Compliance Drift And Configuration Deviation

Automatically detects and prioritizes security misconfigurations and non-compliant devices to fix compliance drift.

Description

The Compliance Drift & Configuration Deviation Agent acts as a virtual compliance manager, continuously scanning your environment for deviations from your security baseline.

This agent proactively hunts for two distinct types of "drift":

1. Cloud Configuration Drift: It ingests recommendations from Microsoft Defender for Cloud to find unhealthy or misconfigured Azure resources.

2. Endpoint Compliance Drift: It analyzes Entra ID sign-in logs to identify users who are successfully accessing corporate resources from non-compliant devices.

The agent's primary goal is to provide a single, prioritized report of all security deviations, allowing you to fix misconfigurations and enforce device compliance before they become a critical risk.

Key Features

• Dual-Focus: Correlates both cloud infrastructure posture (from Defender for Cloud) and endpoint device posture (from Entra ID).

• Prioritized Alerts: Automatically groups findings by severity, helping you focus on high-priority recommendations first.

• Event-Driven: Can be triggered in real-time when a new critical recommendation is generated by Defender for Cloud, enabling rapid response.

• Reduces Posture Debt: Provides a daily report of deviations, helping you measurably improve your Secure Score and compliance.

How It Works

On a daily schedule and when triggered by new critical alerts, the agent runs a series of KQL queries against your Microsoft Sentinel workspace. It queries the table for cloud drift and the table for device drift, then aggregates the findings into a single, actionable report.