last sync: 2024-Dec-05 18:53:22 UTC

System updates should be installed on your machines (powered by Update Center)

Azure BuiltIn Policy definition

Source Azure Portal
Display name System updates should be installed on your machines (powered by Update Center)
Id f85bf3e0-d513-442e-89c3-1784ad63382b
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 2
1.0.0-preview
1.0.1
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Your machines are missing system, security, and critical updates. Software updates often include critical patches to security holes. Such holes are frequently exploited in malware attacks so it's vital to keep your software updated. To install all outstanding patches and secure your machines, follow the remediation steps.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code True False
Rule resource types IF (2)
Microsoft.Compute/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 1 compliance controls are associated with this Policy definition 'System updates should be installed on your machines (powered by Update Center)' (f85bf3e0-d513-442e-89c3-1784ad63382b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Posture and Vulnerability Management Rapidly and automatically remediate vulnerabilities Shared **Security Principle:** Rapidly and automatically deploy patches and updates to remediate vulnerabilities in your cloud resources. Use the appropriate risk-based approach to prioritize the remediation of the vulnerabilities. For example, more severe vulnerabilities in a higher value asset should be addressed as a higher priority. **Azure Guidance:** Use Azure Automation Update Management or a third-party solution to ensure that the most recent security updates are installed on your Windows and Linux VMs. For Windows VMs, ensure Windows Update has been enabled and set to update automatically. For third-party software, use a third-party patch management solution or System Center Updates Publisher for Configuration Manager. Prioritize which updates to deploy first using a common risk scoring program (such as Common Vulnerability Scoring System) or the default risk ratings provided by your third-party scanning tool and tailor to your environment. You should also consider which applications present a high security risk and which ones require high uptime. **Implementation and additional context:** How to configure Update Management for virtual machines in Azure: https://docs.microsoft.com/azure/automation/update-management/overview Manage updates and patches for your Azure VMs: https://docs.microsoft.com/azure/automation/update-management/manage-updates-for-vm n/a link 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-08-20 18:21:51 change Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2022-09-02 16:33:37 add f85bf3e0-d513-442e-89c3-1784ad63382b
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC