Troubleshoot Defender for Cloud Alerts Regarding Nerdio Manager

Troubleshoot Defender for Cloud Alerts Regarding Nerdio Manager

You may see that the ASC Default Azure Policy makes the Nerdio Manager look like a security issue. This article explains how to mitigate this issue.

To mitigate the Defender for Cloud alerts:

  1. TLS should be updated to latest version for web apps.

    Note: This can be changed on existing installs with no adverse effects.

  2. SQL Servers should have an Entra ID administrator provisioned.

    Notes:

    • This can be changed on existing installs with no adverse effects.

    • Ensure the option to Support only Entra ID authentication for this server is not enabled.

    • See this Microsoft article for additional information.

  3. SQL Servers should have vulnerability assessment configured.

    Warning: This option adds a significant cost because of Defender for SQL,

    Notes:

    • This can be changed on existing installs with no adverse effects.

    • See this Microsoft article for additional information.

  4. FTPS should be required in web apps.

    Notes:

    • This can be changed on existing installs with no adverse effects.

    • See this Microsoft article for additional information.

  5. Key Vaults should have soft delete enabled.

    Note:

    • This can be changed on existing installs with no adverse effects.

    • See this Microsoft article for additional details.

  6. Microsoft Defender for SQL should be enabled for unprotected Azure SQL servers.

    Warning: This option adds a significant cost because of Defender for SQL,

    Note: This can be changed on existing installs with no adverse effects.

  7. Public network access on Azure SQL Database should be disabled.

    Notes:

    • Public access can be disabled, but the option to Allow Azure services and resources to connect to this server must be enabled.

    • See this Microsoft article for additional details.

  8. A firewall should be enabled on Key Vault.

    Warning:

    • This breaks the application, unless the app service's outbound IP addresses are added to the key vault's firewall.

    • See this Microsoft article and this other article for additional details.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.