I have created a Windows VM in Azure and this VM don't have SQL installed.
However, I see the following compliance issue
SQL servers on machines should have vulnerability findings resolved
How do I fix this compliance issue?
I tried to reproduce the same in my environment I got the results successfully like below:
To Fix this Non- compliance issue:
In your VM -> under setting, Microsoft defender for clouds -> you can see vulnerability finding resolved like below:
Double click on it, SQL servers on machines should have vulnerability findings resolved screen will display like below:
Click on Machines should have vulnerability findings resolved there you have seen description of issue and you can see Remediation steps to fix the issue of your machine like below:
Each recommendation has its own set of instructions. In my case I have unhealthy resource in my machine try check your remediation steps of SQL server in below reference and quick fix.
Reference:
Enable Vulnerability Assessment on SQL Servers with Azure Policy by charbel nemnom
azure-docs/defender-for-sql-on-machines-vulnerability GitHub
Security Control: Remediate Vulnerabilities - Microsoft Community Hub
Related
Note: I am new to Azure.
I have created "Web App" using nodeJS 14.16, created docker "linux" container (FROM node:14.16 AS build) and published to Azure Web services, it works fine.
But on the security side (Security Check) I am getting lot of errors like below:
"Debian Security Update for gmp (DLA 2837-1)" "Debian Security Update for libwebp (DLA 2677-1)" "Debian Security Update for nss (DLA 2836-1)".
TBH, I am not sure where these errors comes from and how to resolve these errors. Even I have not used these packages in my nodeJS application. Could anyone please give me an idea or provide any thoughts to resolve this issue.
It looks like you have Microsoft Defender for Cloud: Defender for Containers enabled for your subscription. Defender for Containers includes an integrated vulnerability scanner for scanning images in Azure Container Registry registries.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks
In your question, you say you are using NodeJS 14.16 which it looks like needs to be updated to 14.16.1. Once you push a new version to your ACR, Defender for Containers should rescan you repo and clear this findings in a couple hours.
https://nodejs.org/en/blog/release/v14.16.1/
When trying to create a new Local Network Gateway I'm getting an error for the submission saying 'This offer is not available for subscriptions from Microsoft Azure Cloud Solution Providers'.
My account is 'owner' of the subscription (so it has Microsoft.Network/LocalNetworkGateways create / write permissions) and the subscription itself has Microsoft.Network resource provider already registered (I created successfully vNet and a vNet Gateway).
No idea if missing something from subscription or some setting for CSP we work with? Subscription uses 'pay as you go' plan.
Any hints? TIA
I also contacted MS Q&A and they provided some workarounds (1st one worked for me), acknowledging the issue.
Thank you for reaching out. I just went through similar issues using our internal tooling and found that below work-arounds worked for the customer. Can you try the steps mentioned below and see if that fixes the issue.
Do a "Hard Refresh" (F5) on the page and see if that fixes the issue. (This helped resolve the issue for most of the customers.)
Create using the following URL: https://link.edgepilot.com/s/b7b99a1c/OHp2IQfsYESVtpZFaOHItA?u=https://portal.azure.com/?feature.canmodifystamps=true%26Microsoft_Azure_HybridNetworking=flight1%23home
Create using PowerShell: Connect your on-premises network to an Azure VNet: Site-to-Site VPN: PowerShellAzure VPN Gateway | Microsoft Docs
Looks like this is a known issue and the team is currently working on fixing it.
Creating the topic cause I didn't find any info on this issue, followed strictly the Microsoft documentation below but it didn't work.
I need to migrate a couple of Hyper-V VMs to Azure for a Lab that I want to run some study and tests.
I tried to run the procedure described on the doc:
https://learn.microsoft.com/en-us/azure/migrate/tutorial-migrate-hyper-v
I proceed with all the steps with no problems, until the migration itself.
On the first time I ran the Azure Site Recovery Configurator, the process went ok with no errors.
It discovered the machines, but I did not start the replication. At that moment I needed to turn off the computer (Windows Server 2016, Hyper-V Host), so I would go back later to start the migration of the VMs.
On another day, when I start the replication of the VMs it got stuck on 1% and not proceeding.
After several hours stuck, I noticed that the VM Host on Infrastructure Servers page was in a "Not Connected" connection status.
According to the initial page of the application (webpage running on port 44368): Discovery agent, Assessment agent and management app are running.
I ran the PowerShell script that would prepare the host to make the migration (Enable Powershell, open WinRM ports, etc).
It's a home lab so I have no firewall and stuff, just a simple router.
On services, every Microsoft service is running except for RecoveryServicesManagementAgent, which stops immediately after I started it.
I tried to register again with Azure Site Recovery Configurator on the Hyper-V Host and I got the following error:
Registration was successful but setup failed to start Microsoft Azure Site Recovery Service on this machine. Please try starting the service manually.
I didn't find any info on this service and error, and it's not on services.MSC console as well.
I noticed that the server goes to a "Connected" state on Infrastructure Servers page for a while, but it stops again and returns to "Not Connected".
Also, I tried to stop the replication task on the single VM I tried to replicate and it's now stuck on "Disabling Protection" as well, probably because it cant reach the server as there is something wrong with the configuration of services running.
Another problem that I noticed is that my monthly credits are slowly decreasing (Free Trial) after I started this whole process.
Did anyone with a better understanding of this procedure can help me migrate the Hyper-V VMs o Azure or at least point to some direction?
The query needs a further deeper dive technically.
I recommend you to create a technical support ticket. The ticket enables you to work closely with the support engineers and get a quick resolution to your issue.
Here is the link https://learn.microsoft.com/en-in/azure/azure-supportability/how-to-create-azure-support-request to create support case.
please open a Support Ticket so the team can engage directly with you to resolve the issue.
I am not able to login my Azure VM. I have reset the password through azure portal but it is still not logging in. Previously, it used to log in and now it is showing following error :
An authentication error has occurred.
The function requested is not supported"
I have other VM which are logging in fine as before. Please help.
Check out the following link.
This is due to a combination of three factors:
You activated NLA on your target computer
The target computer is not patched for CVE-2018-0886
You enforced the Force updated clients or Mitigated parameters on the source computer
https://itluke.online/2018/03/29/solved-authentication-error-function-not-supported/
Using Azure Security Center and I have most of my VMs showing an informational warning regarding their System Updates. When I go into them, they don't have any recent data. There is recent data for the OS Vulnerability column, so I know the connection is working, but this data isn't showing up.
What is the mechanism used to scan these for updates? Do I need Windows Update service to be started and Automatic, or anything like that? All my VMs are Windows 2012 or 2012R2, including the few that do appear to be working correctly.
What is the mechanism used to scan these for updates? Do I need
Windows Update service to be started and Automatic, or anything like
that?
Azure VM needs to update by enabling the Update in the VM or manually. This works just like how your local machine works.
Azure Security Center provides a quick view into the security posture of your Azure and non-Azure workloads, enabling you to discover and assess the security of your workloads and to identify and mitigate risk. It cannot updating your VM.