This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Is there any way to generate an overview to see the CIS compliance coverage over all virtual maschines?
Me problem is, we need to use CIS Images vor VMs but some applications need the possibility to deactivate some of the CIS rules to work correctly.
So we need two things to work safe:
at first, you can assign the relevant CIS policy to your resource
then you can use the Azure Policy Compliance Scan action to trigger an on-demand evaluation scan
I need to check the CIS Benchmark for Windows Server not the Azure Foundation Benchmark. I don't found "CIS Benchmark for Windows Server"-Policies to make a check on the OS layer.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal to help you understand your organization's compliance posture and take actions to help reduce risks. Compliance Manager offers a premium template for building an assessment for this regulation. Find the template in the assessment templates page in Compliance Manager. Learn how to build assessments in Compliance Manager.
CIS-CAT Pro is the CIS tool which can be used to automate the scan against your VMs. CIS Hardened images are available, which you noted. The process to reverse any of the protections would be up to each protection and somewhat defeat the purpose off using a hardened image. It might be worth reaching out to their support for these questions.
https://www.cisecurity.org/support
Hope this helps! Let me know if you still have questions.
If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.
If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.
Thank you for helping to improve Microsoft Q&A!
Microsoft Purview Compliance Manager shows not like a tool to track the CIS coverage over a list of Servers. It looks like a tool to become an overview of compliance over the hole company.
In Microsoft 365 Defender I found the function "Vulnerability Management" inside of that is a function called "assessment baseline". Could that be an option?
@Rust, Christopher You are correct about Purview. Microsoft Defender Vulnerability Management is great for threat protection, but does not utilize the CIS Benchmark for its assessment. If you must use CIS Benchmark you would need to utilize their tool for automating the scanning, or create your own, which would not be an easy task. Sorry I don't have a better solution for you.