AzTS

1.0.3

module/ConfigurationProvider/ControlConfigurations/Services/LAWorkspace.json

                                {

  "FeatureName": "LAWorkspace",

  "Reference": "aka.ms/azsktcp/laworkspace",

  "IsMaintenanceMode": false,

  "Controls": [

    {

      "ControlID": "Azure_LAWorkspace_Config_Enable_MicrosoftDefender_Servers_MCSB",

      "Description": "[MCSB] Microsoft Defender for servers should be enabled on workspaces",

      "Id": "LAWorkspace110",

      "ControlSeverity": "High",

      "Automated": "Yes",

      "ControlScanSource": "MDC",

      "DisplayName": "[MCSB] Microsoft Defender for servers should be enabled on workspaces",

      "Category": "Monitoring must be correctly configured",

      "ControlRequirements": "To support threat detection scenarios, monitor all known resource types for known and expected threats and anomalies",

      "Rationale": "Microsoft Defender for servers provides real-time threat protection for your server workloads and generates hardening recommendations as well as alerts about suspicious activities. With this Defender plan enabled on your subscriptions but not on your workspaces, you're paying for the full capability of Microsoft Defender for servers but missing out on some of the benefits. When you enable Microsoft Defender for servers on a workspace, all machines reporting to that workspace will be billed for Microsoft Defender for servers - even if they're in subscriptions without Defender plans enabled. Unless you also enable Microsoft Defender for servers on the subscription, those machines won't be able to take advantage of just-in-time VM access, adaptive application controls, and network detections for Azure resources.",

      "Recommendation": "To enable Microsoft Defender for servers on the identified workspaces, select the workspaces and select 'Remediate'.",

      "Tags": [

        "SDL",

        "Automated",

        "Baseline",

        "Config",

        "LAWorkspace"

      ],

      "AssessmentProperties": {

        "AssessmentNames": [

          "1ce68079-b783-4404-b341-d2851d6f0fa2"

        ],

        "AssessmentStatusMappings": [

          {

            "AssessmentStatusCode": "NotApplicable",

            "EffectiveVerificationResult": "Failed",

            "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*",

            "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed."

          }

        ]

      },

      "Enabled": false,

      "CustomTags": [

        "Daily",

        "MCSB"

      ]

    }

  ]

}