Ensure that the latest OS patches for Azure Virtual Machine

MEDIUM

Description

Azure Virtual Machine does not enable auto OS updates, this may leave them vulnerable.

Remediation

In Azure Console -

Open the Azure Portal and go to Virtual Machines.
Choose the Virtual Machine you wish to edit.
Under Operations, select Updates.
Select the Update settings button and configure as needed.

In Terraform -
Deprecated in favor of azurerm_linux_virtual_machine and azurerm_windows_virtual_machine:

In the azurerm_virtual_machine resource, set enable_automatic_upgrades to true.

References:
https://learn.microsoft.com/en-us/azure/virtual-machines
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine

Policy Details

Rule Reference ID: AC_AZURE_0364

CSP: Azure

Remediation Available: Yes

Domain: Compliance Validation

Resource: azurerm_virtual_machine

Resource Category: Compute

Resource Type: Virtual Machine

Frameworks

PCI-DSSv4.0
SOC2
GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1