Security Center default policy setting ‘Monitor System Updates’ should be enabled


When this setting is enabled, it analyzes operating system configurations daily to determine issues that could make the virtual machine vulnerable to attack.

Portal Remediation Steps

  • Navigate to Policy.

  • On the Policy Overview tab, select ASC Default (Subscription:Subscription_ID).

  • In the top navigation, select Edit assignment.

  • Select Parameters.

  • Set System updates should be installed on your machines to AuditIfNotExists or any other available value than Disabled.

  • Click Save.

CLI Remediation Steps

  • Ensure the output of the below command is not set to disabled or empty:

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X GET -H "Authorization: Bearer $1" -H "Content-Type: application/json"$0/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn?api-version=2018-05-01' | jq 'select(.name=="SecurityCenterBuiltIn")'|jq '.properties.parameters.systemUpdatesMonitoringEffect.value'