icon-zcspm.svg
ZCSPM

Configuring Auto Remediation for Microsoft Azure

Non-compliant assets can be automatically remediated using ZCSPM's remediation framework. An Azure account can have administrators creating, updating, or removing assets frequently. ZCSPM uses the Azure APIs to automatically remediate non-compliant assets.

  • Close

Prerequisite Roles

Ensure you have access to the following prerequisite roles:

  • ZCSPM License Admin
  • Microsoft Azure Subscription Owner
  • Microsoft Azure Resource Policy Contributor

Configuring Auto Remediation

    1. Log in to the Azure Portal as a Subscription Owner.
    2. Go to Subscriptions, then select your subscription.
    3. Click Access Control (IAM), then click Add.
    4. Click Add role assignment, then select Resource Policy Contributor role.
    5. Select the ZCSPM application, then click Save.
    Close
    1. Click on the Cloud Shell icon, then choose PowerShell.
    2. Clone the Azure remediation policy repository using the following command:
    git clone https://github.com/Cloudneeti/azure-remediation-policy.git
    1. Switch to the user directory using the following command:
    cd $user
    1. Navigate to the remediation directory using the following command:
    cd azure-remediation-policy
    1. Provision the policy definitions in the subscription using the following command:
    .\provision-PolicyDefinitions.ps1 -SubscriptionId <Subscription Id>
    Close
    1. Log into the ZCSPM Admin Portal as a License Admin.
    2. Select a license and cloud account using the drop-down menus.
    3. Navigate to Configurations > Security Policies.
    4. Select the Cloud Account level tab.
    5. Select Remediation Available from the filter menu.
    6. Enable policies for remediation.
    7. Click Save.

    View Azure security policies which have remediation available

    1. Click Yes Please in the confirmation message window.
    Close
    1. Click on the Cloud Shell icon, then choose PowerShell.
    2. Download the Assign-RolesToRemediationPolicy.ps1 script using the following command:
    wget https://raw.githubusercontent.com/Cloudneeti/docs_cloudneeti/master/scripts/Assign-RolesToRemediationPolicy.ps1 -O Assign-RolesToRemediationPolicy.ps1
    1. Switch to the user directory using the following command:
    cd $user
    1. Run the role assignment script using the following command and inline parameters:
    ./AssignRolesToRemediationPolicy.ps1
    -azureActiveDirectoryId <Azure active directory Id>
    -subscriptionId <Subscription Id>
    Close

  • ZCSPM can remediate all future assets, but the remediation framework needs to be triggered manually for existing non-compliant assets:

    1. Log into the ZCSPM Admin Portal as a License Admin.
    2. Select a license and cloud account using the drop-down menus.
    3. Click Cloud Security Best Practices.
    4. Click Remediate, then select the checkboxes next to the desired policies from the Policy Remediation panel.
    5. Click Remediate Now. Remediation changes the asset configurations to make them compliant with security policies.
    6. Click Remediate Now to confirm.

    To confirm manually triggered remediation, you need to re-scan the cloud account and verify the asset information on the asset dashboard.

    Close
Related Articles
Configuring Auto Remediation for Microsoft AzureDecommission Remediation for Microsoft Azure