An updated RBAC role document (Version 2023-11-30) for Microsoft Azure deployments has been released with specific permissions and changes required to discover and assess new asset types or properties.
| Version | Change | Optional or Required | Purpose |
| 2023-11-30 |
+ Microsoft.Insights/DiagnosticSettings/read
|
Required | Support version 2.0.0 of CIS Azure Foundations Benchmark due to changes in the underlying API |
|
+ Microsoft.KeyVault/locations/*/read
|
Required | Discovery of KeyVault keys when using RBAC controls on KeyVault rather than older Access Policies | |
|
+ Microsoft.KeyVault/operations/read
|
Required | ||
|
+ Microsoft. Microsoft.KeyVault/vaults/*/read (data plane)
|
Required |
To take full advantage of functionality for supporting version 2.0.0 of the CIS Azure Foundations Benchmark, you must replace the previous JSON file, update the RBAC role document, and grant specific permissions in the Azure portal. Refer to Update your Azure Deployment for CIS Foundation Benchmarks.
Note: Specific sections of the CIS Microsoft Azure Foundation Benchmark report will remain blank until the RBAC role documents are updated and your existing Azure deployments in the Alert Logic console will continue to report the “Outdated Azure RBAC Role” health exposure and the “Update Deployment Permissions” health remediation.
Comments
0 comments
Please sign in to leave a comment.