Adjust baseline requirements to support IIS servers or custom environment changes.
The baseline scans are failing on IIS servers, so maybe a more generic way to adjust the baseline rules on virtual machines would be helpful.
An example of the the scenario is described here.
Great idea. We have plans to enable more granular control on the baseline rules to support cases like this one, but we there’s no ETA at this point.
Marc Z commented
I'd like to expand this suggestion to include support for Microsoft Security Compliance Manager (SCM) baselines.
We have deployed GPO to harden our servers, but currently those settings (being more stringent than those of Security Center) actually result in more notifications.
A couple of examples:
CCE-10849-8 Adjust memory quotas for a process Azure Security Center
CCE-37071-8 Adjust memory quotas for a process SCM
CCE-10785-4 Force shutdown from a remote system Azure Security Center
CCE-37877-8 Force shutdown from a remote system SCM
CCE-10807-6 UAC: Behavior of the elevation prompt for standard users Azure Security Center
CCE-36864-7 UAC: Behavior of the elevation prompt for standard users SCM