question

Steven-3786 avatar image
0 Votes"
Steven-3786 asked vipulsparsh-MSFT answered

Security Center's "Regulatory Compliance Control Checks" and best practices for resolution

We are looking to pass all of the automated compliance checks performed by Azure Defender / Security Center (e.g. ISO 27001). It would be great to get guidance on the following:

  1. For the "greyed out"/disabled control-checks, is it possible to get more information on each of these and specifically why each specific check is greyed out (I'm aware of the general reasons e.g. not automatically checked, responsibility falls on Azure side etc). Even more helpful would be any guidance on what specific manual checks could be done (if any) to internally track these.

  2. Can Fast Track or any Azure support service provide additional help around reaching 100% pass-mark for the checks performed e.g. suggesting a plan of attack, analysing and ordering issues by severity, provide insight into how much work is involved in resolving these, potential risks, best practices etc.

  3. Following on from 2. can the mitigation steps to reach 100% pass-mark of automated checks be potentially actioned/corrected by the Fast Track team or any other Azure support services, or is this something that has to be actioned internally.

Generally what is the recommended approach to tackle this sort of thing?

azure-security-centerfasttrack-azure-asiaazure-webapps-compliance-reports
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Steven-3786 Checking on this internally will get back soon.

0 Votes 0 ·

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@Steven-3786 It seems the guidance for those security standards are present in the documents only https://docs.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-1-0 and we do not have anything public facing for now.

For further comments about fast track and support for helping in these scenarios, it was suggested to raise a case with them and they would be able to provide you a better support boundaries regarding this.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.