Control: Azure > CIS v4.0 > 09 - Security Services > 09.01 - Microsoft Defender for Cloud > 09.01.10 - Ensure that Microsoft Defender for Cloud is configured to check VM operating systems for updates
Configures auditing against a CIS Benchmark item.
Level: 1
Ensure that the latest OS patches for all virtual machines are applied.
Windows and Linux virtual machines should be kept updated to address specific bugs or flaws, improve OS or application general stability, and fix security vulnerabilities.
Microsoft Defender for Cloud retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows VM. If a VM is missing a system update, the security center will recommend system updates be applied.
By default, patches are not automatically deployed.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 09 - Security Services > 09.01 - Microsoft Defender for Cloud > 09.01.10 - Ensure that Microsoft Defender for Cloud is configured to check VM operating systems for updates
- Azure > CIS v4.0 > 09 - Security Services > 09.01 - Microsoft Defender for Cloud > 09.01.10 - Ensure that Microsoft Defender for Cloud is configured to check VM operating systems for updates > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 09 - Security Services
- Azure > CIS v4.0 > 09 - Security Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r090110
- tmod:@turbot/cis#/control/categories/v070304
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r090110"
Get Controls