| Plugin Title | Auto Provisioning Enabled |
| Cloud | AZURE |
| Category | Defender |
| Description | Ensures that automatic provisioning of the monitoring agent is enabled. |
| More Info | The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts. |
| AZURE Link | https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components |
| Recommended Action | Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud".
- On the "Microsoft Defender for Cloud" page scroll down the left navigation panel and choose "Environment Settings".
- On the "Environment Settings" page, select the "Subscription" by clicking on its "Name".
- Under the "Settings" page, click on "Defender Plans".
- On the "Settings | Defender" page, select the "Settings and Monitoring Tab".
- On the settings and Monitoring Page. If the "Log Analytics agent" shows status as turned off, then the "Automatic provisioning" of the monitoring agent is not enabled.
- On the "Settings | Auto provisioning" page, turn the status "ON" for "Log Analytics agent for Azure VMs" by toggling it.
- This will open the "Auto Provisioning configuration". Under Workplace Selection, select the "Default Workspace(s)" and select "Apply" to save changes.
- Repeat step number 3 - 9 to ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.
