| Plugin Title | Security Configuration Monitoring |
| Cloud | AZURE |
| Category | Defender |
| Description | Ensures that Security Configuration Monitoring is enabled in Microsoft Defender. |
| More Info | When this setting is enabled, Microsoft Defender for Cloud will monitor virtual machines for security configurations. |
| AZURE Link | https://learn.microsoft.com/en-us/azure/governance/policy/overview |
| Recommended Action | Ensure Security Configuration Monitoring is configured for virtual machines from Microsoft Defender. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud".
- Scroll down the left navigation panel and select "Environment Settings" under "Management".
- On the "Microsoft Defender for Cloud | Environment settings" page, under the "Name" column, select the "Subscription Name" that needs to be verified by clicking on its Name.
- On the "Settings" page, Defender Plans. Select the "Settings & Monitoring" Tab on the top.
- On the "Settings | Defender plans" page, Navigate to the "Guest Configuration agent" plan.
- Enable the "Guest Configuration agent" by toggling its Status to "On".
- On the "Settings & Monitoring" Page, click on the "Continue" Button at the top.
- On the "Settings | Defender plans" Page, click on the "Save" Button at the top.
- Repeat steps 3 - 9 to ensure Security Configuration Monitoring is configured from Microsoft Defender for Cloud.
