Ensure that 'Vulnerability assessment for machines' component status is set to 'On'
Why This Matters
Unpatched operating system vulnerabilities and weak security configurations on Azure VMs and Arc enabled machines create an attractive attack surface for threat actors. Without continuous vulnerability scanning, security teams operate blind to critical weaknesses that could be exploited for lateral movement or data exfiltration. Enabling this setting ensures Defender for Cloud automatically detects and alerts on threats and vulnerabilities across your machine fleet.
What Aether365 Checks
This check verifies that the Vulnerability assessment for machines component status is set to On at the subscription level in Defender for Cloud. In the Aether365 dashboard, this appears under the azure-defender-for-cloud checks category.