at first, you can assign the relevant CIS policy to your resource
then you can use the Azure Policy Compliance Scan action to trigger an on-demand evaluation scan
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Is there any way to generate an overview to see the CIS compliance coverage over all virtual maschines?
Me problem is, we need to use CIS Images vor VMs but some applications need the possibility to deactivate some of the CIS rules to work correctly.
So we need two things to work safe:
at first, you can assign the relevant CIS policy to your resource
then you can use the Azure Policy Compliance Scan action to trigger an on-demand evaluation scan
Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal to help you understand your organization's compliance posture and take actions to help reduce risks. Compliance Manager offers a premium template for building an assessment for this regulation. Find the template in the assessment templates page in Compliance Manager. Learn how to build assessments in Compliance Manager.
CIS-CAT Pro is the CIS tool which can be used to automate the scan against your VMs. CIS Hardened images are available, which you noted. The process to reverse any of the protections would be up to each protection and somewhat defeat the purpose off using a hardened image. It might be worth reaching out to their support for these questions.
https://www.cisecurity.org/support
Hope this helps! Let me know if you still have questions.
If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.
If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.
Thank you for helping to improve Microsoft Q&A!