Assign security standards

  • Article

Defender for Cloud's regulatory standards and benchmarks are represented as security standards. Each standard is an initiative defined in Azure Policy.

In Defender for Cloud you assign security standards to specific scopes such as Azure subscriptions that have Defender for Cloud enabled.

Defender for Cloud continually assesses the environment-in-scope against standards. Based on assessments, it shows in-scope resources as being compliant or noncompliant with the standard, and provides remediation recommendations.

This article describes how to add regulatory compliance standards as security standards in an Azure subscriptions.

Before you start

  • To add compliance standards, at least one Defender for Cloud plan must be enabled.
  • You need Owner or Policy Contributor permissions to add a standard.

Assign a standard (Azure)

To assign regulatory compliance standards on Azure:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Regulatory compliance. For each standard, you can see the applied subscription.

  3. Select Manage compliance policies.

    Screenshot of the regulatory compliance page that shows you where to select the manage compliance policy button.

  4. Select the subscription or management group on which you want to assign the security standard.

    Note

    We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.

  5. Select Security policies.

  6. For the standard you want to enable, in the Status column, switch the button.

  7. If any information is needed in order to enable the standard, the Set parameters page appears for you to type in the information.

  8. From the menu at the top of the page, select Regulatory compliance again to go back to the regulatory compliance dashboard.

The selected standard appears in Regulatory compliance dashboard as enabled for the account.

Next steps