Documentation
-
Azure Security Benchmark v3 - Endpoint security
Azure Security Benchmark v3 Endpoint security
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
The most up-to-date Azure Security Benchmark is available here.
Endpoint Security covers controls in endpoint detection and response. This includes use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments.
To see the applicable built-in Azure Policy, see Details of the Azure Security Benchmark Regulatory Compliance built-in initiative: Endpoint Security
| Azure ID | CIS Controls v7.1 ID(s) | NIST SP 800-53 r4 ID(s) |
|---|---|---|
| ES-1 | 8.1 | SI-2, SI-3, SC-3 |
Enable Endpoint Detection and Response (EDR) capabilities for servers and clients and integrate with SIEM and Security Operations processes.
Microsoft Defender for Endpoint provides EDR capability as part of an enterprise endpoint security platform to prevent, detect, investigate, and respond to advanced threats.
Responsibility: Customer
Customer Security Stakeholders (Learn more):
| Azure ID | CIS Controls v7.1 ID(s) | NIST SP 800-53 r4 ID(s) |
|---|---|---|
| ES-2 | 8.1 | SI-2, SI-3, SC-3 |
Use a centrally managed endpoint anti-malware solution capable of real time and periodic scanning
Azure Security Center can automatically identify the use of a number of popular anti-malware solutions for your virtual machines and report the endpoint protection running status and make recommendations.
Microsoft Antimalware for Azure Cloud Services is the default anti-malware for Windows virtual machines (VMs). For Linux VMs, use third-party antimalware solution. Also, you can use Azure Defender for Storage to detect malware uploaded to Azure Storage accounts.
Responsibility: Customer
Customer Security Stakeholders (Learn more):
| Azure ID | CIS Controls v7.1 ID(s) | NIST SP 800-53 r4 ID(s) |
|---|---|---|
| ES-3 | 8.2 | SI-2, SI-3 |
Ensure anti-malware signatures are updated rapidly and consistently.
Follow recommendations in Azure Security Center to ensure all endpoints are up to date with the latest signatures. Microsoft Antimalware will automatically install the latest signatures and engine updates by default. For Linux, ensure the signatures are updated in the third-party antimalware solution.
Responsibility: Customer
Customer Security Stakeholders (Learn more):
Additional resources
Training
Module
Implement endpoint protection by using Microsoft Defender for Endpoint - Training
This module examines how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats by using endpoint behavioral sensors, cloud security analytics, and threat intelligence. MS-102
Certification
Microsoft Certified: Security Operations Analyst Associate - Certifications
Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
Events
Apr 8, 3 PM - May 28, 7 AM
Sharpen your AI skills and enter the sweepstakes to win a free Certification exam
Register now!