Control: Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'

Configures auditing against a CIS Benchmark item.

Level: 1

None of the settings offered by ASC Default policy should be set to effect Disabled.

A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.

Resource Types

This control targets the following resource types:

Azure > Security Center > Security Center

Primary Policies

The following policies can be used to configure this control:

2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-cisv2-0#/control/types/r020114

Category URI

tmod:@turbot/cis#/control/categories/v070505

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv2-0#/control/types/r020114") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv2-0#/control/types/r020114'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/r020114"