Skip to main content
McAfee Enterprise MVISION Cloud

Auto-Remediation of Azure Config Audit Policies

Auto-remediation is a triggered response to a policy violation. It is an automated approach to security, applying the appropriate response to a vulnerability in your Azure deployment. It ensures a high level of functionality by continuously monitoring risks. And it automatically remediates policy violation issues and reduces the window of malicious opportunity.

Supported Remediation Actions

These are the supported remediation actions for Azure. 

Remediation Actions

Policy Templates

Permissions Required

Email Notification All Azure policy templates  

Remove public access from storage account container

  • World Readable Azure Blob Storage Containers
  • Storage Blob Data Contributor

Remove unrestricted access from a network security group

 

  • Unrestricted RDP Access in network security groups
  • Unrestricted SSH Access in network security groups
  • Unrestricted Telnet Access in network security groups
  • Unrestricted CIFS Access in network security groups
  • Unrestricted DNS Access in network security groups
  • Unrestricted FTP Access in network security groups
  • Unrestricted MongoDB Access in network security groups
  • Unrestricted MSSQL Access in network security groups
  • Unrestricted MSSQL Database Access (UDP) in network security groups
  • Unrestricted MySQL Access in network security groups
  • Unrestricted NetBIOS Access (UDP) in network security groups
  • Unrestricted NetBIOS Access in network security groups
  • Unrestricted Oracle Database Access in network security groups
  • Unrestricted PostgreSQL Access in network security groups
  • Unrestricted RPC Access in network security groups
  • Unrestricted SMTP Access in network security groups
  • Unrestricted VNC Listener Access in network security groups
  • Unrestricted VNC Server Access in network security groups
  • Network Contributor

Scan Unsecured Resources

  • World Readable Azure Blob Storage Containers
  • Reader and Data Access

Configure Auto-Remediation 

You can add Auto-Remediation to any Azure policy. Changes are not applied retroactively.

To add an auto-remediation response:

  1. Choose Policy > Configuration Audit.
  2. To customize the affected policy, click Edit.
    clipboard_e2828d5d607986e7fd6135a5e84d24489.png
  3. Under Response, select Edit.
    clipboard_e52fa48f9e692a06eee4f41a0cb36b72d.png
  4. You are redirected to the following screen. To add the responses, click Add.
    clipboard_e072ca98821aa21acf2968f33a92f7582.png
  5. Select the required response from the list and click Next.
    clipboard_e2eb81b64f0cebefcfd49e05a1e06b6ee.png
  6. Verify the selected response is shown under Responses and click Done.
    clipboard_e14c66af4e0187d9c92d9531056db0a59.png
  • Was this article helpful?