicates that a non-compliant resource indeed exists for this custom initiative.
82716-policy-ok.png

Expected behavior
Non compliant resources for custom initiatives appear in the ASC Regulatory compliance and Recommendation dashboard as custom Security Center recommendations.


Additional context
Documentation linked to this feature: https://docs.microsoft.com/en-us/azure/security-center/custom-security-policies?pivots=azure-portal
On-boarding process followed during deployment: https://github.com/Azure/Azure-Security-Center/blob/onboarding/Onboarding/Modules/3-Policy-Management.md#step-6---assign-custom-policies-optional


azure-security-center
asc-custom.png (6.2 KiB)
policy-ok.png (10.8 KiB)
asc-built-in.png (3.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I wanted to follow up and know if the below responses helped in answering your query. If it did, please do not forget to accept the appropriate response as Answer.

0 Votes 0 ·

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@CharlesMURE-6667 MS is aware about this and there is an ongoing investigation going on with no public status update as of now.
If this is a high priority for your org, you are advised to open a case with support and get a private status update from there.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.