This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 73%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Setting Security Center to Standard Plan allows for view and alteration of ASC policies.
For assessment the framework can be chosen (e.g. ISO)
However: looking at the assessment e.g. ISO I notice Windows level CCE policies
Where do these policies come from and how can I alter these?
@PaulSchoorl-2684
On the Industry and Standards section within Azure Security Center (ASC), those assessments look like they come from ISO 27001:2013. Azure Security Center also uses CCE (Common Configuration Enumeration) to assign unique identifiers for configuration rules. Based off my research and testing, you can manage and edit the security policies. However, you can't view the specific initiatives, or delete the definitions within the industry & regulatory standards. To customize policies to meet your organization's needs, you'd have to create a custom security policy. Additionally, I noticed that the default ASC supported regulatory standards: Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP, aren't hyperlinks, so you can't view or delete those specific definitions inside the policy.
From the screenshot below, you can see that there's only a hyperlink on "Azure CIS 1.1.0 (New)", and not the default regulatory standards.
Within Azure CIS, you can see that I can't delete initiatives, I wasn't able to delete the definitions either.
When I go into my custom policy, I'm able to edit or delete initiatives and definitions.
Please let me know if you have any other questions.
Thank you for your time!
Additional CCE Links:
Act as part of the operating system
Shut down the system
Deny log on locally
Network access: Let Everyone permissions apply to anonymous users
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?
If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 26%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hi ,
I also tried to add Azure CIS 1.1.0(new) and Default policies and not changed and not able to modify because no Edit option on Azure CIS benchmark
example- if I need to modify as MFA policy to disable also CIS control is still AuditIfnotExist only .
PLease let me know how can we modify the policy