Ensure Microsoft Antimalware is configured to automatically update Virtual Machines

Error: Microsoft Antimalware is not configured to automatically update Virtual Machines

Bridgecrew Policy ID: BC_AZR_GENERAL_68
Checkov Check ID: CKV2_AZURE_10
Severity: LOW

Microsoft Antimalware is not configured to automatically update Virtual Machines

Description

This policy audits any Windows virtual machine not configured with automatic update of Microsoft Antimalware protection signatures.

Fix - Buildtime

Terraform

  • Resource: azurerm_virtual_machine, azurerm_virtual_machine_extension
  • Argument: virtual_machine_id (of azurerm_virtual_machine_extension )
resource "azurerm_virtual_machine" "virtual_machine_good_1" {
  name                  = "acctvm"
  location              = "location"
  resource_group_name   = "group"
  network_interface_ids = ["id"]
  vm_size               = "Standard_F2"
  storage_os_disk {
    name          = "myosdisk1"
    caching       = "ReadWrite"
    create_option = "FromImage"
  }
}


resource "azurerm_virtual_machine_extension" "extension_good_1" {
  name                 = "hostname"
+ virtual_machine_id   = azurerm_virtual_machine.virtual_machine_good_1.id
  publisher            = "Microsoft.Azure.Security"
  type                 = "IaaSAntimalware"
  type_handler_version = "2.0"
  auto_upgrade_minor_version = true
}